Cyberattacks and Public Agency Response
by Nora Wetzel
Cyberattacks and resulting data breaches are a growing threat to cities. In January 2020, the City of Las Vegas experienced a cyberattack when bad actors gained access to the city’s network via a malicious email. Las Vegas had previously taken a public position not to pay a ransom, though it is unclear if this attack involved ransomware. The city reportedly caught the attack early and does not believe any data was lost or taken. Another city, New Orleans, fell victim to a cyberattack in December 2019. The city detected suspicious activity on its network, investigated the activity, and discovered a ransomware attack affecting roughly 4,000 city computers. The city’s IT Department ordered all employees to power down computers and disconnect from Wi-Fi. All city servers were also powered down, and employees were told to unplug their devices. New Orleans had cyber insurance and expected it to cover nearly
$1 million in costs the city incurred as a result of the attack, though the insurance did not cover the costs of paying a ransom. In October 2019, a suspected cyberattacker targeted the City of San Marcos in California. The attack affected the city’s email system, leaving employees unable to communicate with some members of the public. Employees discovered the problems, and the city manager confirmed the city was the victim of suspected hacking. The City of Baltimore was attacked in May 2019 by ransomware known as “RobinHood.” Some experts said the attack involved a tool developed by the National Security Agency. The attack locked the city out of its computer servers and demanded ransom. Officials said the attack cost the city more than $18 million. In summer 2019, hackers infiltrated 22 Texas cities’ computer systems and
About Legal Notes This column is provided as general information and not as legal advice. The law is constantly evolving, and attorneys can and do disagree about what the law requires. Local agencies interested in determining how the law applies in a particular situation should consult their local agency attorneys.
demanded a ransom. The mayor of one of those cities said the attackers asked for $2.5 million in ransom to restore their systems. The Texas Department of Information Resources said that the evidence pointed to a single-threat actor. A representative for the department reported that he was “not aware” of any of the cities having paid the ransom sought by hackers and disclosed that the affected locales were mostly rural. continued on page 10
Nora Wetzel is a partner in the law firm of Burke, Williams & Sorensen, LLP, and can be reached at NWetzel@bwslaw.com. www.westerncity.com
Western City, June 2020
5