Atlanta Mayor Keisha Lance Bottoms says she didn’t give much thought to cybersecurity before her city’s government suffered a wide-ranging ransomware attack, in part because it’s not a topic that comes up often with constituents.
“Over the course of our campaign, we had had at least 100 forums, and we had talked about every single thing I thought there was to talk about, and cybersecurity was not a topic of conversation,” Bottoms said Wednesday during a session on resiliency at the Smart Cities New York conference. “While it should be top of mind for us as elected officials, it’s not something people see and our communities are discussing.”
Bottoms was on just her 80th day in office on March 22 when workers at a cluster of Atlanta agencies were locked out of their computers after the SamSam ransomware virus infiltrated city networks. The cyberattack knocked out services such as municipal-employee emails, court-scheduling and to the ability for residents to pay bills and obtain permits online. The hackers responsible demandied a bitcoin payment equivalent to about $51,000. The city refused to pay, consistent with the FBI’s recommendation in such cases.
Atlanta has gradually been able to restore its systems, but the recovery has been costly. Over the past seven weeks, Bottoms’ government has spent more than $5 million on emergency tech contracts, giving the still-new mayor something of a crash course on cybersecurity.
But Bottoms said Wednesday that a high-level appreciation of cybersecurity doesn’t easily translate to residents until it affects them directly.
“My 70-year-old constituent might not understand it, unless she can’t pay her water bill,” Bottoms said. “Or a 21-year-old can’t pay his parking ticket to get his license back.”
Atlanta’s traffic court re-opened on April 16, and the city’s water department finally regained the ability to process online payments on Tuesday.
The ransomware ordeal has at least given Bottoms a bit of early wisdom on how dependent government has become on connected technology and how easy it is for agency leaders and rank-and-file staff to be caught off guard.
“One of the reporters asked during the press conferences what would we do without computers,” she said. “I joked it was an opportunity for our younger employees to practice their penmanship, because we did have to go back to pen and paper and some employees had never used that before.”
While the March ransomware attack spared most of Atlanta’s critical systems, Bottoms said the incident has been a reason to take a broad look at how the city approaches information security in the future.
“It’s been an opportunity for us to build a city and infrastructure that we’ve needed all along,” she said. “Really break down silos in our organization.”