Remember last summer? State offices shut down. The DMV went dark. Social services stalled. Paychecks were in jeopardy. That wasn’t a drill. That was Nevada getting hit by a full-scale ransomware attack — and it lasted 28 days.
Now the state has a new top cybersecurity official. His name is Bert Carroll. And if you care about keeping government lean, accountable, and out of your personal business, you should know who he is and what he’s trying to do.
What Happened in 2025
In August 2025, Nevada state government systems suddenly went offline. What started as a routine-looking outage turned out to be a ransomware attack hitting more than 60 state agencies — including the DMV, social services, law enforcement, and state payroll.
The attack began back in May, when a state employee accidentally downloaded a malware-laced tool from a fake website. The attacker used a technique called SEO poisoning — basically rigging search results — to make the malicious link look legitimate.
The hackers sat quietly inside Nevada’s systems for three months before pulling the trigger.
When the attack hit, Governor Lombardo refused to pay the ransom. Instead, his administration used backup systems and private-sector partnerships to recover.
Full recovery took 28 days. The state’s $7 million cybersecurity insurance policy covered the costs.
That’s the good news. Nevada didn’t cave. But the breach still happened. And it exposed how vulnerable government systems — and your data — really are.
Meet the New CISO
Bert Carroll was named Nevada’s Chief Information Security Officer in March 2026. He came to the job, in part, because of how the state handled the breach — specifically, the transparency of their after-action report.
In his own words:
“So many times something’s gonna go wrong. Bad things will happen to good people. However, when we’re transparent about it, we can not only take that guidance ourselves, we can help others as well.”
That’s a refreshing attitude for a government official. He’s not spinning the story. He’s acknowledging it and learning from it.
Carroll brings 27 years of military experience. He believes in situational leadership — delegate when things are calm, get directive when things get hot. That’s the kind of clear-headed management style that’s too often missing in government bureaucracies.
Why Conservatives Should Pay Attention
Here’s the thing. Every time government data gets hacked, it’s your data.
Big government means big targets. The more data the state collects and centralizes, the more there is to steal. That’s not a left-right argument. It’s just math.
Cybersecurity experts note that CISA has warned ransomware groups are increasingly targeting state and local governments, recognizing their resource constraints and the high value of their data.
Limited government isn’t just about spending. It’s about protecting citizens from abuse — and that includes protecting them from criminals who exploit bloated, poorly secured digital systems.
When government is small and efficient, it’s also easier to defend.
The Plan Going Forward
Carroll has a clear priority list. His most immediate task is doubling Nevada’s cybersecurity staff from about eight to sixteen people. He wants the right people in the right seats.
And he keeps coming back to one phrase: “be brilliant at the basics.”
That means strong fundamentals before chasing fancy new technology. It means knowing your vulnerabilities before throwing money at tools that won’t help if the foundation is rotten.
Some critics will argue the state needs more spending, more staff, more federal involvement. And some of that may be fair. But Carroll isn’t asking for a blank check. He’s asking for a plan.
Analysts who studied the 2025 breach noted that Nevada’s response succeeded because of disciplined execution — clear planning, prepared playbooks, and knowing who was already lined up to help.
That’s smart government.
What You Can Do
Pay attention to how your legislators vote on cybersecurity funding. Push for transparency — Nevada’s after-action report was a model for the nation. The state released a full public account of what happened instead of hiding behind generic breach language. That kind of accountability should be demanded everywhere.
Nevada got hit hard last summer. The state stood firm, didn’t pay a dime to criminals, and rebuilt in 28 days. Now there’s a new CISO with the right philosophy in place. That’s a step in the right direction.
Let’s make sure he has what he needs to finish the job.
The opinions expressed by contributors are their own and do not necessarily represent the views of Nevada News & Views. This article was written with the assistance of AI. Please verify information and consult additional sources as needed.
