Illinois Attorney General responds to cybersecurity attack, audit warning
Illinois Attorney General Kwame Raoul (third from left) sits at a panel with members of his staff Wednesday evening during a committee hearing in which he was questioned about a recent security breach in his office. (Credit: Blueroomstream.com)
Raoul gave testimony during a hearing before a state House committee
By SARAH MANSUR
Capitol News Illinois
SPRINGFIELD — Illinois Attorney General Kwame Raoul on Wednesday addressed the recent cyber breach of his office’s online network, as well as an audit of his office released earlier this year that warned of weaknesses in its cybersecurity programs.
Raoul told a House committee his office has implemented new safeguards since the April 10 ransomware attack that compromised the office’s network and affected office employee’s email accounts.
Ransomware is a malicious software that collects the victim’s personal data and threatens to publish it unless a ransom is paid to the hacker.
Raoul said his office is working with federal law enforcement to evaluate the extent to which the network was compromised, what information may have been exposed, how it happened, and what can be done to prevent future breaches.
“These efforts are ongoing,” Raoul said during a House Appropriations General Services Committee hearing Wednesday.
Since the attack, Raoul said his office has set up multiple layers of security, and put in place application-level security and monitoring, network authentication requirements, and firewalls. In addition, his office has implemented “continuous vulnerability scanning,” and intrusion detection and response protocols for their network, he said.
Raoul said his office has also set up a hotline for residents who may have concerns about the breach to receive answers to their questions while the investigation is ongoing. The hotline can be reached by calling 1-833-688-1949 between the hours of 8 a.m. and 5 p.m. Monday through Friday.
Rep. Brad Halbrook, a Pana Republican, asked Raoul why his agency wasn’t properly prepared for and had not anticipated such a cybersecurity attack.
“I'm just curious what we're doing, why we didn't anticipate this, why we didn't have redundant systems in place to be ready to roll in case something happened like this?” Halbrook asked.
Raoul said, moving forward, his office has reached out to “internal IT experts” to improve its network and technology.
“I don't know what the satisfactory answer that you'd want to your question. But our staff, and I’m proud of my staff, have continued to work hard during a very difficult circumstance,” Raoul said.
Raoul was also asked about a state auditor general’s report released in February that found the attorney general’s office had not implemented adequate internal controls related to cybersecurity programs and practices.
It recommended that the office perform a comprehensive formal risk assessment to identify information most susceptible to attack. It also recommended the office classify its data to establish the types of information most susceptible to attack.
Raoul said his office has begun the comprehensive risk assessment that was suggested in the audit report.
“And in our response to the audit, we indicated that because of the nature of our agency and the nature of our work, we consider all of our data high-security data,” he said.
The attorney general’s office also created a new information systems security analyst position, which is tasked with spearheading the “formalization of the (o)ffice's risk assessment and security efforts into a comprehensive, well-documented cybersecurity program.”
Raoul said that position was created in August 2020.
Capitol News Illinois is a nonprofit, nonpartisan news service covering state government and distributed to more than 400 newspapers statewide. It is funded primarily by the Illinois Press Foundation and the Robert R. McCormick Foundation.