Civic News
Cybersecurity / Municipal government

Mayor: City of Baltimore will have to rebuild some IT systems to recover from cyber attack

Many systems are in "manual mode" as a result of the ransomware attack. The latest system to require a workaround: real estate.

Baltimore City Hall. (Photo by Flickr user Mr.TinDC, used via a Creative Commons license)

Many of the City of Baltimore’s IT systems were taken offline on May 7 following a crippling cyber attack. Nearly two weeks later, these systems remain shut down as the city works with outside experts to restore systems, and the FBI investigates the Robbinhood ransomware attack.

On Friday, Mayor Bernard C. “Jack” Young released an update stating that the city was “well into the restorative process.” He also indicated that parts of that process take time. This includes deploying “enhanced monitoring tools” for 7,000 network users in order to contain the attack. Young also said that restoration also requires that “we rebuild certain systems to make sure that when we restore business functions, we are doing so in a secure manner.”

“I am not able to provide you with an exact timeline on when all systems will be restored. Like any large enterprise, we have thousands of systems and applications,” Young said. “Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process.”

(The weeks-to-months timeline squares with what we’re hearing from the cybersecurity community).

Officials have maintained that emergency services such as 911 and 311 service are continuing, and said other agencies have shifted “operations into manual mode and established other workarounds to facilitate the continued delivery of services to the public.”

Showing the scope involved in this change, the statement also included a list of some of the services that were affected.

  • On a wide operational scale, email and voicemail are not operational, though phone systems are online. The city’s online bill payment system is offline, and while bills can still be paid in person, late fees are suspended.
  • The mayor’s office also notes that the parking fines database cannot be accessed, but there’s a workaround to help citizens retrieve vehicles from the city impound lot.
  • New permits aren’t able to be received, but existing applications are being processed.
  • DPW is helping customers over the phone or in-person, and summer camp applications are being accepted in-person.
  • Open Baltimore, the city’s public records database, isn’t being updated, either, the Baltimore Sun reported.

Among the systems most directly affecting day-to-day business beyond government is that of real estate transactions, including home sales. Young said that the city would begin a manual workaround to this on Monday. While it remains unable to access financial records for a key document called a lien certificate to be generated, the city will allow people to sign a document that states they agree to pay outstanding charges that may be shown on the certificate. This must take place in-person at the Abel Wolman Municipal Building near City Hall.

“The bottom line is that if you’re trying to buy a home in Baltimore or purchase a commercial property, you can show up on Monday and get your Lien Certificate,” Young said. “It’s going to take a few extra steps, but we should be up and running right away.”

As recovery continues, there is also indication that the city’s overall cybersecurity posture will be discussed even when systems are restored.

Late last week, City Council President Brandon Scott said a new committee would be organized on “cybersecurity and emergency preparedness.”

Chaired by Councilman Eric Costello and Councilman Isaac “Yitzy” Schleifer, the committee will look at the response to the attack, obtain expert testimony and examine the city’s overall coordination on cybersecurity.

The latest attack comes after the city’s 911 system was temporarily shut down by a ransomware attack last year. On Friday, the Baltimore Sun reported that city Chief Information Officer Frank Johnson told the city’s planning commission in January that the city was “woefully behind in cybersecurity capabilities, staff needs and infrastructure.”

And it’s been a concern in municipal circles, as Atlanta was attacked last year. Before the latest in Baltimore, Greenville, N.C., also fell victim to the Robbinhood ransomware.

Scott started his own statement this way: “This cyber attack against Baltimore City government is a crisis of the utmost urgency.”

Companies: City of Baltimore

Knowledge is power!

Subscribe for free today and stay up to date with news and tips you need to grow your career and connect with our vibrant tech community.

Technically Media