As Baltimore wrestles with ransomware attack, more resources needed for municipalities’ cyber security

WASHINGTON – Nearly a month after a cyberattack made many online systems in Baltimore inoperable, Rep. Elijah Cummings, D-Md., whose district includes much of Baltimore, said Tuesday that many jurisdictions need investments in cybersecurity.

“One of the biggest problems is that a lot of our municipalities like Baltimore are vulnerable because we have not necessarily had the resources to put in to updating the systems,” he said in an interview.

Rep. Elijah Cummings, D-Md., chairs the House Committee on Oversight and Reform. “What the Department of Homeland Security can come in and do is show us the vulnerabilities and help us figure out what we need to do about them, which is very, very important,” he said. (Photo by Dwight A. Weingarten/MEDILL).

According to the Baltimore City IT Department’s 2018 Strategic Plan, the investments in the city’s IT systems would need to increase from $30 million to nearly $130 million to be up with industry benchmarks.

In order to protect critical city data and prevent disruption of city services, governments have to invest in digital infrastructure, said Megan Lamberth, a national security and technology researcher at the Center for a New American Security.

“These ransomware attacks are not going anywhere in the near future and we’ve seen similar attacks in several other cities across the U.S.,” said Lamberth.

In the same month as the Baltimore attack, a ransomware attack disabled an online parking ticket  payment system in Lynn, Massachusetts.

In March 2018, Atlanta’s city government functions were disrupted by a ransomware attack, causing disruptions to nearly four thousand city computers.

The ransomware attack on Baltimore’s network on May 7 disabled many of the city’s services, and a ransom demand of about $100,000 in bitcoin was made. The city has not paid the ransom so far, and federal and local officials said they are investigating the source of the attack.

The attack came less than a week after Catherine Pugh resigned as Baltimore’s mayor because of ethics investigations; Bernard “Jack” Young, former city council president, took over as acting mayor and was sworn into office on May 9.

Ironically, a week before the Baltimore cyberattack, Gov. Larry Hogan spoke in Baltimore at the inaugural Global Cyber Innovation Summit, welcoming industry leaders to the “cyber capital of America.”

Brandon Scott, who replaced Young as city council president, asked Hogan on May 25 to seek a federal emergency and disaster declaration to help pay for the damage done by the attack.

Scott also appointed a special city council committee on cybersecurity and emergency preparedness to investigate the attack, headed by council members Eric Costello and Isaac Schleifer. Schleifer estimates the ransomware attack cost the city over $18 million between damages for repairs and lost revenue.

“There is not one silver bullet,” said Richard Dean, a former NSA employee and cybersecurity expert, of the city’s network security. “You have to do a thousand things.”

Dean, an adjunct professor of cybersecurity at Morgan State University in Baltimore, said the cybersecurity environment changes daily and the challenge is in managing systems.

“This is something that is a moving target,” said Cummings of the cybersecurity challenges municipalities are facing. “You have to have constant surveillance and be prepared to make all appropriate changes.”

Approximately 90 percent of Baltimore city employees’ email capabilities could be restored by the end of the week after the attack disabled email and many of the city’s online services, a spokesman for Baltimore Mayor Young said Tuesday.

About 30 percent of the city’s email services are operational now, Press Secretary James Bentley said.

Bentley said the city is bringing systems back online by creating a new secure environment and quarantining the attack.

Members of the Maryland congressional delegation were briefed by senior officials of the National Security Agency on Monday regarding the cyberattack. The New York Times reported that an NSA tool called EternalBlue, which exploits a vulnerability in Microsoft software, that had been leaked in 2017 and used by cybercriminals against numerous countries since then, was used in the Baltimore attack.

“When it comes to the ransomware attack in Baltimore, we all want to know, ‘who’ and ‘how,’” Sens. Ben Cardin and Chris Van Hollen and Reps. Elijah Cummings, David Trone, John Sarbanes and Dutch Ruppersberger said in a statement released Tuesday.

“Yesterday, we heard that current evidence suggests the city’s network was infected via a phishing effort by malware known as RobbinHood. We urge against further speculation until the investigation is complete and look forward to sharing more as we learn more.”

Cummings said that the FBI and other agencies are investigating the ransomware attack.

“That investigative process in and of itself hopefully will help us get it resolved,” he said.

Published in conjunction with Maryland Matters Maryland Matters is part of The Newsroom network