Impact of Cyber Attacks on American Tribes: A Growing Threat
Tribal casinos are under attack |
American tribes are grappling with the long-term consequences of cyber-attacks as their governments, casinos, and healthcare facilities continue to be high-priority targets for cybercriminals. A warning issued by the FBI’s Cyber Division on November 3, 2021, highlighted the significant risks these attacks pose to critical infrastructure on tribal lands, with millions of dollars in potential costs and damages at stake.
This warning came as tribal leaders and IT professionals gathered at the TribalNet Conference & Tradeshow in suburban Dallas, where cybersecurity was a major focus. Even though the alert was issued over two years ago, the urgency of the threat remains, with cybersecurity continuing to be a critical concern for tribal entities. The 2021 conference featured multiple sessions dedicated to the topic, emphasizing the need for ongoing vigilance.
According to the FBI's 2021 alert, ransomware attacks had already caused significant financial damage to tribal entities, disrupting operations and leading to the theft of sensitive data. Tribal governments, healthcare providers, emergency services, schools, and casinos were all identified as targets. These attacks have had a profound impact, not just financially, but also in terms of operational disruptions that can weaken the resilience of tribal infrastructure.
The escalation in cyber-attacks on tribal entities has been alarming. The National Indian Gaming Commission (NIGC) reported that cyber-attacks surged by 1,000% between 2019 and 2021. While only one attack was recorded in 2019, the number jumped to 12 in just 18 months during 2020 and 2021.
The impact of these attacks was vividly illustrated in June 2021 when six tribal casinos in Oklahoma were forced to close temporarily due to ransomware demands. The situation worsened in August when the Ho-Chunk Nation's casino in Wisconsin Dells was shut down for four days after a cyber-attack. Similarly, the Tesuque Casino in New Mexico experienced a three-day closure in September 2021 due to a cyber incident. These closures not only disrupted casino operations but also posed significant financial risks to the tribes involved.
Ransomware attacks typically involve hackers infiltrating and disabling casino systems, then demanding ransom payments to restore operations. The threat is not limited to casinos; tribal medical facilities have also been targeted, posing a grave danger to patient care and safety.
Mike Day, CEO of TribalHub, acknowledged the ongoing threat level, noting that ransomware had become a particularly pressing issue. As a key figure at the 2021 TribalNet conference and a member of the newly formed Tribal Information Sharing and Analysis Center (Tribal-ISAC), Day stressed the importance of tribal collaboration in combating these threats. Tribal-ISAC serves as a platform for sharing cyber-threat advisories and enhancing cybersecurity measures across tribal communities.
Day also pointed out that the rising cyber threats are not confined to tribal governments, casinos, and healthcare systems. Much of the nation’s critical infrastructure is located on tribal lands, adding to concerns about the broader implications of these cyber-attacks.
Since 2019, at least nine different ransomware groups have been identified as targeting tribes and tribal enterprises. More than 12 tribes, along with a major casino equipment supplier, have fallen victim to these attacks. However, Day suggested that the true scale of the problem is likely much larger, as many incidents go unreported.
The FBI’s 2021 alert marked the first public acknowledgment of the significant financial toll these ransomware attacks have taken on tribal operations. However, tribes have largely remained silent on how they have dealt with these attacks. While NIGC officials have indicated that ransom demands have ranged from several hundred thousand dollars to over $1 million, the exact amounts paid remain undisclosed. Furthermore, tribes are not required to report cyber-attacks to the NIGC, leaving the full extent of the issue unclear.
Day also highlighted the conflicting approaches to dealing with ransomware. While the federal government’s stance is to never pay a ransom, insurance companies often advocate for payment to quickly resolve incidents. This conflict creates a dilemma for tribes, as paying the ransom could inadvertently fund future attacks.
John Iannarelli, a keynote speaker at the 2021 TribalNet Conference and former FBI cyber expert, reinforced that tribal casinos and governments are increasingly seen as vulnerable targets by cybercriminals. He warned that it’s not a matter of if, but when tribes will be hit by cyber-attacks.
Iannarelli noted that larger commercial casinos, such as those in Las Vegas, often have dedicated teams focusing solely on cybersecurity and physical security. However, many tribal casinos do not have the same resources, making them more susceptible to attacks. The challenge of finding qualified cybersecurity professionals only exacerbates the problem, as the entire business sector in the U.S. faces a shortage of cyber talent.
He also emphasized the importance of employee training in preventing cyber incidents. Many attacks originate from simple mistakes, such as clicking on suspicious links in personal emails while at work. Even working from home on tribal websites can expose vulnerabilities if proper security measures are not in place.
As the threat of cyber-attacks on tribal lands continues to grow, the need for vigilance, collaboration, and proactive cybersecurity measures remains as critical today as it was when the FBI issued its 2021 warning. Tribal leaders, IT professionals, and federal agencies must work together to protect critical infrastructure and ensure the long-term resilience of tribal communities against these escalating threats. The lasting impact of these attacks could be profound, affecting not just the financial stability of tribes, but also their ability to provide essential services and maintain their cultural and social fabric.
No comments:
Post a Comment