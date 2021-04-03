Although government of Guam servers weren’t taken offline until about a week after news broke of a cyberattack based in China, countermeasures to find any trace of malware or viruses were used as soon as they were available, according to Chief Technology Officer Frank Lujan.

“We get advisories every day, and when we go through the advisories we have to filter out how is it relevant, and the different actions that they’re asking us to take,” Lujan told The Guam Daily Post, explaining the local government’s risk mitigation process that handles security threat warnings. “We made the internal decision to take the servers down once we determined that this thing was rapidly traveling everywhere. The initial alerts were, in some way, kind of casual, saying, ‘You have this vulnerability, but we don’t see anything in the wild.’”

Initial announcements from Microsoft about attacks on certain versions of the Microsoft Exchange Server and needed security patches were made on its website on March 4, five days before 15 of GovGuam's internet domains and email servers throughout GovGuam were shut down as precautions while fixes were being installed.

But beginning March 5, the local Office of Technology started a top-to-bottom assessment to find “indicators of compromise,” using tools provided by federal cybersecurity agency partners – the same day they were released, Lujan said. To date, there’s been no evidence found that the Chinese state-sponsored attack reached Guam servers, and that lack of such indicators was a main factor in how long local government servers stayed online, he said.

“The scripts were being run even though we didn’t have the patch,” Lujan said, explaining that the security fix from Microsoft wasn’t available until mid-March. “And we still didn’t have any compromises that were detected. When the count (of confirmed cyberattacks) doubled, that’s when I made the decision to take our system offline. I just didn’t want to take that chance.”

Lujan credits using professional enterprise software for the effectiveness in handling the security threat. Trying to build proprietary software unique to GovGuam presents challenges for the small Office of Technology, which lists only four employees on its website, including Lujan.

“That’s a situation that I would never want to be in, where we’re doing our own homegrown patch. There’s just too many people out there thinking of different ways to exploit vulnerabilities, and that’s not something we dedicate our time here within the office, to find out different ways people are trying to attack us,” he said. “We’re thankful we have all these other partners that can help us through this. So far, I think, for the most part, we’ve been pretty lucky.”