Town and county teams simulate responding to cyber attacks

Town, county teams practice responding to real-world risks.

JACKSON — The name of this game is cybersecurity, and the real-world consequences can be disastrous.

Teton County Emergency Management members gathered June 7 at the library to play the Cyber Ready board game developed by the Federal Emergency Management Agency. The game helps identify potential cybersecurity weaknesses, common threats and best practices so organizations can prepare for cyberattacks.

The issue hit close to home.

As players sat down for the simulation, the Idaho Falls Community Hospital, just 90 miles to the west, was in the midst of responding to a cyberattack that had canceled appointments, shut down departments and forced ambulances to divert to other hospitals. The same May 30 computer virus also had shuttered an affiliated urgent care clinic, Mountain View Redicare, for two weeks.

After learning about the real-world disruption to health care in Idaho Falls, players picked teams to get the friendly competition underway. The teams represented a hypothetical emergency management agency, utility company, community hospital and private sector business.

Open to members of the Teton County Emergency Management team, the game drew 16 players from the Town of Jackson Public Works

Department, the Teton County Sheriff’s Office, the Jackson Police Department, Teton County Library and town and county IT departments.

“I came in thinking, ‘How could this affect me?‘” said Win Furber, the town’s facilities manager.

During four rounds of play, scenarios included having a laptop stolen that compromised sensitive information and employees giving out sensitive login credentials.

Discussions followed each round with questions posed, such as: Who from your agency would be involved in responding to a cyber attack? Has your agency developed continuity of operations or cyber plans? What qualifies as a “reportable incident” in your agency?

“Cybersecurity is coming to the forefront of emergency management,” said Anna Day, program specialist for Teton County Emergency Management. “There’s a really big push from the federal level.”

The same day that players hunkered around tables at the library for the Cyber Ready game, the FBI issued a statement estimating that a Russian ransomware attack had compromised more than 3,000 U.S.-based organizations and 8,000 global organizations that use a program to share files securely.

An analyst at the cybersecurity firm Emsisoft called it “potentially one of the most significant breaches in recent years.” Organizations hit by the cyberattack included the Minnesota Department of Education, British Airways and the government of Nova Scotia.

Cybersecurity is also a Cowboy State priority.

“The Wyoming Office of Homeland Security is really pushing this,” said Rich Ochs, Teton County Emergency Management coordinator.

County emergency management teams are seen, in the state’s eyes, as the connector in the event of a cyberattack, Ochs said. They are responsible for gathering stakeholders, fostering communication and connecting agencies with statewide and federal resources.

A cybersecurity specialist for the U.S. Department of Homeland Security, Timothy Walsh, is assigned to Wyoming and based in Cheyenne. Walsh can be brought in to consult and assist in the wake of a cyberattack, Ochs said. The town and county already have worked with Walsh in cybersecurity trainings. A portion of the training tested for and identified cybersecurity holes.

During last week’s friendly competition, each team worked to allocate money to shore up cybersecurity defenses.

For example, teams had to decide whether to earmark their cybersecurity credits for an employee to monitor threats, training staff to recognize scams or a public relations campaign to alert the community of a breach. Then teams would draw cards with imagined attacks that tested those decisions.

The pretend hospital, for example, invested heavily in monitoring and protecting against threats. That proved a winning strategy, as the community hospital team took first place.

As teams collaborated, the morning of game play fostered conversations among participants about what past and current cyber threats each had faced.

“Phishing and ransomware have hit 911 dispatch centers,” Ochs said. “Hackers have flooded 911, which makes it difficult for anyone else to get through to dispatch. You also see this in the swatting attacks we get here, just to tax our emergency management system.”

Swatting, categorized as a cyber harassment technique, involves making a prank call to emergency services in an attempt to mobilize a large number of law enforcement officers to a particular address. In some cases swatting may tie up resources and make it harder for officers to respond to real emergencies.

“We’re seeing IT departments are being thrust into the security world,” Ochs said as town and county IT employees nodded. “IT went from being tech assistance — Hey, can you help me with my printer? — to having to manage privacy and data.”

Town IT Director Michael “Zolo” Palazzolo shared one area that the town has seen become tantamount: doors. As physical keys become outdated relics, the town has seen keypads downed by power outages, which have affected how employees access their buildings in emergencies and how residents get into their own apartments.

“We’ve seen door controls and getting into buildings become as critical as water and sewer,” Palazzolo told the assembled gamers.

Furber made notes to himself to check that his department has the keys needed for building entry, a vulnerability the game and ensuing discussion brought to light.

After the game, participants identified communication and collaboration among public agencies as a strength.

“I do feel that the IT departments have great communication,” Palazzolo said. “We share what’s going on. We know one another, and we’re there for each other.

“The town IT doesn’t have that same relationship with private entities,” Palazzolo said. “We could work on improving that.”

Ochs echoed the need for widening the circle of cybersecurity preparedness.

The town and county work with private internet providers, for example. The statewide radio system first responders rely on, WyoLink, depends on Motorola technology, also a private company.

After receiving feedback from players, who said the game was fun and easy to learn, Ochs said he’s considering opening the game up to the public. He hopes to get other critical community organizations involved.

“I’ve never had anyone tell me that my exercises are fun,” Ochs said. “There’s competition, but there’s also a common goal.”

This story was published on June 14, 2023.