Cyber attacks are on the rise, and counties are working to prepare for them
A recent cyber attack in St. Paul has highlighted the need for counties and municipalities to protect their data and digital security. Though that particular incident was a ransomware attack, Cook County Management Information Systems (MIS) Director Rowan Watkins told WTIP that cyber attacks can take a wide range of forms and are becoming increasingly sophisticated.
“It’s big business,” Watkins said about cyber attacks. “I think ransomware is something like a $20 billion a year industry. It’s criminal, big business, but it’s also, there’s also political elements to it, increasingly.” He added that increasingly, even small counties and cities are seeing attacks carried out by foreign national governments. In a ransomware attack, the victim’s data is accessed and then encrypted, and only released if the target pays the attacker a ransom.
Not all cyber attacks are monetarily motivated. Watkins explained that in a “denial of service,” emergency services like 9-1-1 lines are flooded with calls, overloading a system and shutting it down. Watkins said denials of service aim to cause disruption, rather than extort money from their target.
Attacks like the one in St. Paul caused major interruptions in online services for residents, and Watkins said the most important thing municipalities can do is prevent an attack. This means keeping staff trained on common attack methods, and building in technological safeguards against hacking and malware. When an attack has happened, however, having a response plan is important.
Cook County recently had to employ their response policy to contain a cyber attack. Watkins said this sophisticated attack took control of a county employee’s email address through a link sent by a known, legitimate email from a partner organization. Because this type of attack uses real email addresses, it makes the recipients of phishing emails from those accounts more likely to trust any links they have been sent. Watkins said this creates a “dominoes effect.”
Because municipalities are likely to have connections with other cities, counties, or even states, Watkins said that any breaches in data protection means having to coordinate and communicate closely with other agencies. He said the state agencies work to support counties’ efforts to improve their own security, but also to coordinate efforts to manage an incident.
The work of securing the county’s data is a constant effort to stay ahead of bad actors. Watkins said that the dark web and easy access to AI technology has lowered what he called the “technical threshold” for those looking to commit cyber crimes. What previously required much more specialized knowledge can now be accessed and executed much more easily.
The increased access coupled with how quickly technology changes keeps the MIS department on their toes. “That’s a constant, constant battle,” Watkins said. “It’s sort of a kind of a weird arms race that’s always going on, where different companies are leveraging everything they can to either, you know, make things safer, or these people that are in the business of selling things like this, are making nastier and nastier things that they can sell that are more effective.”
Despite the increased difficulties in staying ahead of cyber criminals, Watkins said the structures around emergency response in the state remain reliable and secure. He said the diffused nature of the different organizations, like the 9-1-1 system, the ARMER system for emergency radio communication, and the integrated public alert warning system, means that an attacker would be unlikely to be able to target all of them at once. Watkins added, “There’s a lot of state and federal resources being put towards protecting those critical public safety systems as well.”
MIS Director Rowan Watkins spoke to WTIP’s Kirsten Wisniewski about cyber security issues in Cook County and across the state. Audio of that interview is below.
Kirsten Wisniewski August 18, 2025
