Washington council is expected to vote Thursday on a raft of proposals to beef up computer security in the wake of a ransomware attack that’s already cost the city tens of thousands of dollars.
A series of proposals on the agenda for the meeting call for separate five-year agreements with two technology firms. Officials consulted those companies – Ideal Intergrations and Blue Bastion – and a third, the data forensics firm Sylint Group, following the cyber attack more than two months ago.
“We had a company come in during the cyber breach, and we’re looking now to move some of our computer infrastructure offsite so that it can be more secure in the future,” said Councilman Joe Manning.
The malware was discovered on the morning of May 6, a Monday. Officials ultimately paid $21,250 to unlock the city’s servers and regain control of its system at the advice of security experts.
The items up for consideration this week would involve paying a $7,600 initial setup fee to Blue Bastion to outsource internet security to the company. Thereafter, the city would pay the firm roughly $1,950 a month for the lifespan of the contract.
Similarly, the city would pay $7,250 in setup costs and about $6,450 a month under its proposed agreement with Ideal. In exchange, the company would host city servers at its data center in Pittsburgh and provide a fiber connection to the system used by city workers.
“It may end up being a tad pricy, but you have to realize, these, maybe, are things we should have been doing all along,” Manning said. “So we’re sort of playing catchup to bring us to where our security should have been.”
Lynn Galluze, the city’s computer systems coordinator, said the city replaced all 39 of its computer workstations since the attack as part of its upgrades in security. She couldn’t immediately give a breakdown of the costs for doing so.
Manning said the investigation revealed some 109,000 attempts to break into the city’s system before whoever was responsible – that person has not been identified – managed to break into a city hall server on that Monday morning.
The attack occurred the day before, Galluze said. She said experts told city officials no sensitive information had been compromised.
“There was not a patient zero,” she said, adding: “I think they’re trying to determine exactly where it came in.”