IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Oversight Panel Asks 7 Cities to Beef Up Technology Defenses

The San Joaquin County Civil Grand Jury has urged those cities to have a variety of business continuity and disaster recovery plans in place to protect themselves against future attacks by the beginning of next year.

Most of San Joaquin County’s seven incorporated cities are well secured from cybersecurity attacks, but they lack defined plans for business continuity and disaster recovery involving technology.

As a result, the San Joaquin County Civil Grand Jury has asked those cities, including Lodi, to have a variety of plans in place to protect themselves against future attacks by the beginning of next year. The other six cities are Escalon, Lathrop, Manteca, Ripon, Stockton and Tracy.

The grand jury last month released its 2021-22 final report on the county and its seven cities’ cybersecurity defenses.

In its report, the grand jury identified nine defined expectations for cybersecurity that each agency should have in place: organization, a network diagram, data confidentiality, data security, a business continuity plan, a disaster preparedness plan, a ransomware policy, cyber event insurance, and ongoing employee training.

Of these nine expectations, Lodi met eight. The city is currently in the process of completing a business continuity plan — a current, detailed comprehensive plan for restoring services in the event of service disruption. City Manager Steve Schwabauer said the city was further along than other agencies in the county because it fell victim to a ransomware attack in 2019, hindering its phone lines and data financial data systems.

Since then, Schwabauer said, “I’m very proud of all the work that (IT Manager) Ben (Buecher) and (Deputy City Manager) Andrew (Keys) have done to get a plan in place where we’re ready to handle something if we had to face an attack again."

Ransomware — a malicious software attack designed to block access to a computer or computer system’s files — was sent to city staff as an email attachment that looked like an invoice. After a staff member clicked on the attachment, the malware was spread through the city’s network of computers, encrypting critical files that knocked several phone lines out of service, including the nonemergency number for the Lodi Police Department, the emergency outage line for Public Works, and the main numbers for City Hall and the finance division.

Hackers demanded that the city pay a 75-bitcoin ransom — about $400,000 at that time — in exchange for the encryption keys that are similar to passwords to release the servers.

After the attack, the city hired security experts and a legal team to conduct a series of forensic audits. Technicians who investigated the city’s computer systems were able to trace information included in the malware’s code and concluded that public information was not compromised in the incident.

Schwabauer said Lodi’s ability to move further along in updating its cybersecurity systems was due in part to efforts by Assemblyman Jim Cooper, D-Elk Grove, to secure $500,000 for the city from the Assembly Budget Subcommittee on State Administration.

“That unfortunate event caused the city to change its management of cybersecurity, significantly elevating the importance of vigilance by all city staff,” the grand jury stated in its findings. “Lodi has implemented a robust cyber awareness training program for all city employees, incorporating education in tactics used by bad actors both inside and outside the city’s network.”

The grand jury also found that the city conducts monthly training and testing in topics covered, and citywide campaigns occur quarterly to test employee response to phishing and other email-based attacks. In addition, the city’s IT division head reports directly to the deputy city manager and meets regularly with all city department heads.

The grand jury has given a Jan. 1, 2023, deadline to have the business continuity plan in place, but Schwabauer said it should be completed before that time.

According to the grand jury’s report, San Joaquin County government also met all expectations except having a ransomware policy in place, which is an internal and confidential documented policy for agency response to such an attack.

The city of Escalon did not have a business continuity plan in place, nor did the cities of Lathrop or Ripon.

Lathrop also did not have a ransomware policy in place, nor did it have cyber event insurance to help offset economic losses from attacks. Ripon did not have a ransomware policy in place either, and did not have a disaster preparedness plan to prepare for various possible IT disruptions.

The cities of Stockton and Tracy also did not have ransomware policies in place; the latter municipality was in the process of creating plans for business continuity plan and disaster preparedness.

Manteca was in the process of completing its ransomware policy and securing cyber event insurance, according to the grand jury’s report.

(c)2022 The Lodi News-Sentinel. Distributed by Tribune Content Agency, LLC.