Baltimore Ransomware Attack Highlights Vulnerabilities in Municipal IT Security
 

A high-profile ransomware attack against the government of a major American city has brought new light on an ongoing cybersecurity quandary: how can those with the least resources defend their critical data, keep the flow of communications going and minimize disruption for any organization, let alone an entire city government?

For most of the month of May, the government of Baltimore, Md., has been paralyzed in the aftermath of a ransomware attack, with adversaries choking off access to computers, email and important systems including those that facilitate real estate sales and health alerts.

The New York Times reported this week that attackers are using a US National Security Agency (NSA) tool that was stolen in 2017 called EternalBlue as a key component of their ransomware attacks against cities like Baltimore. This isn’t the first time this has happened: attackers used a similar approach during the outbreaks of WannaCry and NotPetya.

Security experts told the NYT attackers have been using this tool to wreak havoc on vulnerable cities and towns across the country with devastating results, driving up cleanup costs and impacting critical government services.

Get more posts like this delivered to your inbox every week. Subscribe to Cyber Resilience Insights today.

Attackers are taking advantage of a fundamental flaw that exists in municipal government, as covered in this Endgadget article on the topic: governments, especially smaller ones, are often slow to upgrade and patch their existing systems, and that makes them very vulnerable to attacks. The NSA did help Microsoft patch the security flaw once EternalBlue was stolen, but many systems remain vulnerable.

Why municipalities are a big cyberattack target

Ransomware attacks aren’t slowing down. In our recently-published State of Email Security Report 2019, 53% of global organizations reported experiencing a business-disrupting ransomware attack in the previous year. This was double the figure from the year before (26%). The average downtime from a ransomware attack as cited in the report was three days, the same as the previous year.

Ransomware in general can be viewed as a tax on poor IT investment. Cybercriminals are opportunistic and want to target those with the least amount of investment in IT security resources. State and local governments are by far the ones with the least amount of investment, yet at the same time have extremely valuable data. In other words, it’s the perfect storm for attackers: the exact scenario they crave the most.

For example, a township with a population of 15,000-20,000 and a small government is very likely to only have one IT person. Their annual budget is probably in the $10,000-$30,000 range. What can they do with that to really keep their infrastructure secure? Probably not all that much

At the same time, they’re responsible for keeping the data of those 15,000-20,000 people secure. We’re talking about information on children, tax records, billing and criminal history among other very critical, very sensitive pieces of data. This is a wealth of valuable info that’s being protected by a limited budget.

Actionable steps for a secure environment

So, as an IT professional for a small state and local government, what can you do about this? Start by talking to your friends for advice. There are plenty of resources from organizations in municipals and counties that can help them defend themselves. For those in the US, these include:

• State and/or regional fusion center
• Department of Homeland Security state/regional coordinators
• Your local cyber agents located within your FBI field or resident office
• Your local InfraGard chapter
• Cybersecurity program coordinators at your local colleges/universities

In the UK, the National Cyber Security Centre (NCSC) has resources local governments can leverage.

Don’t feel like you have to operate in a silo. Others in your position are feeling your pain. Take advantage of those resources to help you gather that data that can put you in the best position to secure your environment.