If you weren’t one of the 1,400 or so people who attended CTC 2019 on Sept. 10-12 in New Orleans, you missed a lot of great information, but here’s a summary of a handful of some well-attended sessions.
We will have additional articles on the conference in the upcoming weeks.
Keynote: Online courts and the future of justice.
In 2017, Richard Susskind spoke to 2,000 neurosurgeons at a conference in Boston and told them, “People don’t want neurosurgeons. They want health.”
At CTC 2019 in New Orleans, Susskind, the keynote speaker, said much the same thing: “People don’t want courts. They want the outcomes the courts bring.”
Susskind, a professor, an author and the IT advisor to the top judge in England and Wales, said his focus is on how courts can do a better job of delivering services. “We need to decide if a court is a service or a place?”
He pointed out that eBay handles 60 million online disputes per year, using electronic mediation, and that courts can – and should – also handle many disputes the same way, using online dispute resolution. Allowing people to use their phones or computers to file cases and have them resolved without stepping foot in a court is cheaper and faster, he said, and it makes courts more accessible.
Susskind, whose next book is called Online Courts and the Future of Justice, said judicial systems can use existing technology to not only solve disputes but to help people avoid disputes or tell them their chances of success if they pursue a case.
“The 2020s is going to be the decade of change,” he said. “…We need to change our thinking so that by 2030, all cases are handled in an online court unless there are compelling reasons for them to be in a courtroom.”
How I almost lost my job… The importance of having a cybersecurity incident response plan.
“If you leave this session with one thing, let it be this: Don’t pay the ransom,” said Charles Byers, chief information officer for the Kentucky Courts of Justice. “Please don’t pay the ransom. When you pay, you’re funding the hackers.”
Ransomware hackers are being paid, unfortunately, and these attacks are becoming more and more common. For example, Byers said in North Carolina, there was one reported ransomware attack in 2017. In 2018, there were four. By September of this year, there were already seven.
He spoke about the need for every court system to have a cybersecurity incident response plan. Not having a plan led to a week of chaos for him and his employees.
It was a Monday morning, and he was drinking coffee in his office when he received an email that told him to click on a zip file to access a fax. He suspected the worst and told all employees not to open it, but several did. A ransomware attack was wreaking havoc. Kentucky didn’t have an incident response plan, and he wasn’t sure what to do, so he asked a friend in the private sector for advice. The friend told him, “You’re screwed.”
After the chaos was eliminated, Byers said he assumed that lightning would strike twice, so he and his team developed a plan, which focuses on detecting, analyzing, containing and eradicating an attack, and then getting things back to normal. To help implement the plan, Kentucky hired a security architect and firewall, software and anti-virus vendors, and created internal and external response teams. The internal team, made up of court employees, started conducting “tabletop exercises” to help them practice for the next incident. They skipped one exercise, and then, lo and behold, Kentucky was attacked again by a ransomware hacker, again on a Monday morning. Two hundred servers were affected. The plan was put into effect, and 48 hours later, all service was restored. “Our security architect had recently resigned,” Byers said, “but we had a plan. It was institutionalized.”
He urged everyone at the conference to have a plan and offered to share Kentucky’s with attendees. He also encouraged everyone to use multi-factor authentication, and he said everyone should invest $4 on a thumb drive and back up their essential files.
“I was going to say we dodged a bullet, but that’s not right,” Byers said. “We anticipated the bullet, and it came, but we survived it.”
Planning for disaster …and recovering quickly when it happens
What to do when a hurricane, tornado, wildfire or some other slap in the face from Mother Nature shuts down your courthouse?
Some court leaders want to do everything all at once, but they should focus on primary mission essential functions – those things that must be done within the first hours and days, said Jared Nishimoto, IT manager and emergency preparedness coordinator for Coconino County Courts in Arizona. Those things often include initial appearances, arraignments, bond-review hearings and payroll, yes, payroll.
One of the first things to figure out, Nishimoto said, is where to conduct court business, such as another courthouse, a library or a school. Court officials need to coordinate with other city or county departments to find out if it’s OK to set up shop at another public building.
Next, make sure the alternative courthouse is staffed with judges, clerks, and, if necessary, prosecutors, public defenders and other attorneys. Court officials who are responsible for emergency management should have an updated contact list, and they should know if they can take vital records, including a case management system, a document management system and digital recordings, to the alternative site.
Nishimoto said it’s important to cover this ground at CTC because when Mother Nature shuts down a courthouse, the first people court leaders turn to are IT people.
Gary Hagan, court technology officer with the 14th Judicial Circuit of Florida, knows this firsthand. Hurricane Michael plowed through the Florida Panhandle in 2018, and Hagan’s courthouse was unusable.
He offered this advice:
- Don’t underestimate an approaching hurricane, tornado or wildfire.
- Get to know your court neighbors in other jurisdictions. Hagan’s excellent relationships with his
- colleagues in nearby cities and counties paid off when they helped him set up vital server rooms.
- Don’t blow off vendors. A TMobile salesman who Hagan got to know prior to Michael’s arrival provided cell phones for court employees after it passed.
- Accept help from anyone who offers it.
- Make sure essential employees have work email on their phones so they can be contacted.
- Test your emergency response plan every six months.
Midnote: Cyber predictions for the 2020s
Daniel Lohrmann, chief security officer for Security Mentor Inc., said CTC probably wouldn’t have chosen a cybersecurity expert to give a speech in 2009, but it makes perfect sense to have one now.
Lohrmann said more large data breaches and cyberattacks are coming because hackers are ahead of those trying to stop them, and they will expose infrastructure vulnerabilities.
His predictions for the 2020s focused on artificial intelligence, household smart technology, 5G networks, and 3D printers.
Artificial intelligence will lead to positive advances related to drone technology, space exploration, traffic sensors, customer services and much more. But it will make it easier for hackers to conduct cyberattacks by allowing them to more easily impersonate victims.
Smart technology will be connected to more and more things in our homes, including security systems, thermostats and entertainment systems, to name just three. It will also lead to unauthorized surveillance.
5G, the fifth-generation cellular network technology, will dramatically increase the speed of the internet, but it will make it easier for hackers and other cybercriminals to do their work.
3D printing will be used more to manufacture prototypes and customize products, using lighter materials and reducing waste. However, bad actors will use it to manufacture weapons, counterfeit documents, and currency, and hack and reproduce facial recognition.
Managing insider threats
Sometimes the biggest challenges faced by IT people who work for the courts come from their co-workers, who unknowingly do stupid things that threaten the system. Like the employee who wrote the password for her computer on a sticky note that she posted on her monitor, said Robert Adelardi, chief information officer with the Eleventh Judicial Circuit of Florida.
“Stuff like this happens,” Adelardi said. “It’s a lot of low-tech stuff.”
He said he also sees a lot of phishing attempts. “All they need is one person to click on a link, and you’re fried. You’re in deep, deep, deep trouble.”
He said it’s important to do a lot of education -- training sessions for new employees, articles in employee newsletter articles, and cybersecurity committees that include non-IT employees.
His advice for fellow IT professionals is to challenge the status quo and ask a lot of questions, know your infrastructure, routinely visit court locations, and verify security configurations.
Endnote: Let the Good Times Roll – Final Thoughts
Utah Supreme Court Justice Deno Himonas and Jeffrey Tsunekawa, director of research and court services for the Texas Office of Court Administration, wrapped up the conference by summarizing it. They spoke about CTC’s many sessions on online dispute resolution, which allows people to use their phones and computers to resolve disputes.
“We need to stop asking the question about whether we’re going to have ODR in our states,” said Justice Himonas, whose state is a leader in this area. “You are going to have ODR. It’s coming. …In 1989, lawyers used to tell me to get rid of the monstrous computer on my desk. They weren’t using computers. Two years later, they were. That’s ODR. It’ coming.”
Himonas and Tsunekawa said artificial intelligence will impact the courts, but court officials need to define it the same way so they’re on the same page.
They said cyberattacks will become more and more common. “Hackers are becoming smarter and trickier,” Tsunekawa said.
Courts find it difficult to hire and retain IT people because they make so much more money working in the private sector. Himonas said courts must narrow the pay gap. Many people in the audience applauded that comment.
This article was originally posted by my colleagues here at the NCSC at: https://www.ncsc.org/Newsroom/CTC-2019.aspx
No comments:
Post a Comment