Imperial County’s website, co.imperial.ca.gov, and its companion emails remained offline as of April 17 for the fifth day and officials were generally mostly mum on the cause.
Attempts to access the website are met with messages such as one on the Bing search engine that reads, “Hmmm…can’t reach this page.”
County Public Information Officer Linsey Dale sent an update on the morning of April 17 using a Google email account instead of the standard county one.
“On April 13, 2019, Imperial County officials became aware of an incident affecting certain functions within the County system,” Dale wrote in the latest update. “Immediate steps were taken to isolate those impacted functions. As a result, email service within the County has been temporarily disabled while technicians are working to restore them to operation.”
County departments have established temporary email accounts to allow services and business transactions to continue with little disruption, Dale added.
Contact information may be obtained by emailing firstname.lastname@example.org or calling the county Executive Office at (442) 265-1001, she reported. In addition, information and updates will be posted as they are available to the County of Imperial Facebook and Twitter pages.
However, internal county web pages and cached pages were still operational as of April 16, including the Granicus landing page that allows access to Imperial County Board of Supervisors and county commission agendas, as well as links to livestream meetings.
In an insight into the seriousness of the matter, Dale’s email closed with, “County officials are working with a professional security firm to address this incident and identify measures to prevent this from happening again. We appreciate the public’s patience as we work through this incident.”
Meanwhile, a website expert who spoke on the condition of anonymity said due to the amount of time the website has been offline it was likely “hacked.” Among the possibilities is that the county is the victim of “ransomware” in which a fee is demanded to regain control of the website and emails, the source said. The person has expertise in establishing and developing websites for public agencies.
The source added there is an unconfirmed report the matter is the subject of a federal criminal investigation.
During the county Board of Supervisors on April 16, Chairman Ryan Kelley advised the county’s network and servers had been “compromised” but said little else. The county has an internal information systems department.
When contacted later in the afternoon, Kelley reiterated: “All I can say right now is our network is compromised. And we are doing a system sweep and taking each element one at a time, and we have some outside assistance.”
Kelley wouldn’t comment further on what that outside assistance entailed or from whom.
“This will be a slow and painful process” to restore the county’s networks and servers, Kelley added. “More info will come; we’re taking all necessary precautions.”
Supervisor Jesus Escobar made similar comments when interviewed at the state of Calexico address on the evening of April 16.
“At this point we’re researching the issue. That’s all I can say at this point,” Escobar said.
Escobar was asked whether the compromise of the system had affected the public in any way, such as Social Services distribution of benefits, or other departments with a direct connection to the public.
“Not that we’re aware of,” he said.
Kelley said there was no private information accessed “out of our system, we’re just having trouble restoring it.”
He added some systems should be back online by the end of the week, including email.
Kelley added, “We’re still investigating (what happened). We can’t confirm or deny what (kind of attack it was) at this moment.”
With more than 2,000 full-time employees, the county has a vast network system to protect. The Imperial Irrigation District, with about 1,400 workers, can appreciate the county's need to safeguard itself against computer threats and attacks, an official said.
If the county was in fact hacked, IID Communications Specialist Robert Schettler said, "Hacks can happen anywhere to anybody. We have a lot of customer information here, so we are constantly updating security features, like our firewall," Schettler said.
For IID's part, awareness is key to protecting the networks and computers throughout the district, and Schettler said a big part of that starts with individual employees who are subjected to an awareness campaign.
Part of that campaign includes email headers big and bold that warn employees when emails are coming from outside the district.
IID emails say, "Caution: This email originated from outside of the IID. Do not click on any link or open any attachments unless you trust the sender and know the content is safe."