1 It is our understanding that the city became aware of a cyberattack it fell victim to in February 2024. Could you describe the scope of this attack? Where were the greatest disruptions, and did the attack affect both computer and phone systems?
The City of Hamilton became aware on the evening of Sunday, February 25, 2024 that it was impacted by a cybersecurity incident that compromised many of our IT systems, including disruptions to our phone system. A dedicated team of City staff and external experts took swift action to investigate, protect our systems, and minimize the impact on the community and facilitate recovery. The City has confirmed that it was a ransomware attack.
2.While cybercrime is a grave and reprehensible issue, many Hamiltonians may be wondering why it has taken so long to fully restore the impacted systems. Were there adequate backup systems, imaging, redundancy, and other industry best practices in place to protect against such an attack? If these safeguards were in place, how did they fail? If not, what steps are being taken to strengthen the city’s systems moving forward? To clarify, we are not asking for specific details that could compromise the city’s security efforts, but rather, in a broader sense, what industry best practices or new measures are being introduced as a result of this breach?
The City has been taking a thoughtful and intentional approach to its response, focused on best meeting the needs of the community. Despite the incident, the City has continued to deliver its critical programs and services.
As the City continues to recover and build back better, it is identifying opportunities to improve and strengthen systems and infrastructure and protect against future cyber incidents. The City is moving forward with application replacement and received Council approval for both funding and staffing increases to continue to advance the City’s Cyber resiliency as part of building back better.
The City has cybersecurity measures in place, which are updated regularly. Unfortunately, cybersecurity incidents are becoming more common globally. While the City continues to strengthen the security of its IT systems to the ever-changing landscape of cybersecurity threats, no security measure will make a network wholly protected from such incidents. Survey results from the Municipal Information Systems Association of Ontario annual survey indicated that 6 per cent of municipalities have experienced a significant cyber breach in the past two years.
The City has completed a detailed review of its cybersecurity program with the assistance of third-party experts and has developed a cyber resilience roadmap to strengthen our infrastructure and to minimize the risk of future incidents.
3. What percentage of the affected systems have been fully restored to 100% functionality? Could you also elaborate on which systems still require full restoration?
The City has been taking a thoughtful and intentional approach to its response, focused on best meeting the needs of the community. Despite the incident, the City has continued to deliver its critical programs and services.
With the incident contained and the delivery of essential core programs ongoing, the City is now largely focused on recovery, restoration, and rebuilding/ transformation.
Recovery: Prioritize, rationalize and prepare systems to be restored.
Restore: Return systems to their pre-incident state.
Rebuild/Transform: Upgrade, replace and enhance systems to be more resilient and improve customer service.
Throughout these phases, the City continues to prioritize critical systems, service continuity, and meeting the needs of the community. In some instances, the City is relying on short-to-mid-term mitigation solutions to limit service disruptions, including manual processes and interim or new technology solutions. The City continues to make applications and associated services available as part of the ongoing recovery and build back better approach.
As the City continues to focus on recovery, restoring and rebuilding/transformation, background and a list of impacted systems that require full restoration can be found within the following General Issues Committee Information Report (Cybersecurity Incident Impact Update (CM24004)) and the report’s Appendix A.
The cybersecurity incident significantly affected the City’s complex technology infrastructure, that supports approximately 8,000 full time city employees, nearly 600,000 residents, and upwards of 7,000 business partners.
We appreciate the public’s patience and understanding during this time and apologize for any inconvenience this may cause. With essentially all services now operating in full or modified state, the City is shifting its focus from response to long-term transformation, turning challenge into opportunity. There are some online services such as building permits which are still being restored.
4. What training or resources has the city provided to its employees to help them better guard against social engineered attacks and similar cyber threats?
The City of Hamilton became aware on the evening of Sunday, February 25, 2024 that it was impacted by a cybersecurity incident that compromised many of our IT systems, including disruptions to our phone system. A dedicated team of City staff and external experts took swift action to investigate, protect our systems, and minimize the impact on the community and facilitate recovery. The City has confirmed that it was a ransomware attack.
2.While cybercrime is a grave and reprehensible issue, many Hamiltonians may be wondering why it has taken so long to fully restore the impacted systems. Were there adequate backup systems, imaging, redundancy, and other industry best practices in place to protect against such an attack? If these safeguards were in place, how did they fail? If not, what steps are being taken to strengthen the city’s systems moving forward? To clarify, we are not asking for specific details that could compromise the city’s security efforts, but rather, in a broader sense, what industry best practices or new measures are being introduced as a result of this breach?
The City has been taking a thoughtful and intentional approach to its response, focused on best meeting the needs of the community. Despite the incident, the City has continued to deliver its critical programs and services.
As the City continues to recover and build back better, it is identifying opportunities to improve and strengthen systems and infrastructure and protect against future cyber incidents. The City is moving forward with application replacement and received Council approval for both funding and staffing increases to continue to advance the City’s Cyber resiliency as part of building back better.
The City has cybersecurity measures in place, which are updated regularly. Unfortunately, cybersecurity incidents are becoming more common globally. While the City continues to strengthen the security of its IT systems to the ever-changing landscape of cybersecurity threats, no security measure will make a network wholly protected from such incidents. Survey results from the Municipal Information Systems Association of Ontario annual survey indicated that 6 per cent of municipalities have experienced a significant cyber breach in the past two years.
The City has completed a detailed review of its cybersecurity program with the assistance of third-party experts and has developed a cyber resilience roadmap to strengthen our infrastructure and to minimize the risk of future incidents.
3. What percentage of the affected systems have been fully restored to 100% functionality? Could you also elaborate on which systems still require full restoration?
The City has been taking a thoughtful and intentional approach to its response, focused on best meeting the needs of the community. Despite the incident, the City has continued to deliver its critical programs and services.
With the incident contained and the delivery of essential core programs ongoing, the City is now largely focused on recovery, restoration, and rebuilding/ transformation.
Recovery: Prioritize, rationalize and prepare systems to be restored.
Restore: Return systems to their pre-incident state.
Rebuild/Transform: Upgrade, replace and enhance systems to be more resilient and improve customer service.
Throughout these phases, the City continues to prioritize critical systems, service continuity, and meeting the needs of the community. In some instances, the City is relying on short-to-mid-term mitigation solutions to limit service disruptions, including manual processes and interim or new technology solutions. The City continues to make applications and associated services available as part of the ongoing recovery and build back better approach.
As the City continues to focus on recovery, restoring and rebuilding/transformation, background and a list of impacted systems that require full restoration can be found within the following General Issues Committee Information Report (Cybersecurity Incident Impact Update (CM24004)) and the report’s Appendix A.
The cybersecurity incident significantly affected the City’s complex technology infrastructure, that supports approximately 8,000 full time city employees, nearly 600,000 residents, and upwards of 7,000 business partners.
We appreciate the public’s patience and understanding during this time and apologize for any inconvenience this may cause. With essentially all services now operating in full or modified state, the City is shifting its focus from response to long-term transformation, turning challenge into opportunity. There are some online services such as building permits which are still being restored.
4. What training or resources has the city provided to its employees to help them better guard against social engineered attacks and similar cyber threats?
5..Does the city permit remote connections from laptops or other devices? If so, what security measures are in place to prevent intrusions, particularly when devices are being used offsite?
The City provides cyber security training and conducts phishing and business email compromise related training with staff prior to the incident and continues to do so following the incident. The City had cyber-security controls in place prior to the cybersecurity incident, including multi-factor authentication for some systems and staff areas. We further enhanced cyber-security controls across the organization, including the additional roll-out of multi-factor authentication and staff training. This aligned with the guidance we received from our external cybersecurity experts. The City has relied upon the guidance of these external cyber experts to advise on enhanced security measures, as well as what can be shared publicly in order to protect the City from any potential vulnerabilities. As the response to this incident is ongoing, the City must be sensitive to what information is shared.
6. To conclude, this next question is optional: Is there any additional information or a specific question you wish we had asked,? If so, feel free to take this opportunity to pose the question and respond to it.
Passed.
Thank-you Cyrus for engaging with Hamiltonians via The Hamiltonian!
Photo by Bermix Studio on Unsplash
No comments:
Post a Comment
Your comments are welcome. Please abide by the blog's policy on posting. This blog facilitates discussion from all sides of issues. Opposite viewpoints are welcome, provided they are respectful. Name calling is not allowed and any posts that violate the policy, will not be authorized to appear. This blog also reserves the right to exclude comments that are off topic or are otherwise unprofessional. This blog does not assume any liability whatsoever for comments posted. People posting comments or providing information on interviews, do so at their own risk.
This blog believes in freedom of speech and operates in the context of a democratic society, which many have fought and died for.
Views expressed by commentators or in articles that appear here, cannot be assumed to be espoused by The Hamiltonian staff or its publisher.