State computers compromised, not enough staff to fix it


by ANDY PIERROTTI / KVUE News and photojournalist DEREK RASOR

Bio | Email | Follow: @AndyP_KVUE

Posted on June 27, 2013 at 10:31 PM

Updated Friday, Jun 28 at 10:17 AM

AUSTIN -- A KVUE Defenders investigation uncovers state agency computers compromised in cyber attacks and not enough staff to deal with the problem.

According to a report obtained from the Department of Information Resources (DIR), state agencies identified 6,400 cases "keystroke loggers" since 2009. Once secretly installed, the software can record an employee's every keystroke.

"An attacker will use these types of things to gain credentials, the log in, user name and password," explains Brian Engle, Texas’ chief information security officer with DIR.

The report also identified more than two million cases of a malicious code called “back door." That's software that can allow a hacker to potentially take control of a state computer.

“That allows them full access to your network once that backdoor has been installed," said Steve McGregory, a cyber security expert for Ixia in Austin.

The report also shows hackers infected more than 572,000 state computer hard drives and servers, costing taxpayers $9.6 million to fix.

“I think that's a very big concern," Jim Harrington explained, after showing him the report. He’s an attorney and director for the Texas Civil Rights Project.

He’s suing the Texas Comptroller’s Office for more information involving one cyber breach in 2011. The agency accidentally exposed social security numbers and birthdays of three and a half million Texans over the Internet.

"The only reason why we know about the comptroller’s office was that there was an internal leak basically to the press," said Harrington.

"An individual attacker needs to be right one time in order to get into a system and steal information," said Engle.

He says the information the Defenders found shows the state does a good job identifying and stopping threats once they happen, but he says it’s difficult to know the impact to the public’s private information.

The KVUE Defenders also discovered the state does not have enough staff to combat the problem.

According to a DIR state cyber security assessment written a few months ago, "agencies have insufficient levels of staffing focused on security and risk management."

While Central Texas has more cyber security experts outside of Washington, D.C., Engle says it’s still difficult to find qualified staff.

"All of the technology in the world needs to have all skilled people in order to utilize it, in order to make the best use of it," argued Engle.

While the report identifies millions of cyber attacks, the state is not disclosing which agencies are impacted. Harrington says the public has a right to know if breaches, similar to what happened at the comptroller’s office, have happened before.

"If this is happening in the agency that says 'we're the best,' heaven knows what's happen to the others," said Harrington.

The KVUE Defenders has requested detailed reports from several state agencies about cyber attacks.

Some of those reports include criminal investigations. According to the DIR report, state agencies have contacted law enforcement at the local, state and federal level 649 times since 2009 for cyber incidents.

Some agency officials don't want us to have that information, claiming it could leave them vulnerable to more attacks.

The state attorney general’s office could rule on the matter in a few weeks.