On this episode of GovTech360, a postmortem on Baltimore’s costly cybersecurity fail; a startup with a better way to find a public bathroom; and a first-person preview of GovTech’s adventures in China.
It’s been a little over a month since a ransomware attack took out Baltimore’s IT services and cost millions of dollars to recover from. GovTech reporter Lucas Ropek helps break down what happened, how the city could have responded differently, and the potential advantages and pitfalls of paying a ransom. Then, Paul talks to the founder of Good2Go, a startup using tech to match people looking for a public restroom with retailers willing to offer theirs, and improving bathroom safety and accessibility at the same time. Plus, a sneak peek at e.Republic Chief Innovation Officer Dustin Haisler’s monthlong stay in China learning what makes their gov tech tick.
Audio Index (Time Stamps):
Transcript (Edited for Length and Clarity)
It's the all-new GovTech360: The Intersection of Government, Technology and the Future.
This time out:
[Voice over: In one ear and in the other in glorious monaural, this is GovTech360.]
Paul: From the Market Insight studios, I'm Paul Taylor. Dustin Haisler will be here in a moment. Now though, it's GovTech writer Lucas Ropeck. Hey, Lucas.
Lucas: Hey, Paul.
Paul: So there are some new cycles that are counted in minutes or hours, but in Baltimore you could use a calendar. Set this up, Lucas, what happened? And over a month later, what do the critics have to say about the city's security stance?
[Voice over: Thing One]
Lucas: The city of Baltimore suffered a ransomware attack on May 7 and it's actually the second ransomware attack in a little over a year for the city. In March of 2018, actually, the computer-aided dispatch system got hacked. So it's sort of an especially embarrassing incident for Baltimore. It knocked out a lot of their service delivery and the city is still sort of coming back to life. Now, thankfully a lot of their city services, they can deliver again and a lot of city staff are back to work. But it's really been a sort of arduous process for city officials to get everything back up and running. And there's been a lot of criticism of how the city really handled this incident.
[Voice over: Thing Two]
Lucas: For that, there's basically two sort of big areas that officials had been criticized for. The first is their attention to security and defense proceeding the hack. And the second one is their diplomatic and tactical responses following it. So if we want to just start with the defense and security procedures, or maybe the lack thereof, one of the biggest embarrassments I would say for the administration has been that many people feel this whole thing could have been avoided had they just listened to Microsoft two years earlier. In 2017, Microsoft issued both an alert and a patch for the tool that was allegedly used in this attack, the NSA-sourced cyberweapon, EternalBlue. The patch, if Baltimore officials had used it, should have covered the critical vulnerability that was ultimately exploited by the hackers. And then there's the sort of diplomatic problems. One of the biggest complaints to be leveled at the city's administration is that they displayed a lack of trust in state and local officials and were as a result really bad at communicating during and immediately after the crisis. There were complaints from city council members who said there they were basically left in the dark as to what was happening in the initial aftermath.
[Voice over: Thing Three]
Lucas: There were complaints from state IT officials, such as Maryland CISO John Evans, who said that during the first week after the attack, Baltimore officials essentially declined assistance, and Evans attributed this to a lack of trust of state officials. There's also a kind of weird third category of criticism that's out there, sort of controversial, but there's a lot of people who are basically saying, "You know, the city should have just paid the ransom," because I believe the original asking price of the hacker amounted to something like between $80,000 and $100,000, whereas the city right now is projected to lose at least $18 million to revenue losses and recovery efforts. But it's an interesting question because you see these smaller cities that have actually begun to pay ransomware hackers, like Lake City and Riviera Beach in Florida. And it just begs the question of what kind of precedent does this set when cities are making it known to hackers that they're legitimate targets for this kind of extortion.
Paul: And that is exactly the warning that cybersecurity experts have always said as part of conventional wisdom is not to pay.
Paul: It's the horns of a dilemma for these cities, even though it could have saved them a bundle of cash.
Lucas: There's not really an easy solution, I think, once you've suffered one of these attacks.
Paul: So where does Baltimore go from here?
Lucas: Baltimore isn't a huge city. It's not New York, but hopefully they should have the resources and the motivation to invest in adequate security and to keep everything up to date.
Paul: Well, Lucas, thanks for your good reporting on this. We've got a link to your story in the show notes at govtech.com/360.
[Voice over: Thing Four]
Paul: In the four years we have been curating the GovTech 100, we have met startup founders who found opportunities in problems — perhaps none more universal than that feeling when you have just got to go.
[Actuality: Mobile Toilet Door Closes]
Paul: That is the sound of the door closing on a Good2Go restroom, the brainchild of Fran Heller, who set out to use digital technology to match willing retailers and their restrooms with people who need to use them.
Fran Heller: You're solving two challenges: You're helping the retailer manage access to their restroom and you're helping the consumer find and access a restroom. And that's ultimately what both sides of that two-sided marketplace are wanting and needing. And then most importantly, if you're using technology to access a space like a site or a structure, or an area like a restroom, then human behavior changes, right? Because you're a known user, it would be the same if you were using a fob key or an ID card to unlock and open a door, you're not going to be a bad actor, right? Your behavior is going to change because now you're using a digital key. A lot of the challenges that they had around shoplifting or vandalism or drug paraphernalia or drug use have been eliminated or at least remarkably reduced.
Paul: Retailers benefit, so too does a nonprofit partner Lava Mae, which receives financial support from the company for the mobile shower trailers it operates to serve homeless residents. Ultimately, though, Heller says that success is defined by the Good2Go experience.
Fran: We bring the technology, but we require the retailer to upgrade their fixtures so that they are all hands-free and motion-sensored. We also require that all Good2Go facilities are ADA, American Disabilities Act, compliant, wheelchair-accessible, have a baby changing station and are all-gender. And the idea behind that is no matter which Good2Go facility you have accessed, you will have the same experience. So you don't have to wonder, does this one have a baby changing station? Is this one wheelchair-compliant? So we wanted the branded experience of Good2Go to be very consistent.
Paul: So what about public spaces? Public buildings? Public restrooms? Those are hard questions for a startup, even one flushed with optimism, but Heller says the model can adapt, eventually.
Fran: Sometimes they are in very poor condition. So there might be a public restroom, but you may not feel that you really want to use it. I do feel confident that ultimately we will get there. I do think that public restrooms require a lot more attention and maintenance and supervision, and I think every major city struggles with keeping quality conditions in a public restroom. And I do feel very strongly that technology can help solve that problem. Just like we have created smart lighting systems, smart garbage cans — you know, you can sense how many feet are crossing in a crosswalk, but you can't find a restroom. And that's really why we started the company: We felt like technology could be solving everyday challenges like this one in a much better way.
Paul: Very good, Fran. Thank you so much.
Fran: Thank you for having me.
Paul: Good2Go operates in San Francisco and is eyeing expansion to D.C., Philly and New York. Links to its site — and that of its nonprofit partner, Lava Mae — are in the show notes. One last note: The startup is partnering with Toyota on an ambitious autonomous on-demand mobile restroom specially designed for the 2020 Olympics — call it Good2Go on the Go.
[Voice over: An Extra Thing]
[Actuality: Street Sounds in Beijing]
Paul: America’s global competitiveness in tech and gov tech in particular are often compared to that of China. Our co-host, colleague and now Eisenhower Fellow Dustin Haisler is doing a deep dive in the Celestial Kingdom from the streets of Beijing.
Dustin: China is a very interesting country. They’re a a global superpower, but they're also typically one of the meccas that we think about when we think of smart cities. And one of the fascinating things just in my own research is looking at how much investment from Chinese firms has been directly into U.S. gov tech companies. And it's actually pretty astonishing. And so what I hope to learn is that I want to see what's real behind their smart cities movement. How is technology actually being leveraged? What is the state of the Chinese gov tech ecosystem? How are they standing up technology? Who's paying for it? How is it being rolled out? Of course, there's some some difference in political structure with how technology decisions are made, but there's still some learnings on how they're treating things like artificial intelligence, as well as just how technology is used to improve the experience of people or the experience of business.
[Voice Over: We're out of time. Bye-bye.]
Paul: And Dustin’s deep dive into Sino-American gov tech is first up when GovTech360 returns this fall just after Labor Day.
You have been generous with your feedback and reviews on Apple Podcasts during our brief initial run this spring. We welcome more over the summer.
And in the meantime, connect with us on Twitter. Lucas is @LucasRopek1, Dustin is @dustinhaisler. Based on his social media activity from China, we’re thinking there may be a cookbook in the works — TexChinese maybe, it sure looks tasty! Anyway, I'm @pwtaylor, and the editorial hive mind is @govtechnews.
Our production team includes Lauren Harrison, Miriam Jones, and Kelly Martinelli.
Subscribe for free to GovTech 360 on Apple Podcasts, Google Podcasts, Stitcher, Spotify and the new Radio.com app. And it's always available at home — govtech.com/360.
For all of us at Government Technology, thanks for listening. Happy 4th — and have a great summer!
[Voice Over]: GovTech360 is produced by Government Technology, a division of e.Republic.