Smaller municipalities and rural counties are just as vulnerable to cyberattack as their larger counterparts.
That fact of life in today’s world prompted a cyber security tabletop exercise Monday at the Greene County Office of Emergency Management. The exercise was facilitated by Greeneville City Administrator Todd Smith along with the Tennessee National Guard and coordinated by county Emergency Management Director Bill Brown. The scenario required a multi-agency response to a cascading series of threatening events.
In a nutshell, the scenario presented to participants involved a ransomware cyberattack by an “extremist environmental” group that contaminated the county water supply, caused county 911 Dispatch to be overwhelmed with calls from panicked citizens, made thousands of people ill and strained the resources of local hospitals.
According to the scenario, the group was unhappy with pollution levels in the Nolichucky River and the proposed location of a major new industry making the problem worse.
More than 60 stakeholders took part. Participants included the Tennessee National Guard, Greeneville Fire Department, Greeneville Police Department, Greeneville Planning Department, Greeneville City Administrator’s office, Greene County Highway Department, Greeneville City Schools, Greene County Health Department and Greeneville Light & Power System.
It also included the Greeneville Water Commission, Greene County 911, the Greene County Association of Volunteer Fire Departments, Greene County-Greeneville EMS, Greeneville Emergency & Rescue Squad, Ballad Health, Greene County Sheriff’s Department, Tennessee Emergency Management Agency and Greene County Office of Emergency Management.
The exercise was designed to test coordination between agencies during a cyber attack.
“Our (purpose) is to exercise a scenario where there is a cyber attack on critical government resources that would impact the community,” said Smith, who is also a lieutenant colonel in the Knoxville-based Air National Guard unit.
A coordinated response to a cyber attack on critical areas of the infrastructure is essential, Smith said.
Air and Army National Guard IT personnel called in to help lessen the impact of a cyber attack participated, as they might in a real-life situation. TEMA was also on hand.
“If things got so bad here in Greeneville from an emergency operations standpoint, the (National Guard units) have resources that could mitigate the impact of a cyber attack,” Smith said. “We have seen these cyber attacks on government resources.”
Smith mentioned Spring Hill, a city of about 40,000 people south of Nashville. The city was targeted in a November 2017 cyber attack. Ransomware targeted the city’s computer system and demanded $250,000 to reconnect the servers.
Spring Hill refused and began rebuilding its system, a process that took several weeks.
In the meantime, the attack shut down email accounts, froze out computer reports, disrupted employee direct deposits and stopped citizens from making online payments for utilities, court expenses, and permits.
Most critically, the attack shut down the city’s 911 computer-aided dispatch system and mobile data terminals in police cars. Dispatchers had to write down calls normally entered into computers on an erasable board.
“It’s reality in this day and age,” Smith said.
Air Force Col. Scott Wenger was in charge of the Guard’s Cyberspace Operations unit working out of a room in the same building as the emergency operations center during the exercise.
The cyber attack exercise Monday was the first done with local government and associated first responders, Wenger said.
“This is an opportunity for the National Guard to participate in an exercise where we can engage with and support civil authorities in response to a cyber attack,” Wenger said.
Cyber attacks on government entities happen frequently, he said.
“It’s an absolute reality. Its a constant threat,” Wenger said. “It’s not just big targets the cyber actors choose, it’s often the easier targets,” Wenger said.
As the military and government develop resources to counter cyber attacks, those responsible respond with more sophisticated methods.
“It’s kind of a cat-and-mouse game,” Wenger said. “Its a collaborative effort to understand how we can best work together in a cyber attack and determine what resources we can render.”
Brown said it’s important to have all responders in one place so they can work together in countering any cyber-generated threat.
“This is just helping us to prepare. Were trying to make this like it is really happening,” Brown said. “It’s all about communication.”
The scenario began with a call about “unconscious persons” at local hospitals and then a hacker-generated social media post purporting to be from the Town of Greeneville claiming people experiencing headaches, upset stomachs and other symptoms. Minutes later, city schools went to lockdown status.
Calls flooded 911, emergency management and 197 people were reported in hospital emergency rooms under the scenario.
An emergency operations center was activated and TEMA was notified. Minutes later, it was reported that manure had been dumped into the city water retention pond, with people suffering from E. coli bacteria contamination. Greene County 911 reported its resources were “exhausted” as part of the exercise.
As the scenario progressed, more of the groups that had gathered individually entered the emergency operations center and began to respond to the situation.
“We know what we’re facing and what we need to do to keep up with it,” said Jeff Wilburn, chief of the Greene County Association of Volunteer Firefighters and Camp Creek Volunteer Fire Department.
Greeneville Police Department Assistant Chief Mike Crum said the opportunity to participate in Monday’s drill was beneficial for all involved.
“The importance of having these types of training sessions and drills is second to none. Its impossible to learn unless we get together on something like this,” Crum said.