Westchester creates cybersecurity task force as possible Russian retaliation looms
Westchester County Executive George Latimer on Feb. 23 announced during a news conference at the County Office Building in White Plains that he has signed an Executive Order creating a Task Force on Cybersecurity. The task force, together with the county’s existing Department of Information Technology (DIT), is being charged with protecting the county from computer breaches including catastrophic attacks. In addition, it is being charged with helping ensure that the county is prepared for recovery of its computer systems in the event bad actors succeeded in a cyberattack.
“I think we’re all deeply concerned about what might happen out of the Russian-Ukrainian conflict,” Latimer said in answer to a question from the Business Journal about why he decided to move ahead now on the task force. “It looks to me as if there’s a clear aggressor in that conflict and a clear victim state in that conflict and we know that when we impose sanctions we will irritate the aggressor and the aggressor has resources to be able to strike back outside of the traditional warfare means.”
Reports attributed to unnamed sources said the FBI and Department of Homeland Security conducted a conference call on Feb. 14 warning law enforcement, the military and officials responsible for infrastructure that the U.S. needed to be prepared for possible cyberattacks associated with Russia’s invasion of Ukraine. Cyberattacks against Ukrainian targets already had been reported and the FBI and Homeland Security expressed concerns that they could spill over onto U.S. targets.
Latimer said that the idea for a task force originated a couple of months ago but it was decided to delay implementation until after the county’s new budget had been put into place. He also said the country wanted to wait and see what new efforts New York state might be making on cybersecurity.
On Feb. 22, New York’s Gov. Kathy Hochul announced the formation of a cybersecurity partnership involving several major cities including Yonkers along with security experts. She appeared at the opening of a new Joint Security Operations Center in Brooklyn. The state’s new budget includes $61.9 million for cybersecurity. Hochul proposed a $30 million program to help local governments around the state boost their cybersecurity defenses.
Westchester’s task force is charged with recommending new strategies, legislation and funding priorities to reduce the risk of cyberattacks. It will also ensure that all Westchester County employees receive the proper training on cybersecurity threats. The county itself is dependent on computers for day-to-day clerical and communications operations. Computer and internet use extends to virtually every service the county provides, such as the bus system, wastewater treatment plants, law enforcement, land records, voter registration and correctional facilities.
Former County Legislator Ruth Walter has been named to lead the task force. Westchester County Director of Operations Joan McDonald will serve as technical advisor. In 2015, McDonald was appointed by President Obama to the National Infrastructure Advisory Council (NIAC) where she participated in several national cybersecurity studies. McDonald served on the NIAC until December 2020.
Latimer said that the task force might work with businesses and nonprofits in the county to help them with their cybersecurity issues just as other county departments provide guidance and training in other areas. He described how the county’s Emergency Operations Center is used to help government and business leaders prepare for natural disasters, such as impending hurricanes, through the use of simulations and other training exercises.
“As an example of how we would work with businesses and other entities going forward, it could be in a series of tabletop exercises that would help us professionalize and walk though best practices,” Latimer said. “Some of the cooperation may involve things we’ve done in other parts of government where the county will take on a professional — we take the responsibility for bringing on a person with professional consultant skills – and we make that person available to municipalities.”
Latimer said that while his Executive Order created the new task force and will allow it to operate, it would be up to the County Board of Legislators to determine whether to make the task force a permanent part of government.
Walter said, “We can encourage best practices, encourage other municipalities within Westchester to examine their systems and have a frank discussion of the known and potential threats that are circulating in our workplaces. We know the costs of doing nothing are too high to pay.”
Deputy County Executive Ken Jenkins recalled that workers at the county office building have been the targets numerous times of so-called “phishing” attacks, where emails are sent seeking to fool recipients into giving out personal information that can be used for identify theft and other nefarious purposes. He recalled that when some municipalities were victimized by ransomware hackers, the county’s information technology experts were able to help in the recovery.
McDonald said that it’s important for government employees to have a situational awareness of what possibly could happen in the way of computer security breaches. She said that there are lessons to be learned from what utilities and banks have experienced in preventing attacks and dealing with the aftermath of successful ones.
Gloss