What would you do if you were an elected official in the midst of a cyber-attack? -*When Cyber Criminals Target Our Cities*

Co Authored by Chelsea Zfaz and Dr. Moty Cristal

Early morning on March 22, technical issues began interfering with the normal functioning of the City of Atlanta’s computer systems. It quickly came to light that a number of these systems had fallen victim to a ransomware attack. The entry point for the attack was a vulnerable server, which enabled the ransomware to spread to desktop computers throughout the network. The attackers demanded 6 Bitcoins (about 51,000 USD) to decrypt the city’s data.

The City of Atlanta remains crippled a week after the attack, as municipal court proceedings continue to be postponed and police officers and other employees resort to writing reports by hand. Yet government officials and civilians alike should be considered fortunate in that Thursday’s attack did not target more critical services- such as traffic light control systems or the power grid- creating a situation that would undoubtedly have more egregious consequences.

By their very nature as public service providers and guardians, municipalities hold a particularly high level of responsibility to guarantee the security of their constituents’ private information. These organizations are put in an especially precarious position when their systems become compromised. The situation becomes outright desperate when data is encrypted, especially when such encryption threatens citizens’ private information or the functioning of vital municipal services.

• What would you do if you were an elected official in the midst of a cyber-attack? 

• Would you pay a ransom to guarantee the safe return of your city’s data?
• Would you pay a ransom if the funds were sourced from constituents’ tax dollars?
• Would you need citizens’ approval for such a decision?
• Would you trust the perpetrators enough to be convinced that paying the ransom would in fact return access to your data?
• What would you expect the consequences of not paying to be?

According to the Verizon 2017 Data Breach Investigations Report, public sector entities were the third most prevalent breach victims worldwide in 2017 (last year, 12% of all cyber breaches targeted the public sector)[1]. How can all levels and scopes of government ensure they remain ahead of virtual criminal activity that is continuously evolving?

At the Muni Expo in Tel Aviv last month, Ivor Terret, Director of Be-Strategic Solutions, an Israel-based crisis management firm, presented a case study in which a municipality exercised its cyber-attack preparedness and response capacities. The municipality clarified the processes, personnel and equipment it had in place that constructively contributed to effective identification of cyber threat indicators, mitigation of cyber risks and recovery from a cyber-attack. The exercise exposed weaknesses in municipal procedures for risk and threat identification and enabled the municipality to institute practical improvements to established protocol.

The recent breach of Atlanta’s computer systems raises the question of whether municipalities in America are doing enough to protect their constituents’ private information. And while efforts indisputably vary from city to city, one thing remains clear- the more proactive the municipal approach to cyber protections, the more secure the city will remain.

[1] 2017 Data Breach Investigations Report, pg3