Clarion Co. hazard analysis puts big focus on cyber security threat

The updated Clarion County hazard vulnerability analysis pays particular attention to a different type of threat – cyber security.

David Dunn, the county’s Homeland Security planner, says “We have strengthened the cyber part of the analysis. The county has a cyber plan now.”

The plan says cyber security incidents can be anything from a “virus” to outside sources accessing data from any computer system via the Internet to disrupting any or all services provided to the public.

Adding to the problem is that the “public and private sectors are relatively ignorant of just how much their life depends on computers as well as the vulnerability of those computers,” the plan says.

Several incidents have been reported in the county.

“We’ve had issues at the (Clarion) university and some of the municipalities over the last two years. Our IT was heavily involved with it,” said Dunn. “Some of it is kept down because of the investigative aspects of it. They’ll take a look at some of the incidents at smaller places, and the FBI can put it all together for a case. We have had the FBI out of Pittsburgh and their cyber people hold classes for county businesses.”

The report says Clarion County has had municipalities, residents and businesses affected by these events.

In December 2017, Clarion University was hacked by a phishing scam and some student information was compromised, the report says. Many municipalities, schools and organizations are not reporting this type of event.

The analysis said the known extent of damages has been low up to now.

The analysis also said cyber incidents will continue to impact the county, municipalities, schools, residents and businesses.

Cyber incidents can be defined as activities intended to damage or disrupt vital computer systems. These acts can range from taking control of a host website to using networked resources to directly cause destruction and harm.

Protection of databases and infrastructure appear to be the main goals now.

The analysis said cyber terrorists can be difficult to identify because the Internet provides a meeting place for individuals from various parts of the world.

Individuals or groups planning a cyber attack aren’t organized in a traditional manner as they can effectively communicate over long distances without delay.

One of the more prominent groups involved in recent large-scale hacking events is the group “Anonymous.” The group has been known to overtake websites and alter the content that is presented to the public, according to the analysis.

“The largest threat to institutions from cyber terrorism comes from any processes that are networked and controlled via computer,” the report said. “Any vulnerability that could allow access to sensitive data or processes should be addressed and any possible measures taken to harden those resources to attack.”

When considering cyber terrorism or cyber-attack, locations with publicly accessible or shared computer workstations are more vulnerable to malicious Internet outages as open access allows for easier access to shared data and system information.

“We’re working with business and industry, university, schools, and municipalities,” said Dunn.

Clarion County has developed and distributed a cyber incident plan.

The plan calls for municipalities, schools, Clarion University, health care facilities and businesses/industries to maintain security software on computer systems, backup data offsite and to notify the county’s Department of Public Safety about cyber incidents.

Law enforcement agencies will monitor identified facilities and infrastructures.

The hazard vulnerability analysis plan is on the Clarion County website.