Recent visits to the Dakota County website from Moscow and Samara Oblast, Russia triggered an investigation from information technology staff — and some laughter from county commissioners.
"But no North Koreans?" commissioners joked after County Administrator Brandt Richardson recently told the board about the hits.
The idea of hackers across the world targeting the county's website may seem ridiculous, but county staff warned that cyberattacks are a growing threat and the agency needs more resources to combat them. To that end, Dakota County, and other Minnesota communities, are partnering with the state on the Statewide Security Monitoring Initiative to better protect local governments from online intruders.
"Some of these issues are real," Richardson said. "They seem so abstract, but they're real."
It doesn't matter how large or small an organization is, all are potential targets, IT Infrastructure Manager David Miland said.
He said he is not too worried about a Russian or North Korean hacker. His fear is automated malware bots, which do not discriminate by size of the agency, and could find a hole in the county's network.
Companies and local governments are looking for ways to detect security breaches because they are realizing the technology on the market is not impenetrable, he said.
But monitoring equipment is very expensive, so counties and cities are hoping to leverage their limited resources through the state project, Miland said.
"I think it's great that there's this partnership," Miland said. "Individually we couldn't do this, or do it very well."
The Minnesota Department of Public Safety's Homeland Security division is using federal grants to fund the intrusion detection equipment that MN.IT Services will install and configure.
David Senn, a website administrator for the Dakota County, spotted the hits from Russia on Dec. 26.
The traffic was on a site that the visitors should not have access to, so he decided to dig into it further.
He eventually found that no data was at risk. But it was a long, slow process to sift through vast amounts of information in various logs, Senn said.
The state's new intrusion detection center will keep an eye out for that kind of suspicious traffic and save county staff a lot of time, county employees said. After all, odd hits, like the ones from Russia, are not that unusual.
"In general, attempts to access our system are nothing new. In fact, they happen on a daily basis from people trying to get in from all over the world," Senn said.
Dakota County's firewalls log such traffic.
"But when we review that traffic we are sometimes unsure if what we are seeing should be concerning," Information Technology Director Dan Cater said. "We have nothing to compare our traffic to. Nor do we have any real expertise in the analysis of that traffic."
So when Cater found out about the state's new monitoring initiative last fall, he quickly asked to join. In addition to providing more intrusion detection equipment, the state has staff with more expertise who can review county logs and look for trends statewide, he said.
The county's partnership with the state is "still in start-up mode," Cater said.
The initiative is timely and important, Miland said. He hopes it moves out of the initial stages soon.
"We're very anxious to get strong security in place," he said.