In North Carolina, the May attacks over the transgender bathroom law were a bust because the state's main websites continued to operate normally during and after the attacks, said Katie Diefes, a state Department of Information Technology spokeswoman. The only websites affected were some older ones that simply redirected users to the main ones.
Hacktivists were more successful when they sounded off against the fatal police shooting of Michael Brown, an unarmed black teenager, Aug. 9, 2014, in Ferguson, Mo., which prompted protests and riots.
Within a week of Brown's death, Anonymous began its assault, using denial of service tactics and doxing high-level state, local and law enforcement officials, said Michael Roling, the state's chief information security officer. The group targeted the state's main website as well as those of the revenue and public safety departments.
While IT staff was quick to launch its defenses and help blunt the attacks, Roling said state websites suffered brief outages in August 2014 and again three months later, after a grand jury decided not to indict the officer who shot Brown. "Fortunately, we were able to get controls in place before they had the opportunity to do damage or affect the delivery of state services," he said.
But Roling noted that his team worked for weeks defending the state's computer network against hacktivists. And it came at a cost: at least $150,000 for services to protect the network.
"We have the resources but we've seen some local governments across the country that don't have the funding or have no way of quickly procuring services to fight these attacks, and their services are knocked offline," Roling said.
Cybersecurity experts warn that state and local governments need to prepare to fight all sorts of online attacks, including those by cyber activists. Calkin said his group recommends that if government computer systems aren't equipped to handle hacktivist attacks, officials should work with their internet providers to install programs that help block illegitimate web traffic.
Or they can turn to global cybersecurity companies that offer services to combat massive assaults and scrub out "bad" traffic headed toward websites while keeping "good" traffic.
That's what Minnesota did, said Christopher Buse, the state's chief information security officer. "We're seeing more of these attacks than ever," he said. "They're bigger and they're becoming more complex and more costly to defend."
NASCIO's Robinson agrees states should step up their game and make sure they have the tools to thwart hacktivist assaults. But he admits it's hard to fight a threat that can come from anywhere at any time and for any reason.
Robinson also worries that as hacktivism gets more sophisticated, the consequences could become more serious. Instead of potentially affecting citizen services such as revenue collection or driver's license renewals for a brief period, he said hacktivists could do far greater damage by knocking out the electric grid, water systems or other utilities.
"We are all vulnerable, and hacktivism is going to continue as long as we have these crises or events where political activists want to make a statement, whether it's a police shooting or a city's decision to remove camps for the homeless."
Visit Stateline.org at www.stateline.org
Distributed by Tribune Content Agency, LLC.