Disaster Discourse: The Hagerty Blog

The “Hostage Situation” in Atlanta and Hagerty’s Integrated Approach to Cyber Preparedness

“We are dealing with a hostage situation.”

On March 22nd, Mayor Keisha Lance Bottoms and the citizens of the City of Atlanta awoke to a ransomware cyberattack that had compromised “multiple applications and client devices” in the City. The list of the affected includes billing systems, the court system, and “vital communications like sewer infrastructure requests.” The attackers, believed to be a group notorious for using SamSam ransomware, locked these systems and demanded six-bitcoin  (roughly $51,000).

Over three weeks later, Atlanta Information Management (AIM), the City’s information technology department, is still working to restore service. Residents in Atlanta “can’t pay their water bill or their parking tickets” while City employees are using paper forms to ensure the continuity of vital services. This attack is estimated to have cost the City $2.7 million.

With recent attacks across the country and globe, such as the cyberattack in Saudi Arabia, and the apparent weaknesses of other important systems in the United States, it’s more pressing than ever to question whether your community or organization is prepared for a cyberattack. Often, it is not a question of whether a cyberattack will happen but whether your organization will be prepared to respond and to limit the damage when one does occur.

Hagerty’s Cyber Nexus Approach to Cyber Program Management

Hagerty’s CNA strategy ensures that emergency management teams (including law enforcement and public safety officials) and information technology teams interact at critical points before, during, and after a cyber disruption in order to implement a coordinated response.

As these recent incidents exemplify, attackers can disrupt both virtual and kinetic systems, causing massive disruptions to daily life, which is why cyber incidents are not just an issue for your information technology department. For this reason, Hagerty’s Cyber Nexus Approach (CNA) emphasizes the need for coordination between emergency management partners and information technology partners on a continuous basis.

  1. Pre-Incident. To effectively prevent, respond to, and recover from cyber disruptions, emergency management and information technology partners must first collaboratively establish and test plans for managing complex cyber incidents. A collaborative planning, training, and exercise process establishes important relationships and reveals strengths and areas for improvement related to cyber incident preparedness, response, and recovery.
  2. Incident Response. A response that is coordinated across emergency management and information technology is a streamlined response. Coordination will ensure that each team is aware of overlapping operations while performing their functional missions, thereby minimizing or eliminating unnecessary duplication of efforts.
  3. Post-Incident. Coordinated recovery and mitigation operations will facilitate the restoration of virtual and physical systems, ultimately supporting the jurisdiction’s ability to recover quickly and strengthen future response operations.

Enhancing your jurisdiction’s cybersecurity program requires collaboration across primary and secondary response partners to make sure a cyber “hostage situation” does not impact your community.

Caroline Brown is an Operations Associate at Hagerty’s Headquarters in (sometimes) sunny Evanston, IL, where she supports the development of technical proposals issued by federal, state, and local governments across the country. Ms. Brown also leads Hagerty’s Disaster Discourse Monthly, a newsletter that curate news about innovations, advancements in technology, and groundbreaking practices in the emergency management space. When she’s not writing for Hagerty, Ms. Brown is a freelance illustrator and dog spotting enthusiast.