Baltimore Tries to Boost Cybersecurity After Attack

A ransomware attack in May left Baltimore government disoriented for months. The Cybersecurity and Emergency Preparedness Committee met for the first time on Wednesday to begin a cyber-preparedness plan.
by Talia Richman, The Baltimore Sun | November 8, 2019 AT 3:01 AM

(TNS) — By about 3:30 a.m. on that May morning, it was clear something was very wrong in Baltimore.

It was the beginning of a ransomware attack that would hamper the local government for months. But because the city lacked the bandwidth for 24/7 cybersecurity monitoring, it took hours for officials to realize the extent of what was going on.

“Not all of the alerts were identified,” said Gayle Guilford, the city’s cybersecurity chief. “It was due to limited staffing and limited funding.”

Baltimore City Council President Brandon M. Scott established the Cybersecurity and Emergency Preparedness Committee in June, charging the group with analyzing the attack and developing solutions to prevent another one.

The committee met for the first time Wednesday and will work for the next several months to make recommendations on policies, practices and technology needed to strengthen the city’s IT system.

Council members pressed agency leaders during Wednesday night’s hearing on the timeline of events and what lessons can be learned from how the attack unfolded. Guilford said they’re working on building up the ability for constant monitoring, so that if they are attacked again, they could react immediately.

“The idea is to figure out exactly what happened, did we respond the right way and what can be done to reduce likelihood of a future attack," said Democratic Councilman Eric Costello, who is co-chairing the committee.

But city leaders couldn’t go into much detail about the attack itself during the hearing. It remains under criminal investigation, said deputy chief of staff for operations Sheryl Goldstein, and federal officials have asked her and others not to share sensitive details with the public.

During the May attack, hackers gained access to city systems, encrypted files using ransomware and then demanded payment for the decryption keys, which Democratic Mayor Bernard C. “Jack” Young refused to pay. It disrupted employees’ email service, halted water billing, suspended real estate transactions and cost the city millions.

The city’s spending board last month approved a plan to spend $20 million in cyber liability insurance to cover any additional disruptions to city networks over the next year.

Future committee meetings will deal with cybersecurity training, developing backup plans and creating a tech advisory council.

Costello questioned why he’s never been required to do cybersecurity training.

Acting IT director Todd Carter, who took over after his predecessor left in the wake of the ransomware attack, said by early 2020 the city will develop a plan for mandatory training.

Democratic Councilman Isaac “Yitzy” Schleifer, a committee co-chair, said the city didn’t effectively communicate with employees during the first few days, of the attack leaving people — including council members — in the dark about how to go about their business.

Carter said that, should this happen again, the city would know to communicate vital information better.

“It’s terrible to have gone through this and learned the hard way," Goldstein said, “but these are things you’d see much improved if this were to happen again.”

©2019 The Baltimore Sun. Distributed by Tribune Content Agency, LLC.