IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New Haven, Conn., Getting ‘Back on Track’ After 2023 Hack

Michael Simeone, who became the city’s inaugural chief technology officer in March, said his focus has been “getting the Board of Education and the city back on track” after a June 2023 breach.

The skyline of downtown New Haven, Conn., amongst fall foliage.
(TNS) — During normal times, Michael Simeone, the city's new chief technology officer, might be one of those employees working in the background who is not really mentioned.

These are not normal times.

Just a little more than three months after being hired, Simeone is on the front line of trying to keep city and schools employees — and their personal information — safe.

He's doing so in the wake of a hacker attack last June that initially cost the city about $6 million — much of it since recovered — and exposed the personal information of at least 404 present and former schools and city employees.

"My focus is getting the Board of Education and the city back on track ... influencing new policies and procedures, and focusing on cybersecurity more," said Simeone, who also sits on the state Department of Energy, Emergency Management and Homeland Security's Cybersecurity Committee.

Simeone took over in the wake of an incident last June in which hackers stole $5.9 million in city funds related to a New Haven Public Schools bus contract, of which city and federal officials expected to recover at least $4.7 million.

Two Board of Education employees, the director of information technology and the senior IT information specialist, were put on paid leave in February as a result of "performance-related concerns" in the wake of that breach, a NHPS spokesman said at the time.

Simeone said regardless of where New Haven is with the hack, "it's a challenging position to be in."

In his new job, Simeone works directly for Mayor Justin Elicker and works closely with Superintendent of Schools Madeline Negrón, managing the information technology needs of both the city and school systems and aligning the two.

As both sides work to navigate the choppy waters the city and the schools find themselves in, he said he has been "well received" by the school board and has provided a lot of support to Negrón and the Board of Education.

"I'm pleased at the progress that we've made and also of the support from the mayor and the superintendent," Simeone said.

He also has been working with several cybersecurity companies "to be sure that we're implementing the latest," top-of-the-line security procedures, he said.

These include a strong password policy with passwords that expire every 30 days, a strong timeout policy that disconnects any computer from the city or schools network after 15 minutes idle and increased use of multi-factor authentication.

Simeone also increased training, including how to identify phishing emails and ensured the software on devices and servers is updated regularly. He said most of this was in place on the city side before he arrived.

"On the Board of Education side, those items were in place but not being monitored on a regular basis," he said. "They had lost several key members of their staff that had performed these functions. I think they weren't really focused on cybersecurity so much as just trying to focus on day-to-day activities."

He said he's started managing the school systems closely since starting though to make sure the needed tasks and backups are done daily. He added they've also run anti-virus, updated to the latest technology and replaced hardware. There's also monitoring software that will alert officials to any "non-consistent activity" on the networks so they react immediately.

"The employees have been great about it, too," Simeone said. "They understand the importance of it."

Since Simeone's arrival, he said "there hasn't been any other major incident or gaping holes or gaps in our systems."

"The only thing I stress is that the greatest weakness is our employees," he added, saying proper training is key.

Another important issue has been "keeping up with technology," Simeone said.

"I'm very pleased with the progress that we've made and the path that we're on," Simeone said. "I would say that we're doing everything physically possible to protect our environment against any bad actors trying to get into the environment or send any kind of phishing emails with links to get into the system."

He said they're about 90 percent complete with the cybersecurity.

"I don't think you're ever 100 percent complete," he said. "There's always bad actors that are going to try to get into your system."

Simeone has more than 25 years of IT experience, most recently as chief information officer for Bendett & McHugh, P.C., one of Connecticut's largest law firms, where he dealt with firms that were among the top 200 financial institutions in the country, among others.

"We had bank data on our systems," Simeone said. "We had to protect it as if Bank of America or Wells Fargo were on our system."

Simeone received a bachelor's of science degree in management and finance from Sacred Heart University and an associate of science degree in computer science from South Central Community College, which is now Gateway Community College.

In the wake of both the fiscal and information breaches, schools and city workers are concerned.

Leslie Blatteau, president of the 1,700-member New Haven Federation of Teachers, said she still is waiting for the New Haven Public Schools to confirm the number of people who were affected.

"I don't know what the city is doing," Blatteau said. "Apart from reading it in the news, I don't know how the breach has affected (employees)."

Whatever else might happen, the city and the New Haven Public Schools have to use the incident as the impetus to improve the way they do things, Blatteau said.

"This can't just be an error in vain," Blatteau said. "There's got to be a shift."

"Everyone has a job to do," she added. "We as teachers take our jobs seriously and then we count on the systems that already exist to keep our members' information safe. It's not so much that it happens, it's what's the response is."

©2024 the New Haven Register, Distributed by Tribune Content Agency, LLC.