Local Governments Take New Approach to Fighting Cybercrime

As smart city technologies bring new services to local residents, government CIOs move from an end point to a centralized approach to security.

By Joel Keller

By Joel Keller December 16, 2019

Jon Walton remembers clearly when the first widespread virus, Melissa, hit Microsoft-based servers and PCs. That was back in 1999 when he was the deputy CIO of the city of San Jose, CA, and it was not a good day.

"I had to shut down the whole network,” Walton said. “We just unplugged everybody and went from department to department.”

Melissa was a fast-spreading macro virus distributed as an e-mail attachment. It disabled a number of safeguards in Word and was resent to the first 50 people in each of the user's address books.

There was one upside. “It finally got us to put antivirus software on every PC in the city,” Walton said.

Now, as the CIO of San Mateo County, CA, Walton has a lot more to deal with than a virus created by a lone hacker propagating through his network. Faced with institutionalized hacks that have resulted in ransomeware attacks on major cities like Atlanta and Baltimore, Walton and other local government CIOs have to solve multiple security challenges that can't be addressed by a budgetary line item.

Not only do you have to repair the problem, which is damaging, but it means something else important that you were planning on isn't going to happen now.

Jon Walton, CIO of California’s San Mateo County

According to Tim Wallace, head of public sector industry solutions at Nutanix, recent ransomeware attacks may still invade a network in the same way Melissa did 20 years ago: by an end-user clicking on an email or social media link they shouldn't.

"Once they gain access to a system, they open up a secure connection back to whoever initiated the attack,” Wallace said. “Then, those people go in and try to find other holes within the system now that they have an open door."

Wallace said cyber thieves then encrypt the data they find and hold it for ransom, usually in the tens of thousands of dollars and payable in bitcoin.

[Related Webinar: Defending Against Malware and Ransomewear]

When municipalities are taken offline by ransomeware attacks, critical systems go down, like those that collect revenue or provide information for courts and police. Recovering from a cyberattack can get expensive. The 2016 SamSam virus hit over 200 victims, including the city of Atlanta, which was prepared to spend up to $17 million in emergency contracts and new technology to remedy a cyberattack, according to an article in State Scoop.

"That means you're not going to build a library, or hire people," Walton said.

Municipality budgets are often set before each fiscal year, making spending much less flexible than on a corporate level, where budgets can be reevaluated before each quarter.

"Not only do you have to repair the problem, which is damaging, but it means something else important that you were planning on isn't going to happen now," Walton said.

IT engineer data center control

As networks have hardened over the past 20 years, cybercriminals have grown more sophisticated. They have a better ability to find vulnerabilities (like forgotten servers outside firewalls) or still rely on the old-fashioned method of relying on users to click on something they shouldn't.

Despite the numerous and sophisticated threats they face, government sector CIOs continue to roll out new innovations, including the Internet of Things (IoT) and other so-called smart city technologies.

"The movement towards this IoT explosion of using sensors and collecting data opens up a massive number of potential touchpoints," said Wallace.

He said local government leaders need to protect against attackers who want to tap into a traffic control system or some other internet-connected device.

One current means of defense is virtualization of computer servers and storage and the use of virtual desktop infrastructure (VDI) and desktop as a service (DaaS). Walton said these new technologies could quickly wipe out infected areas and reformat everything before malware takes down a whole system.

"It allows me to flush any disease, any type of infection that’s occurred in a certain period," Walton said. "As long as I can do it with minimum disruption to my business, I'm going to do that as frequently as possible to reduce the opportunity for infection or for something to propagate to the network from machine to machine."

Sure beats the old way of individually installing antivirus applications on each and every device.

Joel Keller is a contributing writer. He has written Fast Company, The New York Times and other publications. Follow him on Twitter @joelkeller.

© 2019 Nutanix, Inc. All rights reserved. For additional legal information, please go here.