The needler in the haystack.

Monday, April 11, 2016

Tonight's IT contract would help protect Plainfield against future ransomware attacks


Sysnet Solutions, originally hired by Mayor Robinson-Briggs,
offers crucial additional services besides hosting the city's website.
(Screenshot from their website.)

A resolution on tonight's Plainfield
City Council agenda (R143-16) would help protect the city's computer systems against future ransomware attacks.

Unless you have been living under a rock, you know that the City's computer networks were hit by a "ransomware" virus in recent months. Up to ten years' worth of computer documents were encrypted by the virus, which then destroyed the original documents. In order to gain access to the documents, a "ransom" was demanded from the Ctiy.

Though the amount was relatively small (600 Euros I heard, which is less than $1,000), the information that was being held captive for ransom was invaluable. It could NOT be reconstructed from scratch.

The news put Plainfield at the heart of coverage of this type of threat nationwide, with stories ranging from the Washington Post (see here) to New York's WCBS-TV (see here).

One official described Plainfield's computer network situation as being "on life support".

City Council members did not seem to be aware of how dire the situation is, how vulnerable Plainfield was to yet another cyberattack, and what the proposed contract with Sysnet Solutions would do to rescue the City.

The  East Brunswick company (see their website here) was first hired by former Mayor Sharon Robinson-Briggs to redesign and host Plainfield's website after it was incapacitated for several months early in her tenure.

Though they have a wide range of competencies, including cybersecurity and network systems management, Robinson-Briggs only made use of them for the website as she wanted to develop her own IT Division.

People have asked, "What happened?" to get us in this bind?

There seem to be two parts to the answer.

The first is that an employee, doing grant research, was led to click on a link that downloaded the virus to the employee's computer and thence to the City's networks.

This is called "phishing", putting up a webpage that looks real to the visitor but is booby-trapped to download a virus if a link is clicked on. It is not particularly the user's fault, and even very savvy people can be tricked in this way. The means to counter these attacks lies elsewhere.

And that is where Plainfield's networks were particularly vulnerable.

The second part of the equation is Plainfield's systems management. Managing information technology resources -- such as computer networks and security measures -- is a "belt and suspenders" type operation.

Best practices in IT demand that equipment and networks be kept up-to-date with code "patches", software updates and periodic "service packs" issued by the systems vendor.

Strict records must be kept of all equipment (including its date of install and all records of updates), logbooks that detail all procedures performed, by whom and when, and a master plan that accounts not only for the network itself, but redundancy in the form of strict backup protocols and separate backup systems.

Properly managed IT systems may suffer an attack such as Plainfield did, but the damage will be limited by the security measures in place to perhaps the loss of one day's work on one machine.

That is not the situation with Plainfield's networks and security.

From the time servers were installed and networks set up (some up to TEN YEARS AGO), it turns out that no updates, patches or service packs were ever applied. No logbooks were kept. Equipment was not even inventoried. (An inspection after the ransomware attack found that one "unopened" box that was supposed to contain a server was in fact empty -- raising the question of what happened to the missing server, and when.

Mayor Mapp, high level officials and IT staff huddled with Sysnet Solutions to discuss the precarious state of the city's networks.

The proposal which was hammered out, and is represented by tonight's resolution, would offload much of the risk and liability to Sysnet Solutions, by putting them in charge of the backed up networks, with a secure copy of the City's data mirrored by Sysnet Solutions on a bank of their servers, along with a redundant backup stored in the cloud.

City employees would then follow strict protocols for backup and security measures, as well as keeping accurate, complete and detailed logbooks of network activity.

All this for a price ($37,500) that is well below a second quote of $55.000 obtained by Finance & Administration Director Ron West, which Mayor Mapp elicited at last week's agenda-setting session.

The Council is poised to wipe away a sad history and set the City on a new and more secure path, meeting best practices for Information Technology, and at a considerable savings.

Let's see how the serve is returned.


  -- Dan Damon [follow]


View today's CLIPS here. Not getting your own CLIPS email daily? Click here to subscribe.

0 comments: