Washington officials on Thursday approved measures designed to bolster the city’s computer-security measures that are expected to cost the city more than $500,000 over the next five years.
In a series of unanimous votes, four members of council decided to enter contracts with the firms Blue Bastion and Ideal Integrations that together will cost about $8,400 a month during the five-year lifespan of the agreements. They did so in the wake of an early May ransomware attack that forced officials to take down their communication system and ultimately pay a $21,250 ransom to regain control of it.
The attack seems to have taught officials a hard lesson. Mayor Scott Putnam said the city previously spent “relatively little money on computer security.”
“This has just forced us to up our game,” he added. “I think we’re lucky we lasted as long as we did without getting attacked, but once we did, now we have to make this change.”
He said the city had a cybersecurity policy rider in its insurance policy that reimbursed some of the costs of the attack, but didn’t provide a specific figure.
Council also approved setup payments of $7,250 to Ideal Integrations – which will host servers for the municipal government out of its data center in Pittsburgh and provide a fiber connection linking them to City Hall – and $7,600 to Blue Bastion, which will manage the city’s computer security.
A third firm officials consulted following the attack, Sylint Group, billed the city for a total of about $40,250.
Putnam and three members of council – Joe Manning, Ken Westcott and Matt Staniszewski – voted on the new measures. Councilwoman Monda Williams was absent.
The city raised property taxes this year to help cover its $14.8 million budget. It was unclear how the city will cover the additional expenses.
“We’re moving some money around,” Putnam said. “We’re not sure exactly where it’s coming from yet, but it’s something the city has to do at this point.”
There are options – like the European Union Agency for Law Enforcement’s No Ransom program – offering free services to the victims of ransomware attacks in an effort to help them avoid paying hackers.
Asked whether officials considered those options, Putnam said: “Through our consultants, we did look at some of those other options.”
He didn’t know exactly what those experts’ advice was.
“I wasn’t involved in that conversation, but I know that they did talk about looking at other protective measures,” he said.