Civic News
Municipal government

City: Cyber attack against Baltimore’s 911 computer-aided dispatch system was ransomware

According to Baltimore's CIO, the vulnerability was left open during troubleshooting. Ransomware is among the most common attacks against public safety agencies, said SecuLore's Tim Lorello.

Now you can see why people are calling 911. (Photo by Flickr user nadbasher, used under a Creative Commons license)

Ransomware perpetrators were behind Sunday’s cyber attack on the Computer Aided Dispatch (CAD) system that supports Baltimore’s 911 operations, according to Baltimore City Chief Information Officer Frank Johnson.
In a statement released Wednesday, Johnson said federal investigators are working with the city to determine the source of the attack, which forced the CAD system offline for 17 hours on Sunday. Officials have said that service was not disrupted during that time, as calls were dispatched by voice.
A ransomware attack often involves encrypting parts of a network, and a demand of payment in bitcoin to free it back up. It’s in the same category as the WannaCry attack.
It’s one of the most common types of attacks to target public safety systems, said Tim Lorello, CEO of Anne Arundel County–based SecuLore Solutions. The company specializes in cybersecurity for public safety, and, with a Pennsylvania firm, is set to begin a review of 911 systems across the state. Some cyber attacks involve stealing data, but ransomware only requires breaking in.
“With ransomware they have to infiltrate but they don’t have to exfiltrate,” he said. The attack “simply encrypts it in such a way that the victim can’t use the system.”
While he’s not involved in the Baltimore investigation, Lorello said that, in general, “The reason that the 911 center is a particularly interesting target is because they are a mission critical” function. Specifically, Lorello, said, “That CAD system is incredibly crucial to the proper 911 response.” But he added that dispatchers are trained to work in manual mode.
There’s been no indication of a payment demand in the Baltimore incident. Johnson characterized it as a “limited breach.”
“We were able to successfully isolate the threat and ensure that no harm was done to other servers or systems across the City’s network,” Johnson said. “Once all systems were properly vetted, CAD was brought back online. No personal data of any citizen was compromised in this attack.”
The move to isolate the computer infected by the attack is key, said Lorello, as it limits the attacker’s ability to move laterally into other parts of the network.
On the city’s side, the network was left exposed during troubleshooting.
“Upon further investigation, we have determined that the vulnerability was the result of an internal change to the firewall by a technician who was troubleshooting an unrelated communication issue within the CAD System,” Johnson said.
The attack in Baltimore city comes against the backdrop of a much more wide-ranging ransomware attack in Atlanta which took functions for police, courts and bill pay offline. Initially, city employees couldn’t send emails.
When it comes to public safety agencies specifically, Lorello said his company has identified 184 incidents at the state and local level in 45 states over the last two years. Not all of those were ransomware attacks.
Johnson indicated the city is well aware of the threats, and cybersecurity is part of the city’s strategic tech plan that is currently being finalized.
“It’s important to understand that each day, our network systems – as those of cities across the country – face constant manual and automated threats, in much the same way that individuals, companies, and institutions face in safeguarding their personal computers, servers, and IT networks,” Johnson said.

Before you go...

Please consider supporting to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

Our services Preferred partners The journalism fund

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!


How to encourage more healthcare entrepreneurship (and why that matters)

Find out what type of heat wave you’re really in for with NOAA’s HeatRisk dashboard

How AI can revolutionize education's quest for truth

Baltimore Money Moves: Howard County cyber company lands $150M Series D

Technically Media