Cyber Incident Victim: Kent County, Delaware
Date:
Jul 2023
Location:
United States of America
Summary
A cyber attack targeted the Kent County government's computer network, crippling its systems. The website and some internet-based phone services remained inaccessible. County officials stated there was no disruption to critical services like 911 and expressed confidence that sensitive information was secure. Their IT team responded immediately with support from state and local governments, cybersecurity consultants, and law enforcement to restore systems and ensure their security.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 8, 2023, at approximately 7:00 AM, the Kent County government's computer network was targeted by a cyberattack perpetrated by hackers. The incident, which was significant enough to cripple the county's digital infrastructure, resulted in a sustained disruption of services that persisted for at least four days following the initial breach. As of Wednesday, July 12, the county's official website remained completely inaccessible to the public. Individuals attempting to visit the site were met with a browser error message stating, "This site can’t provide a secure connection," indicating a failure in establishing a secure encrypted link, often associated with issues in the site's security certificate or backend server connectivity. This outage extended beyond the web presence to the county's telephonic communications, where calls to certain government phone numbers resulted in a "call failed" notice, effectively severing those lines of communication with residents.
Despite the widespread disruption to the network, county officials confirmed that there was no interruption to critical public safety services throughout the event. The 911 emergency dispatch system, a vital lifeline for the community, continued to operate without any disruption, ensuring that the ability to request and receive emergency aid remained fully functional. Kelly Pitts, the county's public information officer, provided assurances that sensitive information held by the county was secure, although the specific measures taken to safeguard this data or the nature of the attack that prompted such confidence were not disclosed to the public. The county's primary focus in the immediate aftermath was on restoring its systems to full operational capacity, a process that was anticipated to cause delays in the provision of routine county services while the restoration and security verification efforts were underway.
The response to the incident was initiated immediately upon its discovery. The county's internal information technology team mobilized to address the breach and begin mitigation procedures. Recognizing the severity of the situation, this internal response was quickly augmented with support from other government entities, including state and local government partners, forming a collaborative effort to contain the incident. Furthermore, the county engaged external cybersecurity consultants to assist in the forensic investigation and recovery processes, bringing specialized expertise to bear on the problem. Concurrently, law enforcement agencies were notified and became involved in what was classified as an ongoing criminal investigation. Due to the sensitive nature of this law enforcement investigation, the county administration made a deliberate decision to release only limited details about the attack, its vectors, its origin, or the extent of the intrusion beyond the already evident service outages.
The cyberattack on Kent County serves as an example of the vulnerabilities that local government entities face in an increasingly digital landscape. The immediate effect was the degradation of standard operational capabilities, impacting both digital and voice communications. Internet-based services, which form the backbone of modern government operations and public interaction, were taken offline temporarily as a direct consequence of the network compromise. The prolonged duration of the outage, lasting several days, underscores the complexity involved in responding to such incidents, which require meticulous efforts to eradicate threats, restore systems from backups, and ensure that all environments are secure before being brought back online to prevent re-infection. The involvement of multiple stakeholders—from internal IT staff to external cybersecurity experts and various levels of law enforcement—highlights the multifaceted approach required to manage a significant cyber incident, balancing technical remediation with legal and investigative imperatives. The county's public communications strategy during this period was characterized by a cautious approach, prioritizing the integrity of the investigation while providing minimal but essential updates to the public regarding the status of services and the security of their data.