Amid ‘rising global threats,’ North Carolina’s tech bureau urges cybersecurity vigilance
In response to “rising global threats,” North Carolina’s technology department on Monday issued a press release urging the state’s public sector, businesses and residents to “work together to strengthen cybersecurity defenses.”
The release notes that the department received “recent intelligence” indicating a rise in cybersecurity operations from “nation-state actors.” When pressed over email for additional details, such as whether North Carolina is observing an increase in network activity from Iran or its allies, a department spokesperson declined to cite specifics, noting obliquely that “the cyber threat environment remains heightened and ever-changing, with organizations nationwide, including state governments, continuing to monitor for malicious actions from a range of domestic and international threat actors.”
In a briefing with reporters last week, the Multi-State Information Sharing and Analysis Center, which shares threat intelligence with state and local cybersecurity officials from around the country, did not disclose having seen a spike in cyberattacks from the Middle East since the previous week, when it had warned of a possible upcoming wave of “low-level cyber activity,” such as website defacements and distributed denial-of-service attacks. Instead, its organizers described the typical results of similar conflicts from recent history.
In North Carolina, Bernice Russell-Bond, the state’s chief information security officer, warned Monday that “cyberthreats are no longer distant concerns; they are immediate realities.” Gov. Josh Stein assured the public in the release that the state is “taking these threats seriously.” Teena Piccione, North Carolina’s chief information officer, said the state’s security operations center is “on high alert” and noted that “vigilance is essential.”
North Carolina’s press materials note that ransomware attacks have in recent years disrupted a wide range of services offered by local governments, even sometimes shutting them down entirely. But out of Iran, said Randy Rose, MS-ISAC’s vice president for security operations and intelligence, “we don’t see a ton of ransomware” — the nation tends instead to favor “destructive and disruptive attacks and wiper attacks,” such as its recent cyberattack against Stryker Corporation, the medical equipment maker headquartered in Michigan, in which there was “no indication of malware or ransomware,” according to the company. And ongoing war or not, Iran also tends to ramp up attacks against United States elections infrastructure as each November approaches.
TJ Sayers, MS-ISAC’s senior director of threat intelligence, said he would not expect the nation’s air-gapped voting systems to be affected by such activity, but reiterated an expectation of disruptive, low-level cyber operations. He speculated that websites operated by secretary of state offices could wind up affected by broader attacks.
Sayers also warned that attacks from Iran’s allies — China, Russia — might be “slipping through the cracks” as the world fixes its sights on the Middle East. He noted recent reports that Russia is providing Iran intelligence to assist with physical warfare: “It’s reasonable to assume that they would be doing something similar in cyberspace.”
