Sometimes we also ourselves think if what we are building in the CS-AWARE project is really useful and what someone may consider as “bare necessities” for a local public administration, or only some forward-looking, nice-to-have “stuff” which may better be described as a solution-in-search-of-a-problem.
And then we read something like this here: A ransomware attack is holding Baltimore’s networks hostage: Hackers are asking for 13 Bitcoins to free the city’s systems and see that what we are building is based on needs, real needs and that it is not weakly or not at all connected with what happens ‘out there’ in the daily realities of local public administration in Europe.
There is no objection that this constitutes a rather interesting example of cybersecurity breaches in LPAs. And reading the article, one sees that the attack was similar to one that struck the city of Greenville, North Carolina, some months ago.
Spreading panic is not a good idea at all. But there needs no much brains for someone to see that these type of cyberattacks against city information infrastructures may constitute one of the new types of cybercriminality that our society will be facing in a worryingly increased manner over the next years.
The problem with the other types of criminality is a simple one: we have been more used to them. Cyberattacks like this in the Baltimore city seemed like science fiction.
Actually, and after a more careful reading, there is more to the issue than the article suggests:
For one Mayor Young became mayor in the first week of May – so he was just handed the … hot potato. His predecessor had to resign because of problems of corruption. Perhaps more importantly Baltimore has a very centralized government with many powers vested in the Mayor; making one person so powerful, they have discovered, doesn’t help innovation.
Plus, it’s not just a question of qualified staff (although having good people can certainly help) programs dedicated to informing the employees and politicians in charge are critical. All the money spent on elaborate hardware and various types of software tends to go to waste if people are not involved in the process – particularly management that needs to understand.
One classic example from the field is the use of facial recognition software at Manchester Airport – the employees placed the bar low in order not to be bothered by all of the false positives.
All things told, Baltimore has numerous problems and not just IT. Following the link in the later part of the article to Atlanta one reads about other attacks. And there is a number of cities in Italy that have been suffering various attacks (most of the time through emails). Despite recent changes in the law many prefer not to talk about it in public.
So the need for introducing systems and services like the one we build in CS-AWARE is not for some far future – the threats are already here with us, and so are the challenges that we face.
PS One can only be fascinated by a sentence of the recently appointed Baltimore mayor: Mayor Bernard Young said that if this goes on longer than anticipated, he may ask employees who can’t work without the systems to spend their days cleaning up the city. One may wonder how employees in a European LPA would react to such a challenge. And by the way, who said that it’s not bragging if you can back it up?…
Thomas Schaberreiter, University of Vienna
Jerry Andriessen, Wise & Munro
John Forrester, CeSViTer Consulting S.r.l.
Adamantios Koumpis, University of Passau