After Losing $17M to Cyber Attack Recovery, Atlanta Enhances Data Security and Partnerships
City of Atlanta
After a devastating cyberattack, Atlanta organized a plan to prevent future attacks by making cybersecurity the foundation of its activities, increasing investment in cloud storage, and partnering with organizations to aid preparation and response to cyberthreats.
General Fund/Existing Public Funds
Operational since 2018
Chief Innovation Officer
In March of 2018, Officials with the City of Atlanta learned they had been the victims of a cyberattack when City Auditor Amanda Noble found her computer files encrypted by a computer virus, rendering them useless and unable to be opened.
The perpetrator of the chaos was a powerful computer virus known as SamSam.
The effects of the attack were devastating - one city councilman’s office lost 16 years of digital records. With critical city systems unavailable, police were forced to conduct business on mobile phones. Municipal services such as online bill payments, airport Wi-Fi, and even some water department services were shut down due to the outages. Additionally, city officials were contacted by unknown hackers who demanded $51,000 in bitcoin as a ransom to provide digital keys to restore scrambled police and financial files. Due to the system-wide devastation, the FBI was called in to help Atlanta handle the situation.
As data management teams worked to restore normal operations, it was unclear if the city’s backup servers had been corrupted, and to what extent information was unrecoverable without paying the ransom. In the end, the city did not pay the ransom, although the recovery cost from the attack totaled $17 million and key city services were hobbled for almost two weeks.
Months later in June, the head of Atlanta Information Management (AIM), the city’s department which oversees the Office of Information Security, reported that over 139 of the city’s 424 software programs were still offline or partially inoperable. Almost 30% of those 139 programs were deemed “mission-critical”.
As with many cities, Atlanta’s computer system is a mix of old and new technologies. Just a few months before the attack, the city had published the results of a cyber-security audit that had identified the system as having many vulnerabilities but no actions were being taken by the city to eliminate these gaps. In the aftermath of the attack, overhauling the city’s cybersecurity systems seemed clear, but how to put in place systems to prevent a future attack was less certain.
The attack uncovered some critical issues within the city’s AIM department that prevented a better response to the crisis, including the department’s lack of a centralized approach to security, and absence of collaboration with outside organizations such as MS-ISAC (Multi-State Information Sharing & Analysis Center).
Partnerships with organizations like MS-ISAC and the FBI, whose goals include improving cybersecurity posture through cyber threat prevention and response, have been a tool for other cities dealing with cyberattacks.
Accordingly, one of the first steps taken by the city post-attack was to bring in a new CIO, Gary Brantley. Brantley had previous experience working with Georgia’s 3rd largest school district and was recognized as one of ComputerWorld’s “Premier Top 100 CIOs” in the nation.
After accepting the position as CIO and head of the Department of Atlanta Information Management, Brantley spoke to the focus that would be put on cybersecurity, “Going forward, we have a security strategy at the front of everything we do, even if it’s just conceptually,” he said last year. “We’re still going to innovate, but we’ve started to focus on having a secure operational environment and having that be the foundation before we get into disruptive types of technology.” As part of this move, the city increased investment in cloud storage, a measure that protects valuable data backups in case of an attack. Additionally, AIM started The Application Rationalization Project, an approach to vet the applications used by the city and choose to either modernize, migrate, replace or retire them. "What you see is redundancy across the City of Atlanta. And I'm not talking about redundancy in a good way," said Brantley.
Hosting the 2019 Super Bowl, however, ended up opening the city to strategies and partnerships not thought of before. Because the Super Bowl is rated the highest security priority for DHS, the department formed a partnership with Atlanta to make sure security was on point physically and technologically. The city used the game to start conversations with other organizations, forming a network that could aid in furthering its security goals.
The city increased usage of cloud storage, protecting valuable data backups from attack
Atlanta increased collaboration with outside organizations to augment its cyberattack prevention strategies
The city took inventory of all applications used, allowing the retirement or elimination of outdated or redundant technology.
Cities can reduce the success of cyberattacks by prioritizing the elimination of system vulnerabilities and by investing in cloud storage to ensure the safety of system backups.
In 2019, the city formed an advisory board made up of top IT officers from some of the biggest corporations in the area (Coca-Cola, Delta Airlines, Equifax, etc.) to advise city leaders on technology policies, including connecting residents with digital services and future IT investments.
Who Should Consider
Cities or towns looking to strengthen their defenses, and data security, against cyberattacks.
Last UpdatedMar 22nd, 2022
More resources about this case study