Akron, Ohio, Eyes Move to Cloud-Based System Post-Attack

The city is still in recovery mode from a Jan. 22 cyberattack and officials have expressed an interest in girding city systems by taking them to the cloud. The attack last month forced IT personnel to take public-facing services offline.

by Alan Ashworth, Akron Beacon Journal / February 11, 2019

(TNS) — As the city of Akron repairs its computer system after last month's cyberattack, some city council members are turning their attention to a more robust — if not perfect — long-term approach to cyberprotection.

Russel Neal, Ward 4 councilman, said the city should consider a cloud-based system in partnership with a company that specializes in cybersecurity. He said such an agreement would enable the city's system to keep up with ever-emerging threats. It would also reduce the risk presented by a ransomware attack.

"This is only going to continue," Neal said. "Cyberwarfare is a thing of the present and will be in the future."

The city responded quickly to the Jan. 22 attack, limiting damage to its servers and system. But the damage was severe enough to knock out public-facing components of the system — most notably, online 311 at the end of a dayslong snowstorm — for nearly two weeks. The city's response included a direct appeal from Mayor Dan Horrigan to Ohio Gov. Mike DeWine for National Guard assistance. The FBI joined the Guard's cyber team and the city in an investigation that will take weeks or months.

After an earlier cyberattack on Akron's computer system, Neal was appointed to an ad hoc committee to investigate solutions. At the time, Neal recalls, council was considering how to best get its legislation online. He became convinced that a cloud-based approach was the way to go.

"The reality of it is 85 percent of cities use ... cloud-based systems to keep their information online," the councilman said. By contracting with a cyber-savvy corporation, Akron and its IT department would gain access to continual improvements in cyberprotection and improve security for its data.

"They have the wherewithal to keep their systems at par if not ahead of all the different ways people are trying to infiltrate systems," Neal said about cloud-operating behemoths like IBM. He cites the example of Seat Pleasant, Maryland, which contracted with IBM for a cloud-based computer system that includes access to cyberprotection tools unavailable to the city of 4,000 residents before its agreement.

Cost-effective plan

John Nicholas, a professor in the University of Akron's computer information systems program, said a cloud-based system like the one Neal envisions could be a viable option for Akron.

"The biggest benefit is the financial side of it," Nicholas said. "There are multiple approaches, but that one's more cost-effective."

The focused expertise, too, would be a benefit the city could not otherwise easily afford, Nicholas said.

"These companies are at the forefront, and they have the machinery and cutting-edge experts who would be too expensive to hire," Nicholas said.

Neal expects Akron's cyber susceptibility will come up in March during discussions of the operating budget. But he hopes the administration will update council at its meeting Monday on remediation efforts and the investigation into the most recent cyberattack. Although public-facing aspects of the system are functioning, internal remediation is ongoing.

Ward 8 Councilwoman Marilyn Keith said she expects council to take action when it has the final report on the cyberattack investigation.

"We are aware now that we get targeted a lot," Keith said. Although she's been satisfied with the cyberprotection efforts of the city, the latest attack was a wake-up call. "What this told us, is we need to up our game," she said. "Up until this point, I have been very satisfied."

The online 311 capability of the system is functioning, online bill-paying is back in service and council's email system is working again. City spokeswoman Ellen Lander Nischt said last week that some computers were being replaced and new software tools were being added to the system.

More work ahead

Despite the successes, Councilwoman Keith knows there's still plenty of internal work and evaluation to come.

"There are still computers down and not working," Keith said. "Until we are complete and up and running, we can't do a full diagnosis."

When that time comes, she said, council will need to examine new solutions. As threats emerge, the city's approach to cybersecurity will have to evolve, too.

"As hackers get more sophisticated," Keith said, "we need to get more sophisticated."

Keith declined to discuss specifics of what the city will do differently. She said she'll wait for the completed analysis to decide how she thinks the city's cyber approach should change.

"We'll wait on the report to see what the experts say," she said.

Nicholas believes intensified cyberprotection efforts are necessary not only for the city, but all organizations.

"A lot of these threats are being developed by AI and machine learning," he said. "The next few years are going to be very rough."

©2019 the Akron Beacon Journal (Akron, Ohio). Distributed by Tribune Content Agency, LLC.

Platforms & Programs