LAS VEGAS (KTNV) — Nevada Gov. Joe Lombardo gave a third press conference Friday on the state's recovery efforts from a cyberattack that disabled many state services in late August.
The governor said state I.T. teams are working around the clock and through the weekend to restore more services.
WATCH | Gov. Joe Lombardo press conference
Questions over compromised data
During Friday's press conference, Lombardo maintained that the state still has not seen any evidence of compromised personal information.
The governor also reaffirmed statements made in last Thursday's press conference that state financial data "to the best of our knowledge" was not compromised. Attackers did not access information regarding DMV databases and SNAP and welfare recipients either.
State officials have already confirmed that data was moved out of their network, but Lombardo gave some insight into what they "perceive" was stolen.
"Nevadans should know that what the bad actor is perceived to have received is information through our internal systems, not public-facing, or constituent personal information," Lombardo said. "It's information, or data, that is endemic to state processes, or state inventory, or state databases."
The breadth of that information has been identified, according to Lombardo, but he said they cannot share that information publicly.
State service restorations
We now have a better understanding of how much is back online per the governor's update. "Today I am pleased to report that 90% of state public-facing, statewide websites are back online per the Governor's Technology Office," Lombardo said.
Some agencies like the DMV are 100% operational again, but despite the cyberattack no longer being active, there are still many agencies with limited or unavailable services.
Lombardo said the remaining 10% of services still offline are large components of the overall state system and require "more due diligence" to restore. "The remaining few services that are not back online will continue to be prioritized for restoration in an order of public safety and constituent impact," Lombardo said.
Defense from further attacks
Previously, the governor said many systems are deliberately offline to protect state systems from further attacks. Along with those protection efforts is the state's decision to withhold technical details on the criminal investigation, such as a motive or attacker identities.
"Public updates can sometimes trigger more attacks. For that reason, we are moving forward cautiously — giving Nevadans as much information as possible while continuing to protect our systems," Lombardo said in press conference last Thursday.
Approximately 150 million attacks were deterred from the state's firewall within 72 hours of last Thursday's public update, according to Lombardo. He said normally the state only sees around 150,000 hits a day.
"The state has faced over 300% increase in direct attack attempts throughout the recovery operations," Lombardo said.
Strengthening internal security
Earlier this week, the state's I.T. teams initiated a mass password reset for state employees. The reset was unprompted for many and stalled operations for state services, but Lombardo said this was by design to prevent further intrusions.
"This was done intentionally since broadcasting a reset in advance tips off criminals and increases account takeover attempts during the changeover window," Lombardo said. "The best practice here is to execute and then communicate."
Lombardo said they are also strengthening multi-factor authentication and password standards for state employees.
If you have any questions over the Nevada cyberattack, check out our FAQ, or send us an email at Desk@ktnv.com.
Local News