SALES, RENTALS & LAYAWAYS

PROTECTING EVERYTHING THAT HAS EVER BEEN OF VALUE TO YOU

Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

What It Will Take To Protect Cities Against Cyber Threats

Local governments are increasingly targeted by hackers, but limited resources and sprawling computer systems make cyberattacks difficult to combat. What It Will Take To Protect Cities Against Cyber Threats

When Gary Brantley stepped into the role of Atlanta’s chief information officer in October 2018, he inherited a system still reeling from a crippling cyberattack that forced employees to revert to pen and paper. It didn’t take him long to see just how inviting the city’s operations were to hackers.

 

“We had close to 400 applications, several that were redundant, meaning they did all the same thing across multiple agencies,” Brantley said. For instance, there were five email programs, four customer resource managers and several permit application systems — each one a potential window of opportunity for cybercriminals. “What you end up finding is, it makes it really hard to secure the whole system and put a real strong strategy in place.”

Atlanta’s recovery efforts took more than a year and cost at least $7.2 million, according to Mayor Keisha Lance Bottoms’ testimony to Congress in 2019. By the time Brantley left his position in November 2020 and started working for the private sector, he had overhauled the security of not just a handful of agencies, but the city’s entire network. Bottoms said they would use the experience to make Atlanta a “model city” for other municipalities.

The attack on Atlanta, plus the many more that targeted other major cities like Baltimore and New Orleans, as well as contractors and utility companies, have reinforced calls to make cybersecurity a top priority.

Compromises at the local level, experts say, also threaten critical infrastructure, potentially disrupting the supply of water and electricity to millions of people — the way the Colonial Pipeline hack in May fueled a gas shortage in parts of the East Coast — or something arguably worse, like poisoning the drinking water supply.

“If you don’t know what you have, you can’t protect it.”

Cities often make for easy targets; hackers can have multiple entry points because of a city’s size and organizational structure, built long before cybersecurity became an urgent matter. Multiple departments often use different platforms, and agencies may not always keep up with software updates.

For opportunistic hackers, who hone in on just one overlooked vulnerability after scanning a system, the attack takes little effort — but reaps potentially huge rewards.

That means preparing cities for future attacks can seem like a game of whack-a-mole, with employees patching one vulnerability only to find new ones down the line. And even as cybersecurity experts advise “basic digital hygiene” measures like training staff on best practices and hiring firms to probe for weaknesses, some cities are scrambling to keep up with new threats.

Cyberattacks on state and local governments have been rising in both frequency and cost, according to a recent report by the cybersecurity firm Blue Voyant. Between 2017 and 2019, there were at least 108 hacks — though many more have likely gone unreported — with ransom demands rising from a monthly average of $30,000 to $500,000. The majority of of the 25 most populous cities have some sort of insurance policy, according to a Wall Street Journal survey in 2018.

Some have premiums as high as hundreds of thousands of dollars, and that cover millions of dollars worth of things like legal liabilities, computer-forensic expertise and extortion demands. Paying the ransom doesn’t guarantee a city gets all its data back, and can even encourage future attacks, while refusal to do so can end up costing municipalities even more to recover.

“Environment of Awareness”

In many cities, positions like Brantley’s are relatively new, and security teams may be understaffed and underfunded. Until recently, few public officials paid much attention to cybersecurity, much less made it a priority, and more often than not, cities don’t have a clear picture of where all their vulnerabilities lie.

“If you don’t know what you have, you can’t protect it,” says Brantley. “The first thing I wanted to know was what our portfolio looks like, and how we can find what else may be out there.” The early efforts involved figuring out what needed to be retired, streamlined, patched and modernized. One of the biggest improvements was to segment the network so hackers couldn’t “travel” from one department’s system to another, and add layers of identification requirements.

Brantley set out to create an “environment of awareness,” which meant putting in place new policies and procedures for procuring new contracts and building out new systems. And he expanded the security team, from three people to about a dozen by the time he left. They monitor the city’s entire network for potential attacks, and oversee the security for new projects.

“One of the most vulnerable times for an organization is when they are transforming,” he says. “So when you’re going from one system to the next, did you close down all of the holes on the old system that may give someone access to the new one? Did you turn everything off that needed to be turned off, and did you cut access to people who had access?”

Getting support and approval from the city for his projects was sometimes time-consuming, but Brantley says he was largely able to secure the funding he needed because Atlanta officials understood the urgency.

Preventative measures, though, can be a much tougher sell to public officials amid competing projects in cities that haven’t experienced an attack. “A lot of these political officials, they run on specific promises, and none of those are cybersecurity,” he said.

Staying Vigilant

Even after all that, Atlanta isn’t immune to future attacks; no city is.

“If you look at the number of vulnerabilities and the frequency of new vulnerabilities being discovered, they have gone up tremendously,” says Michael Makstman, chief information security officer (CISO) for the city of San Francisco. Even if your organization had perfect security before, “you have to run faster just to stay in the same place.”

Makstman is also a founding member of the Coalition of City CISOs — along with officers from other major cities like Detroit, Los Angeles and Seattle — formed in the fall of 2020 to exchange ideas and solutions on how to educate public officials, residents and other security officers about cybersecurity.

Cities are complex, made up of multiple agencies serving residents’ needs of all kinds, and navigating conflicting priorities like balancing the need to keep data safe but also remaining transparent. What’s good for protecting the system against potential hackers can hinder collaboration between departments, or raise surveillance concerns.

Efforts to silo city networks may counter efforts to make data sharing easier among different agencies, for example. And while collecting data on who uses public library computers and how, in theory, can help monitor potential hacks, it also would erode the public’s trust in the institution.

Too often, Makstman argues, that complexity gets lost in the calls for cities to secure their networks. Plus, the budget needed to upgrade such a complex system isn’t always there. “The world is becoming more dangerous, unfortunately,” he adds, “and I think it’s a little bit disingenuous to say the local government is not patching fast enough.”

That’s not to say cities can’t make gradual changes to protect themselves against the worst outcomes of a cyberattack.

“What we can do is design and architect our environment — and this is what I’ve been focused on for the last 3.5 years — in such a way that a compromise or a mistake does not lead to catastrophic impact for the whole city,” he says. “We can survive, and not implode.”

Related Articles:

Home Security Company ADT Betting On Google Partnership To Build Revenue

Carnegie Cyber Kids Academy. World’s Most Prestigious Cyber Defense Training Facility

How To Opt Out Of Amazon’s Bandwidth-Sharing Sidewalk Network

Carnival Discloses Breach of Personal Data On Guests And Crew

UK Cyber Chief Cameron Says Ransomware Key Online Threat

The FBI Secretly Ran The Anom Messaging Platform, Yielding Hundreds Of Arrests In Global Sting

Federal Reserve Hacked More Than 50 Times In 4 Years

All of JBS’s US Beef Plants Were Forced Shut By Cyberattack

It Wasn’t Until Anonymous Payment Systems That Ransomware Became A Problem

How To Use Ian Coleman’s BIP39 Tool For Finding Bitcoin Addresses And Private Keys From A Seed Phrase

A New Ransomware Enters The Fray: Epsilon Red

This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware

Biden Proposes Billions For Cybersecurity After Wave of Attacks

Mobile Crypto ‘Mining’ App Possibly Connected To Personal Data Leak

Ireland Confirms Second Cyber Attack On Health System

US Unveils Plan To Protect Power Grid From Foreign Hackers

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

A Hacker Was Selling A Cybersecurity Exploit As An NFT. Then OpenSea Stepped In

Clubhouse And Its Privacy & Security Risk

Using Google’s ‘Incognito’ Mode Fails To Prevent Tracking

Kia Motors America Victim of Ransomware Attack Demanding $20M In Bitcoin, Report Claims

The Long Hack: How China Exploited A U.S. Tech Supplier

Clubhouse Users’ Raw Audio May Be Exposed To Chinese Partner

Hacker Changed Chemical Level In Florida City’s Water System

UK Merger Watchdog Suffers 150 Data Breaches In Two Years

KeepChange Foils Bitcoin Theft But Loses User Data In Sunday Breach

Hacker Refuses To Hand Police Password For Seized Wallet With $6.5M In Bitcoin

SonicWall Says It Was Victim of ‘Sophisticated’ Hack

Tor Project’s Crypto Donations Increased 23% In 2020

Read This Now If Your Digital Wallet Which Holds Your Crypto-currencies Can Be Accessed Through Cellular, Wifi, Or Bluetooth

Armed Robbers Steal $450K From Hong Kong Crypto Trader

Is Your iPhone Passcode Off Limits To The Law? Supreme Court Ruling Sought

Researchers Warn 3 Apps Have Been Stealing Crypto Undetected For A Year

Ways To Prevent Phishing Scams In 2020

The Pandemic Turbocharged Online Privacy Concerns

US Treasury Breached By Foreign-Backed Hackers

FireEye Hack Portends A Scary Era Of Cyber-Insecurity

How FinCEN Became A Honeypot For Sensitive Personal Data

Apple And Google To Stop X-Mode From Collecting Location Data From Users’ Phones

Surge In Physical Threats During Pandemic Complicates Employee Security Efforts

Imagine A Nutrition Label—for Cybersecurity

Cybercriminals Attack GoDaddy-based Cryptocurrency Platforms

Biden Team Lacks Full U.S. Cybersecurity Support In Transition Fracas

Nasdaq To Buy Anti-Financial Crime Firm Verafin For $2.75 Billion

Mysterious Software Bugs Were Used To Hack iPhones and Android Phones and No One Will Talk About It

Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin

Hackers Steal $2.3 Million From Trump Wisconsin Campaign Account

Crypto Scammers Deface Trump Campaign Website One Week From Elections

Telecoms Protocol From 1975 Exploited To Target 20 Crypto Executives

With Traders Far From Offices, Banks Bring Surveillance To Homes

Financial Systems Set Up To Monitor Unemployment Insurance Fraud Are Being Overloaded (#GotBlockchain?)

A Millionaire Hacker’s Lessons For Corporate America

Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack

Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom

Russian Troll Farms Posing As African-American Support For Donald Trump

US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign

Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time

Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)

Facebook Offers Money To Reel In TikTok Creators

How A Facebook Employee Helped Trump Win—But Switched Sides For 2020

Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption

Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending

Facebook Labels Trump Posts On Grounds That He’s Inciting Violence

Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)

Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble

OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)

How Facebook Coin’s Big Corporate Backers Will Profit From Crypto

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)

FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

 

Go back

Leave a Reply