North Carolina municipalities get state’s help on ransomware protection

State and local governments are gravely concerned with the possibility of a ransomware attack taking their services offline, possibly for weeks, in what could prove an expensive and humiliating ordeal. In North Carolina, local governments with fewer resources to protect themselves against that threat are getting some extra help from their state government, the state’s chief information officer tells StateScoop in a recent video interview.

“What we’re trying to do is work more with our counties and our municipalities on what can we offer, what can we do to help?” North Carolina CIO Eric Boyette says.

Ransomware can cost local governments hundreds of thousands or even tens of millions of dollars, either in payments to ransomers or in recovery costs and lost business. Atlanta and Baltimore have each estimated costs exceeding $17 million following their ransomware attacks.

North Carolina is deploying a variety of resources to assist its local governments, none of which are particularly novel, but that together represent a comprehensive effort not seen in every state. Technology officials in some states, such as Virginia, say they don’t have the policy mechanisms or resources to assist as thoroughly as they believe the dire threat calls for.

“We have great partnerships with our National Guard,” Boyette says. “We actually have [memorandums of understanding] that we can deploy [for] our guardsmen in our emergency management team to work together to help when we have counties or municipalities that may have had an incident. And we can be on the scene to help them.”

North Carolina also has contract vehicles for local governments to purchase cybersecurity technologies using the state’s bulk purchasing power. Adding yet another support resource, the state’s security operations center can be deployed to help localities as needed. 

Albert sensors, physical or virtual devices that watch for anomalous activity on computer networks used for various elections functions, are being deployed widely by the nonprofit group Center for Internet Security. In North Carolina, Boyette says the state has sponsored 16 Albert sensors for its counties, yet another way North Carolina is stepping up to help its local governments improve their cybersecurity.

“We also get some of that activity reported back for a state view, as well,” Boyette says.

Boyette on his top priorities and projects:

“We have several but one of the biggest ones is broadband for our state. We just recently had our governor sign a bill for $150 million over the next ten years, so we’re very excited about that.”

Boyette on identity and access management:

“We’re looking for things, possibilities, how do we inject blockchain? What do we do with allowing the citizens to actually control their privacy on what applications they actually can adopt or defer not to?”

Boyette on how he sees his role changing in the future:

“Wow, it’s changed a lot in the past ten years, this role has. In the future, it’s more of a broker. … We’re really changing. Our whole agency’s changing.”

These videos were produced by StateScoop at the National Association of State Chief Information Officers’ annual conference in Nashville, Tennessee, in October 2019 and are presented by Cloudera and Intel.