The Buzz with Jordan Rae Hillman, Deputy Director of City Planning for the city of Jackson, Mississippi
I’m currently working remotely while hanging out with my two-week-old son. This should be super simple with modern technology, instead, I have experienced numerous hurdles and technical difficulties. Many of these are residual effects of a cyber attack that my city experienced last month.
Even after recognizing the attack and responding to reduce the damage, we were left without access to critical systems. Email access was gone for almost two weeks. Other critical systems—including building permitting, business licensing, time clock, agenda, and more—were unavailable for many days. Employees, customers, and other agencies experienced the frustration of complete gridlock during the recovery. Some systems came back without damage; some have still not fully recovered. (I am still experiencing issues with accessing older emails from my phone and laptop when I am away from the main network.)
I’m not writing this to complain about the experience, but instead to bring attention to what is becoming a disturbing trend. This week I read that the City of Baltimore experienced a similar attack. Earlier this year it was the City of Albany, last year the City of Atlanta. Many cities are working with substandard cybersecurity measures, out of date technology, and too few support people leaving the door open to attack.
- Ransomware Cyberattacks on Baltimore Put City Services Offline
- What Can We Learn from Atlanta
- Ransomware Attacks US Cities Index
- Jackson Hit With Computer Virus Just As City Hosts First Tech Summit
My city did not have a contingency plan for many services, and in some cases, we were unable to even revert to older paper systems. We struggled to manually calculate the building permitting fees due to their complexity and the formulas embedded in the software system. Agenda items were pushed to later meetings. Communications and reporting with grant funders were delayed. We struggled to communicate with each other about what even happened. We mostly heard rumors, but had no method of effectively communicating to employees what was going on.
I don’t consider myself an IT expert by any means, but one thing I have learned from the experience is that the sole responsibility of our technology-based systems can’t fall on the IT Department alone. I need to better prepare my divisions for an “off-grid” experience and create contingencies plans for standing services back up quicker. Part of that contingency plan needs to include how to continue services without software and network access.
Cyber attacks should fall in the category of emergency preparedness, like tornados, floods, and hurricanes (all of which we are all too familiar with). We have plans to handle these natural disasters, and cyber attacks need a similar contingency plan. I hope that a future attack can be prevented, but realistically these attacks will probably increase in prevalence in local government. As we make software and technology decisions, this new reality now must become part of the decision-making process along with preparing contingencies for operating without access to critical systems.
Also, apparently cyber insurance is now a thing.
- What I’m listening to – End it for Good Podcast
- What I’m watching – Les Miserables – PBS Mini Series
- What I’m reading – Brene’ Brown – Dare to Lead courtesy of my ELGL Birthday and Books partner.