The duration of Johnson's leave is not clear, but a city official says deputy IT chief Todd Carter will be stepping in to manage day-to-day operations. Johnson faced criticism for his response to the May cyberattack.
Frank Johnson, Baltimore's IT director who managed the city's response to the catastrophic ransomware attack earlier this year, is on leave, according to reports and a city official.
While he is away, Johnson will be replaced by his deputy, Todd A. Carter.
James Bentley, press secretary for the Mayor's Office, confirmed that Johnson is on leave but said he didn't know that the leave was "indefinite" — as reported by Baltimore Brew.
Bentley couldn't say what precipitated Johnson's leave, nor put a timeline on his return.
"All I can say is that Frank is on leave and that Todd as the deputy is taking over day-to-day operations," he said.
Johnson, who also serves as the city's chief digital officer, received significant criticism from local authorities for the response to the May 7 attack. City council members alleged a lack of transparency and communication in the wake of the incident, as well as an inability to maintain a functional organization "during an emergency event." He also also never drafted a continuity of operations plan for an IT attack of the kind that occurred.
Additionally, the May attack — which left Baltimore with an estimated $18 million in revenue losses and recovery costs — was the second ransomware attack to occur under Johnson's watch, after a similar attack on the city's computer aided dispatch system in March of 2018.
Carter, who joined the city a mere day before it was thrown into chaos by the May attack, will now be responsible for daily operations — including those related to the city's ongoing recovery process, Bentley said.
According to his LinkedIn profile, Carter spent decades in the private sector, employed as an IT director for a number of large energy companies, including Baltimore Gas & Electric, and Exelon, among others. He describes his experience as involving "extensive management experience," which has included "developing and executing IT strategy, and establishing appropriate governance to ensure IT strategies deliver IT projects and programs to their stated objectives while optimizing IT assets, managing IT costs, and developing human resource talent."
The city itself is still recovering from the May attack, though things are much better than several months ago when numerous bill pay systems were paralyzed and a majority of the city's staff didn't have computer access, Bentley said.
"We're not at 100 percent, but I think we're pretty close. I know the investigation is still ongoing, but we have the majority of our applications and everybody's back online," he said. "As far as I know, everything is back up and running. They started mailing water bills out at the beginning of last month."