The Dallas City Council approved a nearly $4 million deal Wednesday to get a new system that alerts the city’s information technology department of possible cyber attacks. The approval comes as the city is nearly two months into its recovery from a ransomware attack.
The City Council, without discussion, approved allowing Houston-based technology service provider Netsync Network Solutions to help the city get a threat and anomaly detection system for the Information and Technology Services Department for three years. City documents refer to the purchase as a system upgrade that will include security monitoring 24 hours a day, 7 days a week.
“This equipment and associated services will be crucial to protecting the city’s network from cyber threats and hacks by alerting the Department of Information and Technology Services’ Security Operations Center to threats and abnormalities on the city network,” said city documents describing the council agenda item. “This solution will aid in protecting the city’s network and systems against internal and external cyber threats to the organization including potential ransomware.”
Shawn Sutton, an strategic account manager with Netsync, said the city would be getting cybersecurity platform MixMode. He described it as a security and information event manager that “in basic terms, gives you a bird’s-eye view of your network looking for issues before they cause business interruptions.”
A week before the May 3 ransomware attack, the City Council also approved a three-year, more than $873,000 contract with Netsync for the group to help the city get a threat detection option for devices such as city servers and employees’ desktops and laptop computers.
Later Wednesday, [city Communications Director Catherine] Cuellar told The Dallas Morning News the new system was part of the city expanding its existing cybersecurity services since the attack.
“In addition, we have taken additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset of all user accounts, expediting the implementation of additional controls and completely rebuilding impacted systems in a new, secure environment,” she said.
See here for the previous update. Ideally, the city of Dallas and other government entities would have had this kind of system in place before falling victim to a major attack, from which it has still not fully recovered. But you saw the price tag, this doesn’t come cheap and it’s not a one time expense. It’s why I keep saying that there needs to be another massive federal money-drop to local and state governments for this purpose. There’s plenty of bad guys out there, and the keys to their success are a lot of low-hanging fruit and the ability to remain inside their targets long after the initial infiltration. I commend you all to listen to the BBC’s The Lazarus Heist podcast, about North Korea’s wildly successful and financially lucrative hacking operations. The best thing we can do is make it harder for those guys to do what they do.