Can our local governments and businesses handle a possible cyberattack from Russia?

10 News spoke to localities, companies and schools without discussing specifics about strategies

President Joe Biden is warning Americans to be on alert for possible Russian cyberattacks.

LYNCHBURG, Va. – President Joe Biden is warning Americans to be on alert of possible cyberattacks from Russia.

Virginia U.S. Senator Mark Warner says businesses should be on the lookout.

“We should anticipate that Russians may up some of their cyber activities,” said Warner.

But are municipalities prepared for those activities?

10 News reached out to several localities, companies, and school divisions — without discussing specifics about their security strategies.

Bedford County’s IT director, Elizabeth Lo, says they have cyber training for employees and backup data systems.

They’ve also noticed an uptick in traffic and attempted exploits, so they’re geo-blocking traffic from Russia.

“What that means is we’re restricting the access to internet content upon the user’s geographic location. So, any [Internet Protocol address] originating from Russia, we are blocking those,” said Lo.

Lynchburg City Schools also has protocols in place.

“I am confident that we are doing everything we can with the resources that we have,” said John Collins, IT director for LCS.

Collins says that includes multiple levels of protection, several backup systems, mandatory training for faculty and staff, and looking to expand training for students.

He says they’re prepared for an attack at any moment.

“We’ve had that approach for the last 10 years. It’s ‘when,’ not ‘if,” said Collins.

The tech experts say one of the easiest ways to fall victim to a cyberattack is through email, so you should always be aware of what you’re receiving.

“If you do not know the sender or have a questionable email, please delete the email. Do not click on it. Do not send it,” said Lo.

“The most important thing is that security is everyone’s responsibility,” said Collins.

Lo says if any localities and businessesinformation-sharing experience any impacts to critical functions or infrastructure, please report them to the Virginia Fusion Center.

Statement for Botetourt County spokesperson Tiffany Bradbury:

“Botetourt County is following all best practices and following any guidelines provided by state and federal security entities to close access to our network, systems, and user devices.”

Statement from Appalachian Power spokesperson Teresa Hall:

“Appalachian Power, and our parent company AEP, along with electric companies across the nation understand the critical place electric service holds in the daily life of every American. We work 24/7 to protect our critical energy infrastructure from cyberattacks. Unfortunately, cyberattacks are not a new threat. AEP has developed an active information sharing relationship with the government and our peer companies to mitigate threats. We employ a wide range of measures to secure our systems. AEP is well prepared to defend against these attacks.”

Statement from Town of Bedford IT Director Jonathan Holmes:

“We have been and continue to work towards our systems being secure from intrusion. We have equipment in place that monitors for threats from outside systems and specifically prevents traffic from systems based in Russia. We provide our users and stakeholders with mandatory cyber security training in an effort to keep them aware of current threats. We receive notifications of known threats from cisa.gov the Cybersecurity and Infrastructure Security Agency and receive information from the Department of Energy on cyber security awareness. We work with our users one-on-one at times to analyze potential cyber security threats and would work when necessary with state or federal cyber security resources to investigate any threats observed.”

Statement from City of Lynchburg spokesperson Carrie Dungan:

“Although no one is completely immune from a cyber-attack, the City of Lynchburg’s Information Security Program leverages industry best practices and standards as our road map for implementing system security. In conjunction with this, our staff monitors and responds to alerts from bodies such as the Cybersecurity & Infrastructure Security Agency (CISA) and the Multi State Information Sharing and Analysis Center (MS-ISAC). We maintain and regularly test system backups and recovery strategies, along with updating malware detection software on a regular basis. Other technologies are also implemented as well, to further aid in our defenses, and are regularly reviewed to assess and respond to risks that impact our environment. Lastly, another key component in the City of Lynchburg’s defensive preparedness is our ongoing staff security awareness training program.”


About the Author:

Tim Harfmann joined the 10 News team in September 2020 and works at the station's Lynchburg bureau.