Baltimore Coun­cil seeks an­swers af­ter cy­ber­at­tack

Com­mit­tee meets for 1st time to work on so­lu­tions to strengthen city’s IT

Baltimore Sun - - NEWS - By Talia Rich­man

By about 3:30 a.m. on that May morn­ing, it was clear some­thing was very wrong in Baltimore.

It was the be­gin­ning of a ran­somware at­tack that would ham­per city govern­ment for months. But be­cause Baltimore lacked the band­width for 24/7 cy­ber­se­cu­rity mon­i­tor­ing, it took hours for of­fi­cials to re­al­ize the ex­tent of what was go­ing on.

“Not all of the alerts were iden­ti­fied,” said Gayle Guil­ford, the city’s cy­ber­se­cu­rity chief. “It was due to lim­ited staffing and lim­ited fund­ing.”

Demo­cratic City Coun­cil Pres­i­dent Bran­don Scott es­tab­lished the Cy­ber­se­cu­rity and Emer­gency Pre­pared­ness Com­mit­tee in June, charg­ing the group with an­a­lyz­ing the at­tack and de­vel­op­ing so­lu­tions to pre­vent an­other one.

The com­mit­tee met for the first time Wed­nes­day and will work for the next sev­eral months to make rec­om­men­da­tions on poli­cies, prac­tices and tech­nol­ogy needed to strengthen the city’s in­for­ma­tion tech­nol­ogy sys­tems.

Coun­cil mem­bers pressed agency lead­ers dur­ing Wed­nes­day night’s hear­ing on the time­line of events and what lessons can be learned from how the at­tack un­folded. Guil­ford said they’re work­ing on build­ing the abil­ity for con­stant mon­i­tor­ing, so that if city sys­tems are at­tacked again, they could re­act im­me­di­ately.

“The idea is to fig­ure out ex­actly what hap­pened, did we re­spond the right way and what can be done to re­duce like­li­hood of a fu­ture at­tack,” said Demo­cratic Coun­cil­man Eric Costello, who is co-chair­ing the com­mit­tee.

But city lead­ers couldn’t go into much de­tail about the at­tack it­self dur­ing the hear­ing. It re­mains un­der crim­i­nal in­ves­ti­ga­tion, said Sh­eryl Gold­stein, the mayor’s deputy chief of staff for op­er­a­tions, adding that fed­eral of­fi­cials have asked her and oth­ers not to share sen­si­tive de­tails with the pub­lic.

Dur­ing the May at­tack, hack­ers gained ac­cess to city sys­tems, en­crypted files us­ing ran­somware and then de­manded pay­ment for the de­cryp­tion keys, which Demo­cratic Mayor Bernard C. “Jack” Young re­fused to pay. It dis­rupted em­ploy­ees’ email ser­vice, halted wa­ter billing, sus­pended real es­tate trans­ac­tions and cost the city mil­lions.

The city’s spend­ing board ap­proved a plan last month to pur­chase $20 mil­lion in cy­ber li­a­bil­ity in­sur­ance to cover any ad­di­tional dis­rup­tions to city net­works over the next year.

Fu­ture com­mit­tee meet­ings will deal with cy­ber­se­cu­rity train­ing, de­vel­op­ing backup plans and cre­at­ing a tech ad­vi­sory coun­cil.

Costello ques­tioned why he’s never been re­quired to do cy­ber­se­cu­rity train­ing by the city.

Act­ing IT di­rec­tor Todd Carter, who took over af­ter his pre­de­ces­sor left in the wake of the ran­somware at­tack, said by early 2020 the city will de­velop a plan for manda­tory train­ing.

Demo­cratic Coun­cil­man Isaac “Yitzy” Sch­leifer, a com­mit­tee co-chair­man, said the city didn’t com­mu­ni­cate ef­fec­tively with em­ploy­ees dur­ing the first few days of the at­tack, leav­ing peo­ple — in­clud­ing coun­cil mem­bers — in the dark about how to go about their busi­ness.

Carter said that, should this hap­pen again, the city would know to com­mu­ni­cate vi­tal in­for­ma­tion bet­ter.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.