Citizen Portal
Sign In

Cowlitz County authorizes up to $150,000 for cybersecurity incident response after spike in suspicious traffic

3168383 · May 1, 2025

Get AI-powered insights, summaries, and transcripts

Sign Up Free
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

County IT reported a recent surge of suspicious outbound network traffic; commissioners met in executive session and approved authorizing the IT director to contract with CrowdStrike up to $150,000 to investigate and contain the threat.

COWLITZ COUNTY — Cowlitz County’s IT director told commissioners that the county has seen a recent, rapid increase in suspicious outbound network activity and recommended hiring a specialist incident‑response vendor to investigate and contain the threat.

Travis Huschini, Cowlitz County IT director, told the board that monitoring devices and state sensors began logging irregular events about two months ago and “last Friday we saw a dramatic spike. And then there were tens of thousands of these reported network flows to the internet.” Huschini said many of the destination addresses have “known bad reputations” and that the traffic originated from dozens to possibly hundreds of internal hosts.

The scale and pattern of the traffic led the county to increase monitoring and endpoint protection and to consult the Multi‑State Information Sharing and Analysis Center (MS‑ISAC). Huschini said MS‑ISAC “discontinued alerting because it was so excessive” and that the county has engaged the Center for Internet Security for additional analysis.

Jason Lorene of the prosecutor’s office advised the board that the county had followed the risk pool’s vendor evaluation and that the IT director had reviewed recommended vendors. He said the prosecutor’s office would record the IT director’s justification for selecting a specific vendor before the board approved any contract.

After convening briefly in executive session to discuss contract negotiations, a commissioner moved that the IT director be authorized to work with CrowdStrike “up to a hundred and fifty thousand dollars to resolve this issue.” The board voted in favor of the motion.

Huschini told the board that while the county has taken steps to contain the activity, it is not yet possible to confirm whether data has been exfiltrated or the ultimate motive of the actors. He said the county lacks the internal forensic capacity to fully trace the foothold and recommended an incident‑response engagement to perform network and endpoint forensics.

The county’s immediate steps, Huschini said, included expanding monitoring, installing endpoint protection where gaps existed, and consulting outside firms. He presented three vendor options: CrowdStrike (a higher‑cost, industry‑leading provider), Arctic Wolf (lower cost but with more limited coverage), and Veloxiti (a mid‑range option the IT director has used previously). The board approved the CrowdStrike authorization so the county could move quickly rather than wait for a longer request‑for‑proposal process.

Commissioners asked the IT director to provide ongoing updates as the response progresses and to coordinate with the prosecutor’s office on contracting and any legal questions.

Ending: The board authorized the emergency procurement; commissioners did not disclose further operational details at the meeting. The IT director encouraged commissioners to request updates as needed and said the county would continue coordination with state partners and incident‑response experts.