NJ hit by 10 million cyberattacks in 1 day, homeland security expert says
State government networks in New Jersey are hit by cybercrime attempts more than 10 million times on a daily basis. Weekly, Russia is the source of about half a million cyberattacks on the executive branch of New Jersey government.
Those sobering statistics and more were presented to the Senate Law and Public Safety Committee, who on Monday launched a series of conversations about protecting residents and entities from malicious web users.
"We're not going to prevent every attack from happening, just like we're not going to prevent hurricanes or tornadoes or other types of natural disasters, but we want to make New Jersey more resilient to these attacks," said Michael Geraghty, director of the New Jersey Cybersecurity and Communication Integration Cell.
Attacks on networks have dismantled operations, both big and small, in the Garden State, Geraghty noted. Hospitals have had to delay surgeries, schools have closed, and police departments have been forced to temporarily work without access to electronic systems. New Jersey and other states in 2021 felt the impact of the shutdown of the Georgia-based Colonial Pipeline, which was initiated by a cyberattack.
Cybercrime is underreported. Over the past four years, NJCCIC received 1,500 reports of cyber incidents from individuals and organizations that have been impacted.
"These attacks that we see come from throughout the world, any time of day or night," Geraghty said. "We can't promise you that there's not going to be a successful attack tomorrow, but we can promise you that we'll be ready. We'll be able to identify it, contain it, and eradicate it in short order."
There's no public-sector network that's not connected to another public-sector network in New Jersey, Geraghty said. So, he said, the breach of a municipality's website can ultimately result in compromised credentials of individuals who log in to state systems.
Many attacks on New Jersey systems, Geraghty noted, are indiscriminate. They're not launched with the specific intent of bringing down state government services — bad actors make attempts with the information they have, and see what sticks on the other end.
"In recent years, we have seen an increase in cybercrime, so it is imperative that we have these conversations now so that we can work to prevent future attacks from occurring," said Sen. Linda Greenstein, D-Middlesex, chair of the Senate Law and Public Safety Committee. "I look forward to hearing more testimony and learning what else we can do legislatively to help prevent cybercrime."
The panel on Monday unanimously approved a proposed law that would require that public agencies report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness.