Native American Tribes Defend Their Very Heritage Against Ransomware

With Native tribes responsible for services such as healthcare and utilities for members, they cannot afford downtime from a ransomware attack, says Mike Day, chairperson of Tribal-ISAC, an organization focused on protecting tribes.

“You have to figure out how to restore quickly when you’re talking about healthcare, payroll and the critical infrastructure such as water and electricity that some tribes provide,” says Day, who is also the founder and executive officer of TribalHub. “There’s very little time for downtime.”

Complying with the Government’s 3-2-1 Backup Policy

For CPN, Abel sought a simple tool that was faster to restore than other systems that can take hours to “rehydrate” the data, which entails finding the data, opening it and sifting through the system to read or find the files to restore. Cohesity and its indexing system met this need as the tribe looked for particular files to restore.

A tiered storage system enables CPN to replicate data and maintain the backup necessary to bolster resilience. It has two data centers connected onsite, and each incorporates HPE Apollo servers running Cohesity. The tribe strengthened security and business continuity by maintaining two copies of data, one onsite with Cohesity DataProtect and the other on Amazon Web Services with Cohesity FortKnox.

The setup conforms with the federal government’s 3-2-1 backup policy, which calls for three copies of important files stored on two types of media and one copy stored offsite, Abel says.

“We target one, and then it replicates to our other data center,” Abel says. “At that point, while the data is replicating from one to the other, it also replicates to FortKnox and AWS, which is that third-tier, air-gapped portion.”

Rebuilding Trust After a Cyber Breach Is a Major Hurdle

On Dec. 7, 2019, the Eastern Band of Cherokee Indians in Cherokee, N.C., suffered a cyberattack in which hackers left a text file on victims’ computers demanding a ransom payment. The attack temporarily shut down operations, says Kevin Jackson, director of EBCI’s Office of Information Technology.

The tribe’s cyber insurance carrier shelled out several hundred thousand dollars to Russian cybercriminals to decrypt the data. The incident is thought to have resulted in the loss of years of audio and video of tribal members speaking the Cherokee language.

“Had the IT department not been able to recover this data, the loss would have severely impacted language preservation efforts, especially with only 149 fluent speakers remaining,” Jackson says.

The EBCI wanted to assure employees and members that it would continue providing services to the community and protect the cultural value of their language as well as other data.

“Rebuilding trust with our members and employees, reassuring them that we are safeguarding their assets — that was our biggest hurdle,” Jackson says.

Since the attack, the EBCI has secured its IT system with Microsoft Sentinel, a cloud-native security information and event management solution that simplifies security operations with intelligent analytics and offers full visibility into the environment. Sentinel provides a content hub for live threat detection, incident response and proactive threat hunting.

RELATED: Securing agencies’ cloud migration paths requires data-level security.

“Sentinel enabled us to detect, investigate and respond to threats across our organization’s network with greater efficiency,” Jackson says.

With a move to the cloud in Azure, the EBCI has gained an overview of its entire security posture.

“Unlike the manual processes required with on-premises solutions, using Software as a Service enables us to respond much faster,” Jackson says.

SCATGE Focuses On Building Resilience

When a cyberattack caused a widespread outage in Las Vegas that cost MGM Resorts $100 million and shut down services for 10 days in September 2023, it was a wake-up call for the gaming community, says Sam Peralta, regional IT director for the San Carlos Apache Tribal Gaming Enterprise.

For SCATGE, which owns and operates the Apache Gold Casino Resort and the Apache Sky Casino in southern Arizona, staying cyber resilient means keeping the casinos open and the customers happy.

“They’re purchasing an experience from us, entertainment, and we can’t really close our doors,” Peralta says. “We have to keep them entertained.”

A key goal is protecting customer data, including credit card information and driver’s license details. It also safeguards employee information, including tribal ID and Social Security numbers.

“That’s protected behind our firewalls, and we have it readily available to us through Zerto with the disaster recovery solution,” Peralta says. “If one site were to go down, we would still have access to it.”

SCATGE turned to Zerto to cross-replicate between Apache Gold and the Apache Sky Casino. Data is transmitted between the two locations via dark fiber rather than a direct internet connection. Zerto allows SCATGE to use 15-second recovery point objectives, which enable the tribe to be up and running within 60 seconds.

EXPLORE: Agencies employ crucial cloud data backup and recovery best practices.

Because of a sovereign immunity policy, SCATGE uses on-premises infrastructure and no cloud storage.

“We have to be able to feel and see the hardware where our data is going and trust that it’s secure, and that’s just how we are operating right now,” Peralta says. “Eventually, we might start putting some items in the cloud, but we’re just not there yet.”