Local governments in the crosshairs: Philly courts cyberattack
Add Philadelphia to a growing list of local governments across the country who have faced a cyber attack since 2018.
On May 21, the Philadelphia Court system was hit with what it later revealed as a malware attack “on a limited number of FJD [First Judicial District] workstations.” For more than two weeks, the courts have scrambled to deal with the problem, resulting in the “temporary suspension” of its website, employee email accounts and electronic filing services. The abrupt change came with confusion as many law firms reverted to using couriers and paper filings — relics of a past without technology.
Beyond two official releases, the court system has remained quiet regarding the nature of the attack and its progress towards fixing any damage. It announced in its second release that in addition to the Philadelphia Office of Information Technology, a private cybersecurity firm had also been contracted to fix the problem.
Cyberattacks against local governments isn’t a new thing. They are often targets because of the massive amounts of data they store. The exploits are also harder to hide, meaning the perpetrator will likely get more notoriety. The situation with Philadelphia’s court system is part of a spike in attacks over the last two years.
In a recent study of ransomware attacks on local governments released by Recorded Future, a cybersecurity data collection firm, the number of ransomware attacks against local governments in the U.S. increased from 38 in 2017 to 53 in 2018.
The trend is on track to continue in 2019. There have been 23 attacks already recorded through the first five months of the year.
The study also acknowledged that the incidence of cyberattacks is likely “underreported,” meaning the actual number faced on a yearly basis could be much higher. Agencies often don’t report incidents until months after their occurrence. A majority of those listed in the study were found through local news reports.
Information security as a whole is something that continues to be a high priority going into the future. Gartner, a technology research and advisory company, estimates the total worldwide spending towards cybersecurity to exceed $124 billion in 2019.
In Philadelphia, the Office of Innovation and Technology — which is in charge of the city’s information security — received a $10 million increase from the city’s general fund in the mayor’s proposed 2020 budget.
But it’s not as simple as throwing more money at the issue. Cybersecurity is by nature difficult to budget for because it is reactive. No one knows how much it costs to recover stolen data until it is stolen.
Proactive approaches include the sharing of security data among local governments (which Philadelphia already does), and being vigilant about updating systems. Beyond that, it is damage control.
The total cost of the attack on Philadelphia’s court system is still being determined.