Securing Courts Against Cyber Threats 

The past few years have made one thing clear: America’s courts are under siege in cyberspace. In 2020, as part of the SolarWinds supply chain attack, hackers infiltrated the federal judiciary’s Case Management/Electronic Case Files (CM/ECF) system, raising alarms that even sealed court filings—including indictments and privileged information—may have been exposed.1 The breach was so severe that several districts were ordered to stop filing sensitive documents electronically, reverting to manual processes to protect them.

The problem did not end there. Investigations revealed that the intrusions persisted for years, giving attackers repeated access to some of the judiciary’s most sensitive records.2 Fast forward to 2025, and headlines once again warned that federal court systems, including PACER and CM/ECF, had been compromised in a sweeping hack believed to have exposed sealed cases, grand jury materials, and national security filings.3

But it isn’t just the federal judiciary that’s at risk. In 2024, Los Angeles County’s court system was crippled by a ransomware attack, disrupting operations statewide and prompting widespread reassessment of cybersecurity across county courts.4 More recently, in April 2025, DuPage County in Illinois was struck by a ransomware attack affecting the sheriff’s office, circuit clerk’s office, and courthouse—all computer systems were taken offline amid an active FBI and U.S. Secret Service investigation.5

This matters because courts—whether federal, state, or local—manage a vast and varied range of sensitive data: criminal histories, sealed filings, juvenile records, witness and informant identities, financial disclosures, and more.

Court systems are high-value targets for attackers. The consequences of delays, data exposure, or operational disruption are far from inconvenience—they strike at the heart of the judicial system’s integrity and public trust.

The Unique Cybersecurity Challenges Courts Face

Courts operate in an environment that presents a very different set of cybersecurity hurdles than many other organizations. Their mission demands accessibility, transparency, and continuity of service—but their systems and resources are often not built for today’s threat landscape. A few challenges stand out:

• Legacy systems and applications – Many courts still rely on decades-old case management software, green-screen applications, or custom-built systems that cannot easily be modernized. These tools were never designed with advanced authentication or modern security standards in mind, yet they remain mission critical.
• Shared infrastructure with limited control – Shared infrastructure with limited control - Courts often ride on city or county IT infrastructure, meaning they may have little influence over the underlying systems, patching cadence, or overall security posture. This can create blind spots in monitoring and leave them dependent on decisions made outside the judiciary.
• Poor cyber hygiene – Even when policies exist, consistent practices such as vulnerability scanning, penetration testing, patch management, and incident response planning are difficult to sustain. Limited budgets and staffing constraints mean monitoring and enforcement may be minimal, leaving exploitable weaknesses.
• Difficulty implementing multi-factor authentication – Courts face unique workforce challenges. Union agreements or workplace rules frequently prohibit using personal phones for MFA. Staff are often dispersed, with remote judges and clerks needing the same level of protection as in-office staff, yet the traditional MFA playbook doesn’t fit.
• Resource constraints – Many courts, especially at the state and local level, have limited IT staff. Cybersecurity is often a part-time responsibility for a few administrators already stretched with networking, hardware, and user support. This lack of specialization makes it difficult to implement advanced defenses — and even harder to manage the patchwork of disparate systems required to deliver them.

Together, these challenges paint a picture of judicial systems that are simultaneously high-value targets and under-resourced defenders. Simply adding new security tools on top of fragile infrastructure is rarely successful.

Courts need approaches that account for their realities—solutions that strengthen security without demanding massive system overhauls or unsustainable processes.

The Compliance Imperative

Courts don’t have the luxury of treating cybersecurity as optional. Under the FBI’s Criminal Justice Information Services (CJIS) Security Policy, courts are explicitly defined as Criminal Justice Agencies (CJAs) and are bound by its standards—requiring strict controls on authentication, access, and auditing.6

In addition to CJIS, courts may be expected or required to align with other industry-standard cybersecurity frameworks such as the Center for Internet Security (CIS) Controls, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), or others.

These frameworks stress key protections—phishing resistant multi-factor authentication, least-privilege access, continuous monitoring, and centralized auditability.

For courts, meeting these requirements isn’t just about compliance—it’s essential for safeguarding the integrity of criminal justice information.

Why Phishing Remains the Weakest Link

Attackers don’t need to breach a firewall when they can simply trick a user. Phishing remains the single most common starting point for cyberattacks, accounting for over 90 percent of initial intrusions.7 Courts, which depend heavily on email to manage filings, schedule hearings, and communicate across agencies, are especially exposed.

Phishing is dangerous not only because of its prevalence, but also because it opens the door to a wide range of follow-on attacks. A single successful phishing email can lead to Business Email Compromise (BEC), where adversaries impersonate trusted court officials to redirect payments or manipulate legal communications. Attackers also use typosquatting domains—websites that mimic official court portals with slightly altered URLs—to trick users into entering credentials. Once usernames and passwords are harvested, they can be reused across multiple systems, since password reuse is still a common practice. This makes traditional authentication models, where users both know and manage their own passwords, a significant liability.

Multifactor authentication (MFA) is often presented as the answer, but in practice, it isn’t as simple as sending a text message or asking users to approve a prompt on their phones. Courts face challenges that make conventional MFA difficult to implement. Sensitive work areas may prohibit the use of personal devices. Staff may resist being required to use their own phones for work, and labor unions frequently push back on such mandates. Even where phones are allowed, traditional MFA doesn’t verify a user’s physical proximity to their computer, leaving open the possibility of MFA-based attacks such as “push fatigue,” where adversaries bombard users with prompts until one is mistakenly approved. And nearly all MFA still requires a password, which can be stolen or phished before the second factor is ever applied.

This is where courts need to start thinking differently about authentication. Security should not depend on a password the user knows, or on whether they are willing to hand over their personal phone. Authentication should be persistent, tied to the individual and their authorized workstation, and resistant to phishing by design.

How Proximia Helps Courts

Proximia was built with these challenges in mind. Instead of treating authentication as a one-time checkpoint, Proximia delivers continuous authentication—constantly validating proximity and trust throughout the session. A user authenticates with a biometric that has already been validated. Upon authentication with the device, Proximia performs a proximity-based multifactor check to confirm that the authorized user is physically present and continues monitoring throughout the session.

Because users never actually know their OS and desktop level passwords, phishing becomes far less effective. There is nothing for attackers to steal, reuse, or trick someone into revealing. Credentials for local legacy apps and approved web apps are stored in a secure password manager for seamless, protected access through a simple desktop client. This not only eliminates one of the most common attack vectors, it also reduces the time and resources courts spend on password resets—an especially significant challenge for IT teams that are already stretched thin.

Proximia also addresses the challenges that make traditional MFA difficult for courts. While the option to use a phone for biometrics is available, it isn’t the only path. Users can also biometrically authenticate using existing integrated cameras, or external cameras. This removes the dependency on personal devices, avoiding the introduction of phones into sensitive work areas, and sidestepping potential conflicts with labor agreements. By providing multiple authentication pathways, Proximia delivers strong, phishing-resistant security in a way that fits naturally into court operations.

Just as importantly, Proximia is designed to work with the reality of court infrastructure. Whether it’s legacy case management systems, remote desktop protocol (RDP) or virtual sessions, or domain logins, Proximia integrates into existing environments without requiring costly rip-and-replace modernization. That makes it possible for courts to move toward Zero Trust security and align with CJIS, NIST, and CIS frameworks while respecting the constraints of their workforce and technology stack.

Building a More Secure Judicial System

Cybersecurity in the courts is about more than protecting systems—it is about safeguarding the integrity of the judicial process itself. A delayed trial, an exposed witness identity, or a leaked sealed filing can have consequences that reach far beyond IT, striking at the heart of public trust in the justice system.

By moving beyond passwords, rethinking how multifactor authentication is implemented, and enforcing continuous, presence-based security, courts can meet compliance requirements such as CJIS, NIST, and CIS while also making daily operations easier for judges, clerks, and staff.

The threats facing courts will continue to grow more sophisticated, but the opportunity to get ahead of them is here. With solutions like Proximia, courts can protect sensitive information, reduce their exposure to phishing, and build resilience against the kinds of attacks that have already disrupted judicial systems at multiple levels. Most importantly, they can preserve the credibility, accessibility, and trust that justice depends on.

References:

1. https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach
2. https://securityandtechnology.org/blog/what-to-make-of-the-us-federal-court-breaches
3. https://databreach.com/news/19-massive-pacer-court-records-hack-exposes-sealed-cases-informants-and-national-security-secrets
4. https://www.lacourt.org/newsmedia/uploads/142024729163959NR07-29-2024-COURTSYSTEMSRETURNTOFULLFUNCTIONALITY%281%29.pdf
5. https://www.govtech.com/security/dupage-county-ill-cyber-attack-shutters-justice-systems
6. https://le.fbi.gov/file-repository/cjis_security_policy_v6-0_20241227.pdf 
7. https://www.cisa.gov/shields-guidance-families

Frequently Asked Questions