Arkansas Ramps Up Cyber Security Programs
LITTLE ROCK – Over a 12-month period there were 130 reported cyberattacks against Arkansas government at the state and local levels. That was more than twice the number reported in the previous year.
The Legislative Audit Committee compiles reports of cyberattacks against government entities in Arkansas, ranging from potentially serious security breaches to relatively trivial attempts to hack into a government web site.
These days, government agencies invest a lot of resources in setting up and maintaining data bases. You can renew your car tags or driver’s license on line. Your tax information is stored on a government computer, as are employees’ personnel files.
In 2021 the legislature required the reporting of cyber threats against public entities, so that security officials can better evaluate the incidents and plan against them. The type of threats constantly evolves, and the total number of threats is growing, an auditor told members of the Legislative Joint Auditing Committee. That means preparation is more important than ever, in order to prevent major disruptions in government services caused by a cyberattack.
Two of the most serious cyberattacks occurred about a year ago. A vendor that provides computer services to 72 Arkansas counties was the victim of a ransomware attack that shut down online services for many days. Some counties lost services for weeks or months.
It affected the filing of deeds, collecting taxes, registration of vehicles and issuing of marriage licenses. Responses among counties and state agencies, such as setting up new security measures, entailed substantial costs to government.
The other major cyberattack was against the Little Rock School District, which reportedly paid a $250,000 “ransom” to hackers who penetrated the school’s computers.
Before cybersecurity experts were able to restore operations, the district could not use its accounting functions or access student files.
Of the 130 incidents report last fiscal year, 73 have been resolved and the rest are still under investigation.
The legislature passed two measures this year to strengthen its response to cyber threats. Act 846 formed the Arkansas Cyber Response Board, which will oversee a self-funded insurance program that protects counties, cities and schools from damages caused by cyberattacks. To participate, government entities will have to upgrade their computer systems to meet security standards.
Act 504 of 2023 requires local governments to set policies governing their use of technology and their approach to cybersecurity.
In 2019 the legislature passed Act 1085 to authorize the Arkansas Economic Development Commission to create the Cyber Initiative, to support private sector businesses with shared research and cooperation with government security systems.
According to the AEDC, eight years ago a typical cyberattack cost a small company about $38,000, and within six months of the data breach about half of small companies had gone out of business.
Arkansas colleges and universities now offer multiple degrees and certificates in cybersecurity. For example, Southern Arkansas University offers a Master of Science degree in Computer and Information Science with a cybersecurity and privacy option. Similar degrees are available at numerous campuses within the University of Arkansas system and the Arkansas State University system.