Supervisor unhappy with lack of timely information on county computer attack

By Debra Moore

[email protected]

Details about the hack of Plumas County’s computer system are not readily available — and it doesn’t matter who is asking the questions — whether it’s a local news outlet or a county supervisor.

Supervisor Greg Hagwood asked that two items associated with the hack be pulled from the Board of Supervisors Dec. 7 consent agenda so that he could discuss the issue. Hagwood was less concerned about the hack itself — and more upset by the lack of transparency in the wake of the event.

Advertisement

The county’s information technology director, Greg Ellingson, was present to answer questions.

“This situation has been concerning and troubling on a variety of fronts,” Hagwood said during the meeting. He thanked Ellingson and his staff “for the insane amount of time and effort you have put forth,” but he said that he had received numerous calls from citizens and county staff – “most revolving around the timeliness and accuracy of what we knew and when we knew it and what steps we took to notify people.”

Hagwood said that incidents like these have occurred globally to public entities and private interests. “I’d like to understand better exactly when we became aware of what happened and is there something that we can do in the future,” he said.

Ellingson acknowledged that these attacks happen often to all different types of entities, and he first became aware when there were email issues. But when Hagwood pushed for a date, Ellingson said that he couldn’t remember for sure. (The public first became aware Nov. 16 when the email issues were mentioned during a Board of Supervisors’ meeting, but other sources peg the first problems occurring 10 days earlier.)

Advertisement

Hagwood said what was most important to him was the information or lack thereof that was put out by the “leadership team.” Hagwood wanted to know who exactly the “leadership team” was and thought that in the future a signature should be attached to any such information that needs to be disseminated, and it should be done so immediately.

“These are events that happen with a degree of regularity,” Hagwood said. “There is no need to make delays as to what potentially could be in play.”

Ellingson responded by saying that the situation is the subject of an ongoing investigation with law enforcement, including the FBI. “Just like with any other investigation we don’t want to say too much until we are given the go ahead,” he said.

Hagwood said he understood the nature of investigations, but doesn’t see any risk in alerting potentially affected people immediately. He likened it to a gas leak, saying if you have a gas leak, you have to get to the people immediately, you might not be able to pinpoint specifics, but you have to let them know. Again Hagwood reiterated that he wasn’t addressing these remarks specifically to Ellingson, who wouldn’t be the one to make such announcements.

Advertisement

Presumably that would be County Administrator Gabriel Hydrick, who let Ellingson do the talking Dec. 7, though he had been the one to provide information to county employees and written responses to Plumas News’ questions. In response to initial inquiries, the county said that the situation was resolved, however, that turned out not to be the case.

Anyone with some computer acumen could within a matter of minutes unearth a host of items that have been posted online. Last week IT personnel (not associated with the county) found hundreds of files, clearly labeled with such information as property tax collections and foster children. When asked for comment, Hydrick responded via email:

“The County of Plumas’ investigation is still ongoing, and the County is working with third-party forensic investigators, state agencies, and law enforcement to understand the nature and the scope of the incident. As part of the ongoing investigation, the County is analyzing the information that may have been subject to unauthorized access as a result of this incident. Because the investigation is ongoing and law enforcement is involved, we are not in a position to provide further details. If the County determines that this incident resulted in unauthorized access to any confidential or sensitive information, the County will provide notifications in accordance with applicable law.”

The county has remained silent on where the computer attack originated and if there was a ransom demand.

Advertisement

As for the two items on the consent agenda: authorizing payment of $13,000 to Speartip, for assistance with cybersecurity; and authorizing payment of $12,732.50 to Moxfive for assistance migrating email to cloud services — were approved unanimously.