How Dallas and Arlington Dig in for Cybersecurity

DALLAS — After the 2023 Royal ransomware attack on Dallas, cybersecurity and IT leaders visited city districts and went to meetings to talk about the attack, response and recovery with civic leaders and the public.

Derrick Age is the acting CISO today and was the deputy CISO at that time. This week, he spoke about the personal touch his team employed during the Dallas/Fort Worth Regional Digital Government Summit.*

“One of the outreaches that we had to do was to actually not only walk the floors of our own employees but also go to the districts and to the meetings with some of the City Council members, so that we could [address] comments and concerns,” Age said during a panel session.

The May 2023 attack hit 250 systems, and recovery took 90 days, according to the after-action report. Dallas at the time had a 13,415-employee headcount and more than 860 applications across 40-plus departments. Police, fire, 311, water, animal services, libraries and courts were affected.

The city has since added a privileged access management solution and closely monitors how vendors, contractors and temporary workers interact with the IT environment. But Age stressed the importance of having an incident response plan and reviewing it regularly.

“How many of us actually go through that process?” he said. “I mandate for our staff and the security operations center to allow at least one time a week to go over that incident response plan.”

For Arlington, all departments are involved with planning, including participating in tabletop exercises.

“Within the city of Arlington, we have our city manager and the deputy city management team. They are very committed to securing the environment, and they are fully supportive of the activities we do,” said Deputy CISO Michael Nelson. “We went to them a couple of years ago and said that we want to conduct both executive tabletops at least once a year, and then we'll work with departmental tabletop as we can put through them within the schedule.”

They’ve since done a ransomware exercise and a distributed denial of service (DDoS) event. For the DDoS exercise, the team introduced the concept and then asked city departments how they would continue to do their work if technology was down. They asked departments to identify what technology they used and how they might help each other during an outage. Ten of 27 departments presented their findings live, and all received feedback.

“Build those strong relationships with the different units or departments ... not just IT,” Nelson said. “Build those relationships, and then when the time comes for an incident, your criteria for success, your ability to succeed, will be much better.”

*The Digital Government Summit is hosted by Government Technology, part of e.Republic, Industry Insider — Texas' parent company.