Type to search

City of Decatur working on cybersecurity incident response plan

Crime and public safety Decatur Metro ATL

City of Decatur working on cybersecurity incident response plan

[adsanity align=’aligncenter’ id=52694]

The boundaries of the city of Decatur. Source: Google Maps


By Zoe Seiler, contributor

Decatur, GA – The city of Decatur is working with a cybersecurity firm to develop an incident response plan regarding IT and cybersecurity issues. The plan is intended to be a proactive measure so the city knows how to deal with an IT incident if it occurs.

“It could be ransomware or another IT security incident or an outage or something resulting from a natural disaster,” said Russ Madison, finance director for the city of Decatur.

Cities near Decatur have experienced ransomware attacks. This type of attack occurs when a malicious software infects a computer and restricts a user’s access to it until a ransom is paid, according to UC Berkeley.

[adsanity id=”59104″ align=”alignleft” /] [adsanity id=”56211″ align=”alignright” /]

Rockdale County, which is next to DeKalb County, experienced a ransomware attack earlier this month after up to nine county servers were compromised. The system was infiltrated after an employee opened an email attachment containing a computer virus, the Atlanta Journal-Constitution reported.

In January, the city of Dunwoody was also the target of a cyberattack. The city’s computer system was targeted. No data was compromised during the ransomware attack that happened on Christmas Eve last year, according to the Atlanta Journal-Constitution.

In 2018, the City of Atlanta experienced a ransomware attack that shut down the city’s online systems and the ransom demanded was $51,000 to be paid in bitcoin, according to Fox 5 Atlanta.

“I would say the Atlanta situation was a reminder to us of the importance of developing an incident response plan, but it was not the main or only factor,” Madison said.

In 2017, the city of Decatur completed a Cybersecurity Risk Assessment performed by the Georgia Tech Research Institute. That document is not a public record because it would reveal the city’s vulnerabilities.

One recommendation that came out of that study was the development of an incident response plan.

“[The goal is] that we have a plan in place for when something happens because we know with the increased cybersecurity threats to a variety of organizations, including government entities, that we’re all a target,” Madison said.

He said the plan would allow city employees and the city’s IT provider to know what to do in an urgent situation. It would also give guidance on whether to involve the city’s cybersecurity insurance provider or whether the city needs to communicate with its employees or the public or the city attorney.

[adsanity id=”59106″ align=”alignleft” /] [adsanity id=”59208″ align=”alignright” /]

The city has been working on developing the plan for several months and is working with IT firm Cyberstone to write the first draft.

“So where it is now is they’ve sort of finished the first draft of the plan but there’s still a lot in it that needs to be fleshed out. And we’ve done some tabletop exercises with the city’s management team, and this firm to talk about the type of incidents that you know that could occur,” Madison said.

After the draft is complete the city will make some revisions and provide more information to complete the plan.

Madison said the plan is basically documenting different scenarios that could come up and who between the city and its IT provider would handle different phases of the incident and response.

“Once they get the draft in a condition that we expect and everybody is happy with it, then the next phase would be training to make sure that the people who are affected by the plan know what’s in it and know what’s expected of them,” Madison said.

The city has had other plans regarding cybersecurity like an IT strategic plan and an IT disaster recovery plan. But this will be the first plan the city has developed that pertains to cybersecurity incidents, Madison said.

“We know that incidents can happen to any organization these days and we want to be prepared,” he added. “We’ve tried to take the initiative with some cybersecurity-related issues and not just be reactive and this is part of that posture.”

If you value having local news that isn’t behind a paywall, consider becoming a supporter of Decaturish. Your support keeps the news free for everyone. For as little as $3 a month, you can help us tell the story of your community. To learn more, click here.

Want Decaturish delivered to your inbox every morning? Sign up for our free newsletter by clicking here

[adsanity id=”56022″ align=”aligncenter” /]

[adsanity id=”33719″ align=”alignleft” /] [adsanity id=”52166″ align=”alignright” /]