Sen. Maggie Hassan (D-N.H.) this week urged the Government Accountability Office (GAO) to look into how the federal government is supporting state and local governments that have been hit by debilitating cyberattacks over the past few months.
In a letter sent to GAO on Thursday, Hassan noted that “ransomware is a serious and growing threat to government operations at the federal, state, and local level,” and asked that GAO review and issue a report on current federal efforts to assist state and local government entities to protect their systems against ransomware attacks.
These attacks, which have been increasingly widespread across the country this year, involve a malicious actor or group gaining access to a network, encrypting it, and then asking the user to pay a ransom in order to gain back access.
Hassan asked that the GAO give evaluating ransomware assistance its “prompt attention,” and noted that is an area of “great concern” to the Senate Homeland Security and Governmental Affairs Committee, on which Hassan serves.
“If successfully executed, cyberattacks can have far-reaching consequences from exposing personal information to shutting down nursing home systems to causing widespread power outages,” Hassan said in a separate statement Friday. “The federal government must do more to help state and local governments prevent and respond to cyberattacks, and this report will give us a key tool to identify how the federal government is doing in this task, and what more can be done.”
Hassan’s letter was sent after more than 20 government entities, including small town governments, in Texas were hit by a coordinated ransomware attack in August, while Louisiana declared a statewide emergency after the systems at multiple school districts were locked down.
Meanwhile, the school district in Flagstaff, Ariz., canceled classes for two days in September while it worked to bring its systems back online.
The city governments of Atlanta and Baltimore were also been hit by crippling ransomware attacks over the past year, with both governments opting to pay millions to replace and recover systems rather than pay the much lower ransom amount.
In response to these attacks, the FBI and the Department of Homeland Security (DHS) have issued alerts detailing the severity of the attacks, and steps to take to avoid them or to recover.
Hassan has also been involved in the response to ransomware attacks, with the Senate in September passing legislation primarily sponsored by Hassan that would require DHS to maintain cyber expert teams that could be deployed to both private companies and federal agencies that are hit by cyberattacks.
The House previously passed this legislation in June, and must approve changes made by the Senate before it can be sent to President Trump for signature.