St. Louis County seeks $5 million for cybersecurity boost | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

CLAYTON — St. Louis County Executive Sam Page wants the county to spend $5 million on emergency cybersecurity updates following an attack this week that shut down essential law enforcement systems across multiple area counties.

Page asked the St. Louis County Council to approve the spending in a letter to councilmembers dated Friday.

“This is an event that we hoped would not happen and could have been much worse,” Page wrote. “The cyberattack that happened this week demonstrates what happens when you do not put substantial investments into information technology.”

The incident Monday shut down the Regional Justice Information System, which serves as a public safety data warehouse for St. Louis, St. Charles, Jefferson and Franklin counties, and St. Louis city. REJIS was running again by Tuesday evening, but Page said the event was a wake-up call to county officials, who have been exploring ways to strengthen the county’s cybersecurity in recent months.

People are also reading…

Cyberattacks are much easier to do now than even 10 years ago because of how many programs and tools are available to hackers, said Jake King, an executive for software company Elastic. “Ransomware trends have been increasing quite substantially over the last year,” King said. “We’ve started to see more ransomware attacks, impacting systems and businesses and personal computers.”

Officials have not detailed the REJIS incident this week. Because hackers did not appear to demand a ransom, the attack could have instead aimed to freeze the system by overwhelming it with remote requests, said Vijay Anand, an IT professor at University of Missouri-St. Louis. 

Hacking, he said, happens every day. “There is no stopping them,” he said.

The $5 million Page has requested would, if approved, cover recommendations from Greg Sullivan, an emergency readiness advisor in Page’s administration and a cybersecurity expert who has audited the county’s IT systems. He previously worked as an information technology executive for Carnival Corporation, an international cruise line, and as CEO of Global Velocity, a cybersecurity company.

Details on Sullivan’s recommendations weren’t immediately available Friday.

The money would come from the county’s emergency fund, which is regulated by state law, said Paul Kreidler, the county’s budget director. The county has to dedicate the equivalent of 3% of its annual general revenues to the emergency fund every year.

The money can be used for “unforeseen emergencies,” according to state law. But what qualifies as an emergency is broad and can be defined by the County Council. St. Louis County has used money from the fund for COVID-19 protective equipment, police services during unrest in Ferguson in 2014 and 2015, elevator upgrades, environmental cleanup and even legal settlements.

Just last week the council approved spending $684,000 from the emergency fund for information technology upgrades.

The council could consider the proposal as soon as Tuesday.

In a separate move, Page told councilmembers that he and St. Louis Mayor Tishaura O. Jones have appointed Sullivan to serve as chair of the commission that governs REJIS, which is a quasi-government agency created and overseen by the city and county.

Charles Henderson, an information technology expert for the county, previously served in that role.

Hackers try to steal passwords to gain access to computer networks. If they are successful, they encrypt the data. And demand a ransom for the password to remove the encryption.


Click Here For The Original Source.

National Cyber Security