Dallas, Texas – In an endeavor to strengthen the city’s cyber defenses, the Dallas City Council endorsed a sweeping $4 million initiative on Wednesday, sanctioning the acquisition of an advanced system that will monitor and alert the city’s Information Technology (IT) department to potential cyber threats. The move comes in the aftermath of an extensive ransomware attack that hit the city nearly two months prior and is still under mitigation.
City of Dallas to pay $4 million to Netsync Network Solutions for improving city’s IT security in the next three years
The decision was reached unanimously and with little fanfare, greenlighting a strategic collaboration with Netsync Network Solutions, a Houston-based technology services provider. Over the course of three years, the firm will assist the city in implementing a robust system for detecting threats and anomalies within the Information and Technology Services Department.
City records characterize this investment as a pivotal upgrade to their current infrastructure, incorporating round-the-clock security monitoring capabilities into their arsenal.
“This equipment and associated services will be crucial to protecting the city’s network from cyber threats and hacks by alerting the Department of Information and Technology Services’ Security Operations Center to threats and abnormalities on the city network,” said city documents describing the council agenda item. “This solution will aid in protecting the city’s network and systems against internal and external cyber threats to the organization including potential ransomware.”
In shedding light on the technology that Dallas will be acquiring, Shawn Sutton, a strategic account manager with Netsync, revealed the city will be integrating a cybersecurity platform known as MixMode. Sutton elucidated MixMode’s function as a security and information event manager, saying, “In simple terms, it equips you with a comprehensive overview of your network, enabling the preemptive identification of issues before they snowball into disruptive business interruptions.”
Dallas City Council had endorsed another three-year contract with Netsync just week before the May 3 ransomware attack
Merely a week prior to the May 3 ransomware attack, the City Council had endorsed another three-year contract with Netsync worth in excess of $873,000. The pact was aimed at facilitating the city’s acquisition of a threat detection solution that would cover key assets such as city servers and the desktop and laptop computers of city employees.
When approached for an update on the city’s ongoing efforts to recuperate from the ransomware incident, Catherine Cuellar, the City Communications Director, declined to provide fresh information. She maintained that any new developments would be made available via the city’s public website. The most recent update on the website dates back to the preceding Friday when the public library’s online system was reinstated, having been offline since the May 3 attack.
Later that Wednesday, Cuellar confirmed that the integration of the new system was part of a broader strategy to augment the city’s pre-existing cybersecurity provisions in response to the recent attack.
“In addition, we have taken additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset of all user accounts, expediting the implementation of additional controls and completely rebuilding impacted systems in a new, secure environment,” she said.
City of Dallas managed to recover almost everything after the attack
Earlier this month, Dallas officials reported significant progress in the citywide restoration of systems and services in the aftermath of the recent cyberattack, affirming that over 90% of the recovery operations have been successfully executed. The IT personnel have been tasked with a meticulous review, cleansing, and reconstruction of compromised computers and servers since the cyber intrusion last month, as outlined by city authorities.
The city acknowledged on May 6 that CrowdStrike, a renowned cybersecurity vendor, had been enlisted to support IT professionals in ensuring infected city devices were effectively quarantined and decontaminated, thereby mitigating any further propagation of viruses.
Dallas officials have been consistently cautious in revealing explicit details pertaining to the cyber incident, primarily citing an active criminal investigation into the attack. Information related to the extent of the attack, its modus operandi, and the scale of recovery operations performed by the city remains undisclosed by city representatives.
Communications Director, Catherine Cuellar, advised the mayor and city council members in a May 31 email against divulging any explicit information concerning the cyberattack.
The city highlighted that IT personnel were alerted in the early hours of May 3 about the ransomware attack, which resulted in the compromise of several servers. Other servers were deliberately disconnected from the network as a preventative measure against the spread of the malicious software.
This incident led to operational disruptions in various departments and suspended availability of certain city services. This included the inability for residents to pay their water bills online or report nonemergency complaints via the city’s 311 application.
City officials proposed utilizing a portion of a projected $1 billion bond package, which may be presented to voters for approval in 2024, for a comprehensive upgrade of Dallas’ IT system in response to the ransomware attack.
Who is behind the City of Dallas’ cyberattack?
On May 19, a group identified as “Royal”, suspected to be behind the cyberattack, threatened to publicly disclose data in possession of the municipal government. However, as of Wednesday, there were no indications of such a data leak.
The city extended an offer of complimentary credit monitoring to its employees earlier this month as a precautionary measure. City officials have maintained that there is no evidence to suggest that sensitive information related to workers or residents has been publicly disseminated.
Meanwhile, Fort Worth officials reported on Saturday that their computer system had also been hacked, leading to data from an internal information system being published online.