Three years of free software will help county combat cyberattacks


GREENFIELD — Hancock County will enter into an agreement with the Indiana secretary of state’s office allowing the county to receive free access to software intended to prevent breaches of elections and other government data for three years.

California-based firm FireEye Security will provide protection to the county’s informational systems. The agreement was approved by the Hancock County Commissioners at their meeting on Tuesday, Jan. 7.

Hancock County Clerk Lisa Lofgreen said her office was approached by the secretary of state’s office about installing the software, which has been offered to all 92 Indiana counties after a seven-county pilot program was conducted.

Lofgreen said the FireEye system will constantly scan computers and emails for cybersecurity threats. If a threat is detected, the FireEye operations center will be notified so steps can be immediately taken to protect the system. While the county currently takes steps to monitor such threats, it does not have the resources necessary for 24/7 monitoring.

“I looked into this about a year ago, and we couldn’t afford it,” Hancock County information technology director Bernie Harris said. He said the estimated cost at the time was about $800 per week. “But the state’s going to accept three years of costs for monitoring, which gives us a big head start to be ahead of where we need to be at no cost to us.”

Harris said he had not received a cost estimate for how much it would cost to continue with the software after that three-year period, but “it’s not going to be cheap.” Lofgreen said the secretary of state’s office committed to providing those cost estimates in early 2021.

There is no initial cost to the county to set up the software.

On the municipal level, concerns are focused more on “ransomware” than on attempts to affect the outcome of an election. Ransomware is a type of malware that can remotely access a system and threatens to either publish or permanently block access to data if money is not paid to the anonymous hacker. Usually, a difficult-to-trace digital currency like Bitcoin is demanded.

According to cybersecurity provider Kaspersky, at least 174 municipal governments were targeted with cyberattacks in 2019. Those included LaPorte County in Indiana, where officials paid $130,000 to recover their systems. A cyberattack also shut down information systems at Hancock Regional Hospital in 2018, with administrators paying a $55,000 ransom.

Indiana’s deputy secretary of state, Brandon Clifton, told the Indianapolis Business Journal two 2016 cyberattacks in the state inspired the office to see cybersecurity as a major priority. In one incident, Madison County officials spent thousands of dollars trying to recover their data, but ultimately had to pay a $21,000 ransonm. In another, the Indiana Department of Veterans Affairs office in Howard County was offline for several hours before files held hostage by ransomware could be recovered.

The partnership with FireEye was made possible by a 2017 distribution of federal funds to help states improve election security. Valerie Warycha, deputy chief of staff for the Indiana secretary of state’s office, told the Indianapolis Business Journal that Indiana received about $7 million and chose to spend approximately 90 percent of those funds on the partnership with FireEye.

Lofgreen said the software will be in place in time for the 2020 primary and general elections.