While a lot of focus in cybersecurity is rightfully on securing federal systems, a vulnerability that is becoming even more obvious are a nation’s cities. In 2018, the city of Atlanta was the victim of the SamSam ransomware attack. It brought critical services to a halt and erased important city data, like videos from police officers’ dashboard cameras. Atlanta was the largest city affected, but nearly 200 other cities and companies were victims of the SamSam attack, including Newark, NJ.
An inspector’s report before the attack took place revealed incredible vulnerabilities in Atlanta’s systems including 2,000 vulnerabilities marked as “severe” and 100 servers running an old version of Windows Microsoft had stopped supporting 3 years earlier. The SamSam virus relied on “brute force” rather than more common phishing attacks. This meant it was looking for weak or default passwords to gain access.
A few days ago, the city of Saint John in Canada revealed it was the victim of a ransomware attack and had yet to determine whether to pay the ransom. While it did not believe personal information had been compromised in the attack, it encouraged residents to monitor their bank accounts and acknowledged some city services would be unavailable or running on analog processes until they could regain access and secure the systems.
Atlanta was able to keep critical infrastructure like water and emergency services running in part because it was prepared to go to manual backup processes. It is essential that cities be prepared for cyber attacks crippling key systems, but it is also evident that city and state governments need to take cyber security more seriously. A city government, especially of a major city like Atlanta with one of the world’s busiest airports, is a tempting target. Gaining access to city records could also make it easier to target persons of interest who happen to reside in those cities.
I’m often surprised at how many people lack awareness of basic cyber security measures, like keeping software up to date and using strong passwords and two-factor authentication. While everyone could benefit from learning foundational concepts, city employees should receive advanced training and city infrastructure should be held to higher standards. Working for a major tech company has certainly taught me a lot about cyber security, but the key thing I learned is that while it’s certainly important to have secure code and strong firewalls, the primary way systems are breached is through front-line employees. Leaving devices unlocked and unattended, weak passwords, or offering potentially sensitive information to someone posing as a fellow employee without verifying their identity, and of course, clicking links in suspicious emails are all common ways employees can compromise security, and much easier for bad actors than hacking a system’s code.
Two Iranian citizens were indicted in US court over the SamSam attacks, but are almost certain to never appear. Protecting the federal government is critical to our national defense, but we shouldn’t forget to protect our cities and the critical services they provide.
Stephanie,
This is a very serious problem, and it’s getting worse. Part of the reason is that cities (and especially smaller municipalities) simply don’t have the money to update their software regularly. Indeed, they often are working with software (and hardware) that is completely outdated–and, in many cases, no longer supported (as you pointed out). Meanwhile the cyber criminals are getting more and more sophisticated. And now they are using Bitcoin to transfer their ransom payments, which is almost completely untraceable. But as you correctly point out, the problems almost always begin with employees who open phishing e-mails from outside the organization. And this has cost both governments and private companies a LOT of money!
–Professor Wallerstein