Colorado Department of Transportation

The Colorado Department of Transportation (CDOT) is the state agency responsible for building, maintaining, and operating Colorado's public transportation infrastructure. Its core functions include the oversight and management of the state's highway system, traffic operations, and construction projects. The agency's scope is statewide, serving the general public, commercial transportation networks, and regional economies by ensuring the movement of people and goods across Colorado's roadways. CDOT also manages associated systems such as digital signage for traveler information. As a state-level executive department, it operates under the authority of the Colorado state government to fulfill its mandate of providing a safe, efficient, and sustainable transportation network.

In February 2018, CDOT experienced a significant cybersecurity incident involving two separate ransomware attacks within a two-week period, both utilizing variants of the SamSam ransomware. The second attack occurred while the agency was still recovering from the initial infection, necessitating another system-wide shutdown and forcing employees to revert to manual, pen-and-paper processes as networks remained disconnected. Notably, critical traffic operations and ongoing construction projects were not disrupted during these events. At the time of the second attack, only approximately 20% of the machines compromised in the first incident had been restored, and the renewed assault overwhelmed existing security tools. The response effort included collaboration with the Colorado National Guard and the Federal Bureau of Investigation to restore systems, with investigators observing that the ransomware's evolving characteristics consistently bypassed defensive measures. This sequence of attacks highlighted the persistent and adaptive nature of the threat faced by the agency.