CISA steps in to help Nevada state government recover from cyberattack

Federal officials are working with Nevada’s state government to help it recover from a cyberattack discovered on Sunday. 

The Cybersecurity and Infrastructure Security Agency (CISA) said it has been working with the FBI and other agencies to help the state get back online safely while investigating the origins of the attack and rebuilding systems.

In a statement on Wednesday evening, acting CISA Director Madhu Gottumukkala explained the agency is working with federal and local government officials to “restore necessary critical services.”

The state asked CISA to send its “threat hunting” teams to assist in mitigating any ongoing threats and identify the full scope of the incident. The agency said it also helped Nevada access incident response grants offered by the Federal Emergency Management Agency. 

CISA did not respond to requests for comment about whether Nevada is dealing with a ransomware attack. No hacking group has taken credit for the attack. 

Governor Joe Lombardo said all state offices were closed to the public on Monday and Tuesday due to the cyberattack. Government workers were on paid leave on Monday but returned to work the following day, with in-person services slated to return by the end of the week.

As of Wednesday evening, phone lines and websites belonging to many departments were still down. 

The Nevada Health Authority said it has limited its operations at district offices and is only focusing on coordinating care. Medicaid systems are still operational, they said. 

At the Department of Human Services, no new enrollments for public assistance programs can be processed because the cyberattack took down the eligibility and case management systems.

The Department of Agriculture, meanwhile, is using temporary paper and hotspot systems to continue crop inspections and allow animal disease labs to remain operational while many permits are being issued manually. 

Some licensing services were knocked offline and many departments cannot accept card payments due to the technology outages. Licenses for teachers and some businesses can only be processed in person. 

Several people reported appointments at the Department of Motor Vehicles had been cancelled, and Lombardo’s office said they would honor the appointments as walk-ins for at least two weeks. Any fees incurred during the network outage will be waived, officials said. 

Many state-run museums are still closed but will be reopened once operational workarounds are put in place, officials said. 

The attack did not impact the state’s payroll system and all government workers will be paid at the normal times this month. 

As the restoration process continues, Lombardo’s office said officials are prioritizing the most critical services for constituents while using workarounds in some instances. 

CISA criticism

Cyberattacks and ransomware incidents have had severe impacts on U.S. government agencies in Minnesota, Maryland, Ohio and Texas this month, with multiple state and local bodies dealing with outages caused by hackers. 

The attack on Nevada coincides with criticism of CISA for pulling back its support of state and local governments. The agency cut support for the Multi-State Information Sharing and Analysis Center — a relied-upon resource for cyber threat monitoring and mitigation.

Officials in Arizona blasted the agency last month for failing to provide assistance following a cyberattack on a statewide candidate portal. 

In a letter to Homeland Security Secretary Kristi Noem last week, both U.S. Senators for Arizona demanded answers for why CISA did not help the state deal with the cyberattack — which was allegedly perpetrated by threat actors based in Iran. 

“Until recently, CISA served as a trusted federal partner to election officials, offering threat intelligence, technical assistance, and incident response. We have heard firsthand from Arizona officials that this trust has eroded,” the senators wrote. 

“Officials describe a dramatic reduction in support, staffing, and communication from CISA, as well as a lack of confidence in the agency’s ability to collaborate in good faith on election security.”