LAS VEGAS (KTNV) — Nevadans continue to feel the impact of a cyberattack that led to the closure of several state agencies and the shutdown of their websites.
We've worked to answer questions from our viewers throughout the week as we learn more about how the state is responding and what data may have been compromised by hackers. We'll update this page as we get additional information.
Let's break down some of your most common questions and what answers we've been able to get for you:
Question: Were hackers able to access my personal information?
Answer: It is still not clear what data was accessed during the attack, according to officials with the Governor's Technology Office. The Governor's Office previously said there is no reason to believe personal identifying information was taken, but they cannot definitively confirm that is the case.
In a Sept. 4 update, Gov. Lombardo gave some insight into what wasn't stolen based on what they know so far, such as the state's financial information, DMV databases and personal records of individuals receiving food stamps and welfare benefits.
Question: In the event personal information is found to be compromised, what will the state do about it?
Answer: Four points, according to the state:
- Affected Nevadans will be notified "in the most expedient time possible and without unreasonable delay."
- The state will notify Nevadans via mail or email. If they cannot contact you directly, they may use a substitute notice, such as a website posting and/or statewide media.
- The notice will include "what happened" and "what information" was involved, to the extent that is known at the time. It will contain "what [the state] is doing" to fix the problem, and "what you can do" to protect yourself. Finally, it will also show a "how to reach [the state]" for help and questions.
- "Where required by law, the State will also make other notifications (for example, to consumer reporting agencies for large-scale incidents) and comply with any sector-specific federal rules (e.g., HIPAA breach-notification rules for protected health information at 45 CFR part 164, Subpart D)," according to the state's recovery page.
These procedures are further detailed in NRS 603A.040 and NRS 603A.220.
Question: What was the motive behind the cyberattack?
Answer: State leaders said they do not know — yet. Gov. Joe Lombardo said on Aug. 28 that while it's clear there has been an intrusion, they are still working to identify the attackers and a motive.
Question. Was this a unified cyberattack?
Answer: Not entirely. It is true that the cyberattack crippled many state agencies across Nevada, but it didn't put the state's entire system on lockdown. Many of the state's systems are siloed — meaning they're isolated from one another — and not every silo was affected. Emergency services like 911 were never impacted, online DETR services are still operational and many occupational board websites are up and running. For a full list of state agencies' operations, click the link here.
On Sept. 4, Lombardo did not rule out the possibility of further compartmentalization of the state's systems during recovery efforts.
Question: What has been recovered?
Answer: As of Sept. 12, Lombardo said the state has restored access 90% of public-facing agencies.
- National Crime Information Center, a service run by the FBI that enables law enforcement to access criminal histories for necessary inquiries.
- However, in a Sept. 4 update, Lombardo said this service is slowed in some areas when it interacts with departments still feeling the effects of the attack.
- National Instant Criminal Background Check System, a service run by the FBI that enables law enforcement to check criminals' backgrounds.
Lombardo also said state payroll was not affected and employees are getting paid, including retirees. The Pupil Center Funding Program was also transmitted to help local districts with state funding.
Tim Robb, Nevada's Homeland Security Advisor, said state funding for local governments is progressing. Internet service and phone services are actively being worked on.
Lombardo told us on Sept. 2 that state staff worked through the Labor Day weekend to get most, but not all, state computer services back online.
Question: What is Nevada's response to ransom demands from cyberattackers?
Answer: When we asked Lombardo he said there is no absolute policy, but some are under consideration. He said the state has an insurance policy to help in decision-making under these types of situations, but the state prioritizes rebuilding systems before paying ransoms.
Question: Why aren't they telling us technical details about the attack?
Answer: State officials have maintained that questions over the attack motive, attacker identity, the assisting federal investigation and anything of that nature, are not being answered for safety purposes.
The governor has acknowledged this frustration, but says the reason is to protect state systems from more attacks.
"Public updates can sometimes trigger more attacks. For that reason, we are moving forward cautiously — giving Nevadans as much information as possible while continuing to protect our systems," Gov. Lombardo said in a Sept. 4 update..
Question: How much are the recovery efforts going to cost Nevada?
Answer: The state doesn't have a number at this time, but on Sept. 4, Lombardo maintained that there is an insurance policy in place for these types of incidents.
Question: How can I protect myself from scams?
Answer: The state is advising Nevadans to be cautious of unsolicited calls, texts or emails from people asking for personal or financial information. The state will never ask for your passwords, MFA codes or banking detail by phone or email.
They also said to verify unexpected requests on a second channel, like calling a known number and not one in the message. For email, report suspicious messages to your provider and delete them.
Experts we spoke to on cybersecurity said it's a good idea to get malware protection for your devices. Yes — this can get pricey.
WATCH | Experts say malware protection is worth the cost after statewide cyberattack
Question: How long are in-person services going to be unavailable at agencies like the DMV and welfare offices?
Answer: This is still not clear for every agency; however, as of Sept. 12, the governor said 90% of all public-facing agencies are back online.
Question: Is the DMV still closed?
Answer: Offices are now open.
As of Sept. 5, the DMV said they are open for all in-person and online MyDMV services, including the kiosks around the state.
Question: Will I be charged a late fee or penalty if I wasn't able to register my vehicle because of the outage?
Answer: No, according to DMV director Tonya Laney.
"We will be waiving any late fees or penalties that are occurring as a result of the closure," Laney said. "Any expiration dates that fall in the closure window are being programmed to be waived."
"We are working closely with the Governor's Office and our law enforcement partners to ask them to be lenient with customers that fall into this timeframe," Laney added. "Let me be clear: This leniency is only going to apply to our customers that expired due to the outage."
Question: My DMV appointment was canceled because of the outage. Will I still be able to access in-person services?
Answer: The DMV has opened up walk-in services to those with canceled appointments for at least two weeks after resuming in-person services, officials have said. If your appointment was canceled because of the outage, you will be asked to go to the same DMV office where your appointment was scheduled and show proof of the cancellation.
Question: What DMV services are available during the outage?
Answer: You should still be able to take your online driver's license or permit test during the outage, DMV Director Tonya Laney said. Drive tests are also being conducted as scheduled.
Rapid registration and turbo titling for private party vehicle sales and out-of-state transfers are still available, Laney said.
You should also be able to access the DMV's online system to file a complaint with its Compliance Enforcement Division.
The DMV's website will list what is available, "and that should be used as a source of all important information moving forward on exactly what is available and when, and when we are able to reopen our doors at the DMV," Laney said.
Question: Are DETR (Department of Employment, Training and Rehabilitation) services still accessible during the outage?
Answer: DETR services, including its website, have remained accessible throughout the statewide outage, director Christopher Sewell said Aug. 27.
Question: Where can I get more information about the state's response and the services I need to access?
Answer: Announced on Aug. 28, the State is expanding 211 services to offer Nevadans more information about how they can access services during the ongoing cyberattack recovery. Gov. Joe Lombardo says you can call 211 or find more information on nevada211.org.
The State also established a website that will be continually updated with information about the recovery. Lombardo said this page will "serve as a single source of truth" for all information Nevadans need to know.
A link to that webpage is also included at the top of this article.
Question: Are public meetings still available?
Answer: Yes. Per Nevada law, public meetings need to have notice. Notice.nv.gov is online. There you can find information on meeting dates for your respective agency.
Question: If the cyberattack is no longer active, why are some systems still offline?
Answer: This is deliberate, according to the state. Specifically, for safety purposes.
"Isolation is intentional during a cyber incident. Temporarily taking systems offline helps contain the threat, protect data, and prevent re-infection. We’re bringing services back in phases, only after they pass security checks," according to the state's recovery webpage.
We also brought your questions before James Turgal, the Optiv VP of cyber risk, to further address your concerns.
WATCH | What James Turgal shared with us
Question: How is it possible hackers were in the system for hundreds of days, and nobody knew?
Answer: "Once the attackers are inside, they rarely attack immediately. Instead, they prioritize stealth and reconnaissance. We call it 'dwell-time' — on average, global 'dwell-time' is that period of initial compromise to actual detection, and it's historically been in the months to sometimes 200-plus days... they blend in with normal traffic, they use legitimate protocols, they use legitimate software... because they're mimicking legitimate users, most security tools often fail to distinguish the malicious traffic from the normal traffic. And that's why they're in there so long without detection."
Question: Why wasn't cybersecurity for our state's systems up to date with the best protections?
Answer: " ... There's a number of nation-states, China included, that use techniques called 'living off the land,' where they're actually using the tools of your own system against you... they've been there long enough where they've actually... they've mapped it... Every action is cloaked with tools... they're evolving their tactics every day. And you're talking about a state and local agencies that must wait until the next budget cycle to get a tool or to get some type of solution to fight the fight today. But by the time those budgets come in, and those solutions are installed... it's ineffective... hackers have moved on.
VIDEO| Ryan Ketcham answers your additional questions concerning Nevada's network outage
Question: What is going to happen to people driving around without a license and registration as a result of the cyberattack?
Answer: DMV Director Tonya Laney said the state is working to address these concerns.
"We will be waiving any late fees or penalties that are occurring as a result of this outage. Any expiration dates that fall in the closure window are being programmed to be waived," Laney said.
"We are working closely with the Governor's Office and our law enforcement partners to ask them to be lenient with customers who fall into this timeframe."
Laney said these waived fees and leniency apply only to people who have missed appointments or have missed expiration dates due to the outage. For example, if your registration or driver's license expired in July but you didn't have an appointment, you would face penalties. However, if you had an appointment, all appointments made will still be honored for two weeks following the reopening.
Question: Will SNAP, WIC or Medicaid be affected?
Answer: State directors provided reassuring news for those who rely on these programs.
"Medicaid coverage for current members and services, as well as our public employee benefits plan, is unaffected," a state official said.
"Existing consumers who will be starting to expect benefits to be uploaded starting September 1, and it was expected and the data transfer will take place," the official added.
The state's recovery webpage lists WIC as unaffected. You can call 800-863-8942, and their local partner offices are operational.
Question: How will Nevada prevent future attacks?
Answer: The governor outlined the state's approach to cybersecurity infrastructure in a press conference on Aug. 28.
"We've done a good job up until now in siloing a significant amount of our worth, products and production and ability to use state resources, and we'll determine whether that's a linchpin in our ability to function into the future," Lombardo said.
State leaders mentioned the Department of Employment, Training and Rehabilitation (DETR) as an example of effective isolation. DETR shut down services earlier this year to improve their system, which allowed them to operate on their own system. As a result, the cyber attack didn't impact them.
The services that were affected were on the same silo, a shared system that multiple departments used.
On Sept. 12, the governor said they are strengthening their multi-factor authentication and password security for state employees.
Channel 13 will continue providing updates on this story.