Matt Powers, Deseret News
SALT LAKE CITY — State information technology workers are asking for more money to stop increased cyberattacks on Utah’s secure government networks.
Two years ago, the average number of cyberattacks was approximately 1 million malicious attacks per day. Now, the attacks are up to 20 million per day, according to Mark VanOrden, Utah's chief information officer and executive director of the Utah Department of Technology Services.
The number of attacks is accelerating. “I don’t know what we can do to stop the acceleration,” he said.
The attacks on Utah's secure networks are coming from computerized robotic systems, not 20 million individual people, VanOrden said. The attacks are coming from Europe, Asia, China and from the United States. The members of VanOrden’s security team are constantly tracing the IP addresses the attacks come from and then blocking them.
"We have two people on site seven days a week, 24 hours a day, monitoring all the incoming and outgoing traffic, monitoring our network. Overall, we have a staff of 18 in the Department of Technology Services, in our security division," he explained.
VanOrden said the attackers can be foreign governments, criminals or even anarchists. The attacks on the networks are getting more creative and sophisticated, therefore his team needs to be creative in tracking them. He is asking lawmakers for more funding to beef up his security staff and will make a presentation to an appropriation committee Friday.
If lawmakers approve the $9.3 million this session, DTS will hire nine more people for that team and also install new software.
"They're getting better every day, so we have to get better," he said. "We have to improve our processes to be able to protect ourselves against the innovated attacks that are being made around the world."
He said Utahns need to be vigilant in protecting their information.
"I think that everybody should be careful in how they use their data," he said. "I don't think people should lose sleep over this because we're doing everything we possibly can to protect their data, but we are certainly not perfect."