Cyber attack on state agency

The Oklahoma Office of Management and Enterprise Services (OMES) did not pay a ransom as a result of recent cyber incident, an investigation by Oklahoma CyberCommand, an arm of OMES Information Services, confirmed.

The cyberattack was discussed in a recent during a House of Representatives Government Modernization Committee meeting.

The incident in question was a ransomware attack on a state agency that had not had its information technology (IT) unified under House Bill 1304 passed in 2011. The fact that the incident even brought about the consideration of paying a ransom shows the importance of IT unification.

“This incident further illustrates how essential IT unification has been in protecting our state’s technological infrastructure,” said Gov. Mary Fallin. “The importance of state agencies unifying their IT with OMES to have the best cybersecurity available cannot be understated. “

Unification allows agencies to have the updated resources of Oklahoma CyberCommand that quickly detect and prevent ransomware attacks, said Oklahoma CyberCommand Director Mark Gower. “CyberCommand has created a specific set of technical and response capabilities for dealing with an increase in ransomware attacks that can encrypt state computers and make them inaccessible until ransom has been paid,” Gower said. “Not a single unified state agency has been forced to pay ransom.”

In 2016, CyberCommand successfully responded to about 32,000 cases of unique malware, about 750 instances of malicious activity, nearly 400 occasions of unauthorized access and two denial-of-service attacks. The state’s ongoing information technology unification effort and the OMES Security Operations Center can identify and respond quickly 24/7 to cyberattack. Nonunified agencies are responsible for their own cybersecurity and typically don’t have the same updated resources available through Oklahoma CyberCommand.

To date, 58 of 78 legislatively mandated agencies have unified their information technology with OMES. Another 31 agencies have voluntarily unified their IT with OMES. Unifying IT services has not only resulted in a combined reduced spending and projected savings of about $129 million, but also provides better access to security resources, said Oklahoma Chief Information Officer Bo Reese.