City governments today need to be prepared for any sort of attack: terrorists attempting to impact large events such as the bomb incident at the Boston Marathon, potential infiltration of the city water supply — and now ransomware attacks. The recent security breach in Atlanta shows that cities may not be prepared for hackers who have the savvy to take governments hostage. With an affected area of around six million people, this is the largest group of individuals impacted by a government breach to date. Communication to prevent and respond to these incidents can be challenging; not just within the government but also between affected government entities and the public.
Surprisingly enough, the hackers in the Atlanta incident were only asking for a measly $51,000 in Bitcoin — a paltry sum considering that they effectively held the city hostage for nearly a week. While city officials declined to comment on whether or not the ransom was paid, two weeks after the attack they were still struggling to restore services which suggests the ransom was not paid. Instead, the courts continued to be unable to process online or in-person tickets, hearings had to be rescheduled and employees were unable to access their files and computers. While the city’s 911 service was not affected, it easily could have been a target of the hackers. This isn’t the first time that municipalities have been the target of malicious actors: Dallas had an incident in 2017 where hackers activated tornado sirens during the early hours of the morning, and the Colorado Department of Transportation has also been targeted. Attempting to keep communication flowing during an emergency can be challenging, especially if you’re unable to access key government computer systems.
The amount of confusion in the case of these incidents is extensive: from employees unable to log into their computers systems and clogging up a help desk queue with unanswerable questions to the bewilderment of residents who were attempting to use city services. If the first government employee to discover the issue was trained to immediately reach the right individuals, a mass communication could be crafted and sent to various constituent groups. It is not uncommon for a cyber-attack to last multiple days — plenty long enough to wreak havoc with government procedures, employees and the public. Fortunately, implementing a mass notification plan specifically for cyber-attacks provides simplified communication for internal constituents as well as the public.
There are a few instances recently where mass notifications were used improperly, specifically in Hawaii where an alert that a ballistic missile was headed toward the island frightened residents into hiding for nearly 45 minutes before the message was retracted. Something similar happened in Japan, where a public broadcaster notified cellphone subscribers of an imminent emergency — fortunately, that message was resolved much more quickly. These snafus point to a need to have a comprehensive mass notification program in place before it is needed.
Vital features of a communications strategy include:
Multiple methods for triggering alarms is also important. If the emergency response team in Atlanta’s technology and operations department was only able to access their notification platform via their personal computer, the virus the hackers released would have made the notification platform useless. The ability to launch notifications from a variety of different platforms including mobile phones and via the internet is an important one for today’s complex government organizations. Learn more about how to protect your government entity from this type of infiltration — from internal early warnings for staff to external messaging to residents — with OnSolve’s CodeRED. OnSolve’s solution is deeply entwined with the Integrated Public Alert & Warning System (IPAWS), making it the ideal solution for governments and municipalities. Contact OnSolve today at 866-939-0911 or request a free demo online anytime.
Download The Cybercrime is becoming a much more prevalent threat – especially for government entities. With the amount of confidential...Download The Article