County system operating; investigation continues
A cyberattack on Lee County’s government website is still being investigated, though all online functions of the site are now up and running officials said Thursday.
The attack was made public last Friday, and at a press conference Thursday, County Manager Roger Desjarlais stated the Florida Department of Law Enforcement is conducting the investigation that includes an investigator involved with FBI task force work focused on cyber security.
Desjarlais relayed that information contained in the system was not collected by whomever hacked the system.
“No payment information or personal information was compromised — not our customers, not our employees and none of our stakeholders or clients,” Desjarlais said.
He added that credit card information collected via bridge tolls, payment programs or utilities were all untouched.
“No taxpayer dollars were taken,” Desjarlais said. “In fact, there was nothing that was stolen.”
The system used to apply for building permits is back online and fully functional, Desjarlais said.
“We really estimate that it’s a fraction of our customers — people in Lee County — who felt the adverse impacts of this attack,” Desjarlais said. “It mostly comes in the form of the online services, particularly those that used our website for paying tickets, applying for building permits and like events. Any service we provided through our website services have been unavailable.”
While the investigation has been ongoing for a week, at least publicly, many areas of county operations remained unaffected, such as public safety operations (EMS, 9-1-1), trash collection, county pay roll, bridge toll plazas and more.
Desjarlais said that many of the online services that were shut down were done so purposefully, to avoid more damage that had happened with the initial attack.
“We’ve been bringing them back up methodically and with an abundance of caution,” Desjarlais said.
Details of the cyberattack were not disclosed due to the situation being a current investigation.
The county manager said he expects the investigation to take months before that specific information can be shared.
Desjarlais, along with County Commissioner Brian Hamman, made the announcement last Friday, and announced the aforementioned investigation was under way.
“We have had a cyberattack on the Lee County system,” Desjarlais said at the original press conference, which was announced to the media by phone as the county email system was down. “What we want the public to know is our technology contractor, along with our security experts, are fully engaged in helping us resolve this issue.
“Our primary goal and our obligation is to make sure that we protect all of the data that we’re entrusted with,” Desjarlais said. “We are protecting the data that we have and all emergency services are in full operation. None of those systems have been adversely affected.”
Preventing cyberattacks, or handling potential attacks, is nothing new for the county, Desjarlais said, adding that a successful hack of the system is not a common occurrence.
“I can tell you that we get attacks every day,” Desjarlais said. “As does everyone else. This type of breach is pretty unusual.”
According to the National Security Agency, there are 9 million known malware signatures worldwide, and that 350,000 new malware products are created every day worldwide.
“We’ll work this issue for 24 hours a day until we have full resolution,” Desjarlais said last week.
Hamman said the County Commission was immediately made aware of the issue and hoped for a swift resolution.
“On a day-to-day basis we do a good job at stopping all of (the attacks),” Hamman said. “But with (hackers) writing new (code) every day, this one got to us, but not before we were able to use some protective measures to try and protect our network and our IT infrastructure, and we’re going to continue to work that through and protect the people of Lee County and their information.”
-Connect with this reporter on Twitter: @haddad_cj