IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

San Joaquin County Grand Jury Outlines Cyber Expectation

The grand jury last month released its 2021-22 final report on the California county and its seven cities' cybersecurity defenses. The report identified nine defined expectations for cybersecurity that each agency should have in place.

(TNS) — Most of San Joaquin County's seven incorporated cities are well secured from cybersecurity attacks, but they lack defined plans to continue business or prepare for Internet technology disasters.

As a result, the San Joaquin County Civil Grand Jury has asked those cities, including Lodi, to have a variety of plans in place to protect themselves against future attacks by the beginning of next year.

The grand jury last month released its 2021-22 final report on the county and its seven cities' cybersecurity defenses.

In its report, the grand jury identified nine defined expectations for cybersecurity that each agency should have in place: organization; a network diagram; data confidentiality; data security; a business continuity plan; a disaster preparedness plan; a ransomware policy; cyber event insurance; and ongoing employee training.

Of these nine expectations, Lodi met eight. The city is currently in the process of completing a business continuity plan — a current, detailed comprehensive plan for restoring services in the event of service disruption.

Lodi City Manager Steve Schwabauer said the city was farther along than other agencies in the county because it fell victim to a ransomware attack in 2019, hindering the its phone lines and data financial data systems.

"I'm very proud of all the work that (Information Technology Manager) Ben (Buecher) and (Deputy City Manager) Andrew (Keys) have done to get a plan in place where we're ready to handle something if we had to face an attack again," Schwabauer said.

Ransomware — a malicious software attack designed to block access to a computer or computer system's files — was sent to city staff as an email attachment that looked like an invoice. After a staff member clicked on the attachment, the malware was spread through the city's network of computers, encrypting critical files that knocked several phone lines out of service, including the non-emergency number for the Lodi Police Department, the emergency outage line for Public Works, and the main numbers for City Hall and the finance division.

Hackers demanded the city pay a 75 Bitcoin ransom — about $400,000 at that time — in exchange for the encryption keys that are similar to passwords to release the servers.

Following the attack, the city hired security experts and a legal team to conduct a series of forensic audits. Technicians who investigated the city's computer systems were able to trace information included in the malware's code, and concluded that public information was not compromised in the incident.

Schwabauer said Lodi's ability to move further along in updating its cybersecurity systems was due in part by Assemblyman Jim Cooper's, D- Elk Grove, efforts to secure $500,000 for the city from the Assembly Budget Subcommittee on State Administration.

"That unfortunate event caused the city to change its management of cybersecurity, significantly elevating the importance of vigilance by all city staff," the grand jury stated in its findings. " Lodi has implemented a robust cyber awareness training program for all city employees, incorporating education in tactics used by bad actors both inside and outside the city's network."

The grand jury also found that the city conducts monthly training and testing in topics covered, and citywide campaigns occur quarterly to test employee response to phishing and other email-based attacks.

In addition, the city's IT division head reports directly to the deputy city manager and meets regularly with all city department heads.

The grand jury has given a Jan. 1, 2023 deadline to have the business continuity plan in place, but Schwabauer said because staff has been working on one since the 2019 attack, it should be completed before that time.


According to the grand jury's report, the county also met all expectations except having a ransomware policy in place, which is an internal and confidential documented policy for agency response to such an attack.

The city of Escalon did not have a business continuity plan in place, nor did the cities of Lathrop or Ripon.

Lathrop also did not have a ransomware policy in place, nor did it have cyber event insurance to help offset economic losses from attacks.

Ripon did not have an ransomware policy in place either, and did not have a disaster preparedness plan to prepare for various possible IT disruptions.

The cities of Stockton and Tracy also did not have ransomware policies in place, and the latter agency was in the process of creating a business continuity plan and disaster preparedness plan.

The city of Manteca was in the process if completing its ransomware policy and securing cyber event insurance, according to the Grand Jury's report.

To view the complete Grand Jury report, visit

©2022 the Lodi News-Sentinel, Distributed by Tribune Content Agency, LLC.