A cyberattack in Connecticut could tax emergency management systems to such an extent that the governor’s “extraordinary powers may be the only option for relief,” a state report on cybersecurity said Monday.
From utilities to key industries such as finance and military contractors, critical systems are vulnerable to computer hacking and data theft – “cyber aggression,” the report calls it – that could lead to financial reversals, fines and penalties and major distractions from conducting business.
“We receive daily reminders that we are living in a time of cyber insecurity,” Gov. Dannel P. Malloy said as he released the Connecticut Cybersecurity Strategy at the Capitol.
U.S. intelligence and Homeland Security officials are doing their part to shore up systems to block cyberattacks on institutions and states must follow, he said.
“We want to be a national leader in these efforts and we are moving forward in a way that will allow us to be prepared for any contingency,” the governor said.
Of approximately 4.8 billion connection attempts a month to the state network from external computers, about 2 billion – or 42 percent – are blocked by security, the report said. State third-party monitoring detects an average of 66 infected or compromised state systems a month.
Two state agencies – the Department of Revenue Services, which stores tax and financial records of businesses and individuals, and the Department of Social Services, which provides health care, food and other support to about 1 million residents – are particularly inviting targets for cyber crime, Malloy said.
Following a cyberattack, emergency management workers and first responders “would need to manage new levels of anxiety and panic,” the report said.
The report recommended improved knowledge to identify and prevent cyber intrusions, skills to handle cybersecurity tasks, better preparation, specific response plans, recovery operations to identify damage, analysis of the causes, information-sharing and verifying if efforts to reduce cybersecurity risks are working.
The strategy will be followed by an action plan that will contain concrete steps to address the issues raised in the report.
Last October, Malloy, prompted by increased computer hacking in the public and private sectors, appointed Arthur H. House, former chairman of the Public Utilities Regulatory Authority, the state’s first cybersecurity chief.
“It is essential that states become part of our defense of our national security,” House said. “Federal authorities pound that point home. They constantly tell us, we cannot do it all. Security has to start at the local level.”
The Department of Emergency Services and Public Protection – through the Connecticut State Police, the Connecticut Intelligence Center and Division of Emergency Management and Homeland Security — also will be involved in putting the plan in place.