Civic News

City: Cyber attack against Baltimore’s 911 computer-aided dispatch system was ransomware

According to Baltimore's CIO, the vulnerability was left open during troubleshooting. Ransomware is among the most common attacks against public safety agencies, said SecuLore's Tim Lorello.

Now you can see why people are calling 911. (Photo by Flickr user nadbasher, used under a Creative Commons license)

Ransomware perpetrators were behind Sunday’s cyber attack on the Computer Aided Dispatch (CAD) system that supports Baltimore’s 911 operations, according to Baltimore City Chief Information Officer Frank Johnson.
In a statement released Wednesday, Johnson said federal investigators are working with the city to determine the source of the attack, which forced the CAD system offline for 17 hours on Sunday. Officials have said that service was not disrupted during that time, as calls were dispatched by voice.
A ransomware attack often involves encrypting parts of a network, and a demand of payment in bitcoin to free it back up. It’s in the same category as the WannaCry attack.
It’s one of the most common types of attacks to target public safety systems, said Tim Lorello, CEO of Anne Arundel County–based SecuLore Solutions. The company specializes in cybersecurity for public safety, and, with a Pennsylvania firm, is set to begin a review of 911 systems across the state. Some cyber attacks involve stealing data, but ransomware only requires breaking in.
“With ransomware they have to infiltrate but they don’t have to exfiltrate,” he said. The attack “simply encrypts it in such a way that the victim can’t use the system.”
While he’s not involved in the Baltimore investigation, Lorello said that, in general, “The reason that the 911 center is a particularly interesting target is because they are a mission critical” function. Specifically, Lorello, said, “That CAD system is incredibly crucial to the proper 911 response.” But he added that dispatchers are trained to work in manual mode.
There’s been no indication of a payment demand in the Baltimore incident. Johnson characterized it as a “limited breach.”
“We were able to successfully isolate the threat and ensure that no harm was done to other servers or systems across the City’s network,” Johnson said. “Once all systems were properly vetted, CAD was brought back online. No personal data of any citizen was compromised in this attack.”
The move to isolate the computer infected by the attack is key, said Lorello, as it limits the attacker’s ability to move laterally into other parts of the network.
On the city’s side, the network was left exposed during troubleshooting.
“Upon further investigation, we have determined that the vulnerability was the result of an internal change to the firewall by a technician who was troubleshooting an unrelated communication issue within the CAD System,” Johnson said.
The attack in Baltimore city comes against the backdrop of a much more wide-ranging ransomware attack in Atlanta which took functions for police, courts and bill pay offline. Initially, city employees couldn’t send emails.
When it comes to public safety agencies specifically, Lorello said his company has identified 184 incidents at the state and local level in 45 states over the last two years. Not all of those were ransomware attacks.
Johnson indicated the city is well aware of the threats, and cybersecurity is part of the city’s strategic tech plan that is currently being finalized.
“It’s important to understand that each day, our network systems – as those of cities across the country – face constant manual and automated threats, in much the same way that individuals, companies, and institutions face in safeguarding their personal computers, servers, and IT networks,” Johnson said.

Before you go...

Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

3 ways to support our work:
  • Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
  • Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
  • Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
The journalism fund Preferred partners Our services
Engagement

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!

Trending

The person charged in the UnitedHealthcare CEO shooting had a ton of tech connections

From rejection to innovation: How I built a tool to beat AI hiring algorithms at their own game

Where are the country’s most vibrant tech and startup communities?

The looming TikTok ban doesn’t strike financial fear into the hearts of creators — it’s community they’re worried about

Technically Media