The policy, which experts say is a step in the right direction, was called for in a June grand jury report.
Stockton— A new policy on the agenda for Stockton city
council members Tuesday hopes to better prepare the city for a possible
ransomware attack. The two-page proposed ransomware attack response
policy was an item called for by a June grand jury report.
The city's proposed policy provides steps for city
officials to follow when a ransomware attack is detected which include
notifying the city manager, attorney, council and law enforcement. Ransomware
attacks are generally carried out by software designed to block access to a
computer system or files until money is paid to the attacker.
Megan Thomas, an associate professor at Stanislaus State's Department of
Computer Sciences reviewed the proposed policy and says that while it is a step
in the right direction, some pieces are missing.
"It was amusingly human-focused from my point of
view, there was like nothing about the technical responses at all," Thomas
said. "Any attempt to stop the attack has got to happen within 10 minutes,
so by the time we're thinking of notifying people, you've either stopped it or
you haven't, but it was interesting that they didn't even put that on the
list."
According to Thomas, municipalities like Stockton face
numerous threats in the digital age from ransomware attacks to phishing
schemes.
June's grand jury report addressed some of
the threats adding that while Stockton lacks a formal policy on payment
procedures in ransomware attacks, the city's large IT department places attacks
and disaster preparedness at a high priority.
"Stockton is one of very few cities having license
to use a cyber security tool integrating the City with the State of
California’s Office of Emergency Services. Stockton’s IT Director meets weekly
with other department heads, updating them on all matters related to cyber security,"
the report said. "Stockton met each of the cyber security expectations
except for the presence of a documented internal policy and procedure for
response to a ransomware attack. However, the City does have a Cybersecurity
Response Book detailing response procedures for other cyber events."
Thomas says simple steps such as restricting who gets
access to add software, regularly backing up systems to multiple locations,
having strong passwords and enabling two-factor authentication could help avoid
attacks such as ransomware attacks.
She adds that municipalities often face a higher risk due
to their large budgets and employees who sometimes lack cybersecurity
knowledge.
"I am reassured to see that Stockton is thinking
about this, and is actually bringing it to the attention of people like the city
manager and the higher-ups because a lot of times folks like members of the
city council don't think about this stuff until you know, it's already
happened," Thomas said. "Whether it works or not, at least are
trying, which is a step in the right direction to be proactive about these
threats."
Council members are slated to vote on the policy and a response to the grand jury's report during their Tuesday meeting which opens to the public at 5:30 p.m.
ABC10
Gabriel Porras
September 9, 2022
No comments:
Post a Comment