Dallas to pay millions for new IT security technology

Dallas - In a bid to bolster the city's digital safeguards, Dallas City Council on Wednesday approved a comprehensive $4 million strategy. The plan involves procuring an advanced system designed to constantly scrutinize and notify the city's IT department about possible cyber threats. This action follows in the wake of a severe ransomware attack from two months ago, the ramifications of which are still being handled by the city.

The council members unanimously agreed to a strategic alliance with Netsync Network Solutions, a tech services company headquartered in Houston. The firm will, over a span of three years, support the city in setting up a resilient system that identifies threats and irregularities within the Information and Technology Services Department.

City archives present this investment as a vital enhancement to the existing infrastructure, adding continuous security monitoring to their suite of capabilities.

“This equipment and associated services will be crucial to protecting the city’s network from cyber threats and hacks by alerting the Department of Information and Technology Services’ Security Operations Center to threats and abnormalities on the city network,” said city documents describing the council agenda item. “This solution will aid in protecting the city’s network and systems against internal and external cyber threats to the organization including potential ransomware.”

Unveiling the technology that Dallas will employ, Shawn Sutton, a strategic account manager at Netsync, indicated that the city will be incorporating a cybersecurity platform named MixMode. He described it as a security and information event manager that “in basic terms, gives you a bird’s-eye view of your network looking for issues before they cause business interruptions.”

Just a week before the May 3 ransomware attack, the City Council had ratified another three-year contract with Netsync, valued above $873,000. This agreement was intended to assist the city's procurement of a threat detection solution covering vital assets, including city servers and city employees' desktop and laptop computers.

Inquiring about the city's ongoing recovery from the ransomware event, City Communications Director Catherine Cuellar refrained from sharing new details. She asserted that any updates would be posted on the city's public website. The latest update on the website goes back to the previous Friday when the public library's online system was brought back online, having been disrupted since the May 3 attack.

Later on Wednesday, Cuellar affirmed that the integration of the new system is part of a wider approach to strengthen the city's existing cybersecurity measures in light of the recent attack.

“In addition, we have taken additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset of all user accounts, expediting the implementation of additional controls and completely rebuilding impacted systems in a new, secure environment,” she said, according to Dallas Morning News.

In a recent update, Dallas city officials declared substantial headway in restoring city systems and services following a cyberattack last month, confirming successful execution of over 90% of the recovery procedures. City authorities had assigned the IT staff to a thorough examination, purification, and rebuilding of compromised computers and servers subsequent to the cyber incursion.

On May 6, the city confirmed their collaboration with CrowdStrike, a reputable cybersecurity firm, to aid IT specialists in effectively isolating and disinfecting affected city devices, thus preventing any further virus spread.

Officials in Dallas have generally been discreet about the specifics of the cyber event due to an ongoing criminal probe into the attack. The city is yet to publicize details about the magnitude of the attack, its methodology, or the scope of the city's recovery efforts.

In an email to the mayor and city council members on May 31, Catherine Cuellar, the Communications Director, recommended against sharing any specific information related to the cyberattack.

The city pointed out that their IT staff received an early morning alert on May 3 regarding a ransomware attack, leading to the compromise of several servers. Additional servers were purposely disconnected to prevent the malicious software from spreading further.

This event caused operational interruptions across several departments and halted the provision of certain city services, such as online water bill payment and nonemergency complaints reporting via the city's 311 app.

In response to the cyber incident, city officials are considering the allocation of a portion of a proposed $1 billion bond package, which could be put forth for voter approval in 2024, for a comprehensive IT system overhaul in Dallas.

On May 19, a group known as "Royal", who are suspected of orchestrating the cyberattack, threatened to expose data held by the city government. However, as of Wednesday, there's no evidence of any data leakage.

As a protective measure, the city offered free credit monitoring services to its employees earlier this month. City representatives assert that there is no proof of any public dissemination of sensitive information related to employees or residents.

Late last week, Fort Worth officials disclosed on Saturday that their own computer system had also been breached, resulting in data from an internal information system being posted online.

Content credit: Dallas Metro News, Dallas Morning News, City of Dallas