City officials estimate that the cost of the “file-locking” ransomware attack on the municipal government’s cyber system exceeds $18 million. And it’s expected to rise.
Last month, hackers infected approximately 10,000 city computers and demanded a ransom of 13 bitcoin (around $100,000), which the government refuses to pay. Mayor Bernard C. “Jack” Young said on June 4 that pivotal city services are now functioning despite the disruption. He has enlisted the FBI and cybersecurity experts to determine the code that enabled hackers to bring Baltimore’s networks to a standstill.
Jmore recently spoke with Sheryl Goldstein, the mayor’s deputy chief of staff for operations, about the ransomware attack.
Goldstein, who joined the Young administration last month, previously served as a liaison between Mayor Stephanie Rawlings-Blake’s office and the Baltimore Police Department. In addition, she directed Mayor Sheila Dixon’s Office on Criminal Justice.
Most recently, Goldstein served as vice president of the Abell Foundation and as managing director of programs and grants for the Harry and Jeanette Weinberg Foundation.
An attorney and North Baltimore resident, Goldstein is married to former Baltimore City State’s Attorney Gregg L. Bernstein.
Jmore: Why was the city so vulnerable to a ransomware attack?
Goldstein: Like many other cities, Baltimore has an aging information-technology infrastructure. And we have a number of computer application programs. Some are older, some are newer. We also have resource challenges.
Governments across the country and internationally have become more vulnerable. For example, over the past 18 months, there has been an increased frequency of cyberattacks against governments. We and other cities have become attractive targets. Hackers have gone after Atlanta and Charlotte, North Carolina, to name one city larger and one of many that are smaller than Baltimore
How long until the city’s computer systems are fully operational again?
We are currently restoring email for all city employees and expect to have that completed in a matter of days. As to restoring data and applications, that’s a work in progress and will take several months. Meanwhile, city employees have done an outstanding job of developing manual solutions to keep the business of city government running, creating manual solutions to handle housing sales, property liens, property taxes and more. We’ve gotten back to how we used to do it.
We must safeguard our systems and ongoing programs long-term, and we must update our systems. But the first priority is to ensure that they are secure. But even an entity that has done everything possible is not guaranteed to be secure from a cyberattack. Often, the hackers have a level of sophistication that is beyond the standard in the field.
A few days ago, the head of the Federal Reserve, Jerome Powell, said that cyber risk is constantly evolving. He stated, ‘I’ve never felt a time when I think we’re doing enough [to prevent cyber attacks]. We just have to keep running to keep up with the risk. That is the largest risk we face.’
Did the hackers who paralyzed Baltimore’s government use programs originally created by the National Security Agency?
I don’t know. There is a forensic review going on right now and when that review is complete in about one month, we’ll have more information. Then, we’ll review with our lawyers what we can and cannot make public.
But let me say that oftentimes, people look for someone to blame for circumstances like this. Let’s keep in mind that the bad guys here are the cyber criminals who attacked us. They’re the ones to blame.
What other types of cyber safeguards have been established by the city or are in process?
We’ve brought in a number of outside cyber security experts to test and retest our systems to make them secure and advise us on how we go forward. I don’t want to be more specific.
How will the city pay for this attack?
If the federal government were to make resources available to cities like ours, to help with remedial efforts and also to help out with network safety, that would be terrific. This is more and more an issue for cities across the nation, and the federal government’s help would be welcome.
How can all of us protect ourselves better from cyber criminals?
Many organizations invest resources in providing direct services, and we all understand why, but sometimes that leaves fewer resources for IT infrastructure. I’m not an IT expert, but everyone — individuals and organizations — must make sure to change their passwords frequently. Also, do frequent updates and upgrades of your IT systems and software.
If you have employees, do phishing training so they know not to open suspicious emails. [Phishing is the fraudulent act of attempting to obtain sensitive information from individuals through deceptive electronic communication practices]
IT protection is a challenge to all organizations that are lean and trying to help the public as much as they can.
Peter Arnold is a Silver Spring-based freelance writer.