SALT LAKE CITY — Governor Spencer Cox announced the formation of a cybersecurity task force between government and private industry to protect infrastructure.
"Cybersecurity is this century’s version of warfare, unfortunately," Gov. Cox told FOX 13 on Thursday. "And we’re seeing more and more attacks on critical infrastructure."
The task force includes infrastructure companies like Rocky Mountain Power, Chevron, Sinclair Oil, the Utah Hospital Association, Salt Lake County and the Central Utah Water Conservancy District. More members will be added soon to focus on cybersecurity and ways to prevent hacking attacks.
"We are all vulnerable. So we are going to get the best experts in the state together, working with the private sector and making sure they’re implementing safeguards and the state protecting citizen data as well," Gov. Cox said.
Lawmakers on Capitol Hill are proposing a number of cybersecurity bills, including another task force. The Utah Division of Technology Services has reported more than a billion attempts to penetrate government computer systems daily.
Information provided to FOX 13 by Utah's Department of Public Safety shows that ransomware attacks, where data is stolen and held hostage for a fee, are also increasing. The Statewide Information and Analysis Center said that since 2019, there have been 72 ransomware attacks of government or private business systems disclosed to state and federal authorities — 21 within the last year alone. The payout? About $1.5 million total of those who disclosed it.
Such attacks can cripple real-world infrastructure and shut down government operations or private businesses.
High-profile ransomware attacks include a 2019 breach of Garfield County's systems, the University of Utah's College of Behavioral Sciences in 2020, and the JBS meatpacking plant earlier this year.
"Ransomware’s become a double threat now. Instead of simply encrypting the data, they’re now stealing the data as well as encrypting it," said Sgt. Jeff Plank with the Utah Department of Public Safety. "So if you have a backup and you refuse to pay the ransom? Then they simply will threaten you and disclose personal information, sensitive information, that could harm your business or reputation."
Sgt. Plank said it can be avoided with more of a focus on cybersecurity. Companies and governments need to be more aware of information technology needs, and employees need more training to avoid phishing scams.
"Think about the passwords you use, don’t share them across multiple platforms," he said. "Enable two-factor authentication if you can. I would always use that on any type of financial health and email systems, and patching — make sure you update your phone, computer programs."