How prepared is the city of Pittsburgh for a ransomware attack?
The former top federal prosecutor in western Pennsylvania says cities like Pittsburgh can take simple steps to protect themselves from ransomware attacks like the ones crippling computer systems in Atlanta and Baltimore.
David Hickton served as the U.S. attorney for the Western District of Pennsylvania under President Barack Obama from 2010 to 2016. He is the founding director of the University of Pittsburgh Institute for Cyber Law, Policy and Security.
He explained that municipal governments are vulnerable because cyber threats are both a technology challenge and a human behavior challenge.
“On the human behavior axis, we need to teach people that they shouldn’t click on attachments until they call the sender to make sure the person intended to send it to them and it’s a legitimate attachment," Hickton said. "The technology problem we haven’t solved is once ransomware attaches, how can we un-attach it?”
A ransomware attack typically comes in the form of an email attachment. When clicked, it locks down a computer system and demands a ransom before the victim can retrieve their data. The Atlanta attack, called SamSam, began spreading more than a week ago. The attack made it impossible for city officials to access data, forcing them to run departments "on pen and paper," while the hackers threatened to wipe out all of its data. Hickton noted that Pittsburgh is better positioned than some other cities to address the cyber threat.
“I think one of the good things about Pittsburgh is you’re going to have to align yourself with the academic community and the private sector and we have great resources here in western Pennsylvania to help municipal governments,” Hickton said.
He went on to say cities need to create awareness in their workforce and they have to impose strict cyber hygiene rules.
“Human behavior is a place where we can make a meaningful difference. Teaching people about these threats, making sure we have backup systems, making sure we segregate our data so that when we have an attack it doesn’t pollute the entire system, these are things we can do right now,” he said.
The city also helps prevent itself from future attacks by having Carnegie Mellon University students try to hack its system in order to expose potential flaws or weaknesses in the system.
The FBI discourages paying a ransom because it might encourage more attackers to hit vulnerable systems. According to NPR, in 2016, there were 2,673 reports of ransomware attacks. That figure rose to more than 3,000 reported attacks last year.