By John Dobberstein, Editor
In the wake of a destructive Ransomware attack on the city of Tulsa last May, Broken Arrow city councilors unanimously approved $473,000 in American Recovery Plan Act Funds to conduct a Ransomware threat assessment and upgrade the city’s information infrastructure.
The council approved initial funding for upgrades last December to mitigate risks associated with the greater use of technology in response to COVID-19 protocols. The city’s information technology director, Scott Carr, says funding is needed to continue and expand cyber security defenses to mitigate the risk of Ransomware attacks on the city.
“The threat of a Ransomware attack has grown substantially in the past year, with hundreds of targets across the U.S. falling victim in recent months. Municipalities across the nation are among the top targets by threat actors,” Carr wrote in a memo to city leaders, noting the city of Tulsa, “has several more months of work before they are fully back up and running.
“There are significant costs related to the recovery from a Ransomware attack and those increase greatly when the time to bring systems online is considered,” he adds. “Some city systems have taken as much as 18 months to originally launch, but such a time frame to recover and re-launch the same system is not nearly as viable in the chaos that follows such an attack.”
About $96,000 will be used to hire a cyber security consultant over 2 years to augment and mentor the city’s IT department, and $242,000 will go to expanding the city’s existing licensing program with Microsoft and add products and capabilities made for securing the city environment.
Another $135,000 will be used to replace and upgrade the city’s network and its Supervisory Control and Data Acquisition (SCADA) network equipment and defenses with next-generation appliances and tools.
Carr estimated the direct cost of a Ransomware recovery could cost anywhere from $274,000 to $1.4 million to refurbish or replace computers, servers and data center storage, along with 5-10 months of up to three people working on the recovery full-time.
Recovery would also require an outside IT services group that could cost $1.1 million over 6 months for three support people working full-time, he says.
Leave a Reply