SECTION 4: RISK ASSESSMENT
effects beyond the location of the targeted system; disruptions that occur far outside the state can still impact people, businesses, and institutions within Wake County. HISTORICAL OCCURRENCES In May 2021, the Colonial Pipeline was shut down by a ransomware attack that infected the pipeline’s digital systems. Attackers stole data and subsequently infected the Colonial Pipeline IT network with ransomware. Colonial Pipeline shut down the pipeline to prevent the ransomware from spreading and paid hackers to regain control of the system. The pipeline moves oil from the Gulf of Mexico to East Coast states and is one of the largest in the U.S. The attack led to an emergency declaration by President Biden. The shutdown caused a temporary jet fuel shortage, affecting airlines, and resulted in panic buying at gas stations in many states. In September 2021, Wake County Public Schools’ phone service provider experienced a cyber attack, causing a partial outage of the phone service that impacted several schools. In May 2023, Raleigh Housing Authority (RHA) was hit by a cyber attack that shut down computer systems and business operations. The RHA served almost 6,000 residents. Also in May 2023, more than a dozen North Carolina hospitals and health care providers were affected by a ransomware attack that hit software used by a communications vendor. Law enforcement believed the attack came from a criminal group based in Russia. Personal data may have been stolen through the attack. More severe local events are possible. The City of Atlanta was hit by a major ransomware attack in 2018, recovery from which wound up costing a reported $2.6M, significantly more than the $52,000 ransom demand. A similar attack against the city of Baltimore in 2019 affected the city government’s email, voicemail, property tax portal, water bill and parking ticket payment systems, and delayed more than 1,000 pending home sales. The Privacy Rights Clearinghouse, a nonprofit organization focused on data privacy, maintains a timeline of 35,167 data breaches in the United States from 2002-2023. The database lists 359 data breaches in North Carolina, totaling over 16 million records breached. Of these breaches, 191 were the result of hacking, and multiple incidents targeted organizations located in Wake County. However, none of the reported breaches were specifically targeted at local government systems in Wake County, although some of them almost certainly included information on individuals who live in the county. Similarly, some county residents were almost certainly affected by national and international data breaches. EXTENT The extent or magnitude/severity of a cyber disruption event is variable depending on the nature of the event. A disruption affecting a small, isolated system could impact only a few functions/processes. Disruptions of large, integrated systems could impact many functions/processes, as well as many individuals that rely on those systems. There is no universally accepted scale to quantify the severity of cyber-attacks. The strength of a DDoS attack is sometimes explained in terms of a data transmission rate. One of the largest DDoS disruptions ever, which brought down some of the internet’s most popular sites on October 21, 2016, peaked at 1.2 terabytes per second.
Data breaches are often described in terms of the number of records or identities exposed.
Impact: 1 – Minor
Spatial Extent: 2 – Small
Wake County, NC Multi-Jurisdictional Hazard Mitigation Plan
WSP June 2024 Page 245
Made with FlippingBook interactive PDF creator