“There’s a lot of ongoing work that we have around identifying any place within our technology infrastructure where we think we have got a vulnerability or a system that we don’t think has the right kind of redundancy,” said Jascha Franklin-Hodge, chief information officer for the city.
Boston plans to spend $3.5 million through 2020 building the firewall and making other cybersecurity improvements. The new firewall, which will add to the city’s existing cybersecurity tools, is expected to be fully operational by the end of the year.
Greg McCarthy, chief information security officer for Mayor Martin J. Walsh’s administration, compared the city’s multifaceted security plan to the structure of an onion.
“The center of the onion is the crown jewel of the city, and we continually build layer on layer to protect it,” he said.
The city hasn’t had any breaches it is aware of, Franklin-Hodge said, but many have tried.
“We have external parties that are scanning our networks looking for vulnerability where they might attack — this is a fact of life,” he said. “This is a high-threat environment that we operate in.”
Part of the money budgeted for security is being used to improve the network’s ability to continue operating in the event of an outage or a glitch.
Last weekend, a city-owned homeless shelter and part of the Boston Fire Department were without network access after a power supply failure. Franklin-Hodge said existing backup equipment and contingency plans kept the outage from being critical, but the city will address the problem.
“A single component failure was able to take down a piece of the network,” he said. “We had backup plans — 98 percent of the network had a proper redundant power configuration, 2 percent did not.”
Glitches and network problems took down the New York Stock Exchange and United Airlines last week.
Cities currently are not the most common target for hackers, but could make attractive targets, said Cesar Cerrudo, chief technology officer for IOActive Labs, a cybersecurity firm.
Last week, the federal Office of Personnel Management disclosed that 21.5 million records had been accessed.
“There could be different goals — it could be to get money in the case of cyber criminals. It could be to cause terror (or) create chaos in case of cyber terrorists or foreign governments,” Cerrudo said. “Attacks could be small and insignificant but people get angry when they can’t do their regular daily activities like going to work, connect to the Internet, make a phone call.”
©2015 the Boston Herald, Distributed by Tribune Content Agency, LLC.
