Nov 05, 2023

‘It’s not ideal’: Kan. lawmakers on incident that took down online court access

Posted Nov 05, 2023 2:00 PM
= IT security officers have previously warned state agencies to tighten cybersecurity measures. (Sherman Smith/Kansas Reflector)
= IT security officers have previously warned state agencies to tighten cybersecurity measures. (Sherman Smith/Kansas Reflector)

By RACHEL MIPRO 
Kansas Reflector

TOPEKA — A dragon spitting fire at the Kansas Statehouse, depicted in a Vincent Van Gogh style, illuminated the possibilities of Artificial Intelligence to lawmakers during a Wednesday meeting.

An overview of AI creative designs provided some levity before legislators turned to discussion of the state’s changing internet landscape — one that IT officials have repeatedly warned needs to be better secured.

“I’d like to improve our ability to respond and recover from cyber incidents, including testing, tracking and training for known unlikely eventualities,” said Michael Murphy, security engineer with the Kansas Legislative Office of Information Technology.

Murphy said he and other legislative IT staff would look into system security upgrades and improvements before the upcoming legislative session.

“The first priority right now is security awareness training,” Murphy said. “Like I said, the biggest point of failure is going to be the people. So we need to make sure everybody’s trained up on how to do things properly.”

The renewed discussion on internet security comes after a “security incident” that shut down online operations for most of the state’s courts. Kansas’ judicial branch publicly announced the issue on Oct. 12, later indicating that clerks in 104 counties were unable to receive online filings. The Johnson County District Court, which operates its own e-filing and case management system separately from the state, is the only state district court not affected.

While courts are still operating, all filings have to be submitted in paper. The investigation into the incident is ongoing, with little information publicly released.

“We also have to figure out how to stop these bad actors from doing things that screw everything up, like they’ve done in judiciary,” said committee lawmaker Rep. Barb Wasinger, R-Hays, before lawmakers withdrew to speak privately about judiciary IT security during an executive session.

Though last year’s risk assessment of the state’s court system has been earmarked as confidential, previous audits of several state agencies have shown several weaknesses. A cybersecurity investigation by accounting firm FORVIS into the Department of Labor’s IT system found data breaches that led to record-high identity theft and unemployment insurance fraud during the COVID-19 pandemic.

During the closed-door meeting, lawmakers talked with Marisa Bayless, special counsel to the supreme court chief justice, along with IT personnel.

“We know that this is a difficult process,” Bayless said after the closed session. “It’s not ideal. And we are going to continue examining our systems, understanding what happened, how it happened, and how we can bring the system back online in a very safe environment.”

Bayless said the return to online operations would be done in phases, and the court systems would look at providing services through public portals and clerk stations in the meantime.