Writer: Margaret Blanchard
The University of Georgia’s Carl Vinson Institute of Government partners with governments to address critical issues. Cybersecurity and infrastructure issues have presented growing concerns for local governments. Here, Hall County administrators Zach Propes and Katie Crumley share their experience dealing with a cyberattack ahead of the institute’s webinar “Is Your Government Cyber Aware?” launching April 14.
In the early hours of Oct. 7, 2020, Zach Propes got the call no government official wishes to receive.
The assistant county administrator with Hall County Government learned that the county’s entire communications system was under a ransomware attack. After consulting with his Management Information Systems team, who notified local and state law enforcement officials, Propes had to make the difficult decision to shut everything down, including internet, phones and computers.
“You realize very early on that you’re not in control,” Propes said of the experience. Further, the government had to figure out how to operate without technology. “Within minutes, we went back in time 30 to 40 years; it was a very traumatic event from an operational standpoint.”
Re-establishing emergency public safety services such as 911, police and fire was especially urgent because of the COVID-19 pandemic, with both employees and the public heavily reliant on technology.
After consulting with the county administrator, who was out of town, Propes went to the main government building to establish communication with department directors, constitutional officers and elected/appointed officials. After briefing county leadership, Propes joined his peer, the other assistant county administrator, at the Hall County Emergency Operations Center to continue managing the emergency situation. By then, it was close to noon—about six hours after the attack—and law enforcement officers from the state and federal governments had arrived to retrieve ransomware files for immediate and future inspection.
Propes then brought in department heads, elected officials and constitutional officers to brief them on what was happening and coordinate next steps.
The government formed three working teams. One focused on emergency services and immediate accounting capability to ensure there was no interruption in paying bills and meeting payroll. Another was charged with retrieving all county-owned electronics, while a third prioritized which departments would receive resources first.
Within hours, the emergency 911 center was fully operational, and within a few days, public-facing departments such as the courts and the tax commissioner’s office were operating at a minimal level. Employees worked 24/7 to collect 2,000 devices—smart TVs, laptops and cell phones—from across government departments. Although the source of the ransomware was detected, there was no way of knowing whether it had infiltrated other devices on the network, keeping the system vulnerable.
It was an ongoing crisis.
“We worked around the clock for three to four weeks bringing equipment in, wiping devices and then reinstalling software,” Propes said.
It took about a week to reestablish email accounts, and even when computers were returned to employees, they were minimally operational. There was no server access and encrypted files were abandoned. Within two days, the team had restored all financial servers and the phone system.
Katie Crumley, the county’s public information officer, compared the cyberattack to being in a house fire.
“It was almost like having your house burned to the ground. You were homeless for a few days, and then when you got your computer back it was like they moved you into a hotel. You had a roof over your head and you could take a shower, but you didn’t have any of your things,” she said.
More than two years after the experience, Propes is reflective about Hall County’s preparedness and ready to raise awareness among his fellow local government leaders.
“I always knew it was a threat. We had taken the right steps, but we hadn’t done enough at that time,” he said.
“Leadership needs to have the conversation more,” Propes urged. “You can’t ignore it, you’ve got to talk about it. You’ve got to be engaged with department heads and employees about cybersecurity. You’ve got to invest in infrastructure. You’ve got to educate, train and have the conversation.”
Hear more about Propes’ experience and how communities and local governments can handle cybersecurity during the institute’s webinar “Is Your Government Cyber Aware?” on April 14. The hourlong session, slated to begin at 10 a.m., will offer resources and guidance should something similar happen in your community.
View more information about the webinar on our website.