The Dallas City Council approved a nearly $4 million deal Wednesday to get a new system that alerts the city’s information technology department of possible cyber attacks. The approval comes as the city is nearly two months into its recovery from a ransomware attack.
The City Council, without discussion, approved allowing Houston-based technology service provider Netsync Network Solutions to help the city get a threat and anomaly detection system for the Information and Technology Services Department for three years. City documents refer to the purchase as a system upgrade that will include security monitoring 24 hours a day, 7 days a week.
“This equipment and associated services will be crucial to protecting the city’s network from cyber threats and hacks by alerting the Department of Information and Technology Services’ Security Operations Center to threats and abnormalities on the city network,” said city documents describing the council agenda item. “This solution will aid in protecting the city’s network and systems against internal and external cyber threats to the organization including potential ransomware.”
Shawn Sutton, a strategic account manager with Netsync, said the city would be getting cybersecurity platform MixMode. He described it as a security and information event manager that “in basic terms, gives you a bird’s-eye view of your network looking for issues before they cause business interruptions.”
A week before the May 3 ransomware attack, the City Council also approved a three-year, more than $873,000 contract with Netsync for the group to help the city get a threat detection option for devices such as city servers and employees’ desktops and laptop computers.
City communications director Catherine Cuellar declined Wednesday to give any update on the city’s latest progress in its ransomware recovery. She said any new information from the city would be posted to its public website, which hasn’t been done since Friday when the city’s public library online system was back up for the first time since the May 3 attack.
Later Wednesday, Cuellar told The Dallas Morning News the new system was part of the city expanding its existing cybersecurity services since the attack.
“In addition, we have taken additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset of all user accounts, expediting the implementation of additional controls and completely rebuilding impacted systems in a new, secure environment,” she said.
Dallas officials said earlier this month that the work to restore systems and services citywide was more than 90% complete. IT workers have had to review, clean, rebuild and restore computers and servers since the cyberattack last month, according to the city.
The city said May 6 that cybersecurity vendor CrowdStrike was helping IT workers make sure infected city devices were quarantined and cleaned to prevent the spread of any viruses.
Dallas officials have mainly cited an ongoing criminal investigation into the attack as reason to still not yet give specific details related to the cyber incident. Details on the scope of the attack, how it happened and the amount of recovery work the city has done still haven’t been released by city officials.
Cuellar told the mayor and city council members in a May 31 email not to share any specific details related to the attack.
The city said IT workers early on May 3 were alerted to the ransomware attack, that several servers were compromised, and that other servers had to intentionally be taken offline to prevent the bad software from spreading. It led to several departments being hampered and some city services, such as residents being unable to pay their water bills online or not being able to report nonemergency complaints via the city’s 311 app, being unavailable.
City officials have suggested using part of a proposed $1 billion bond package that voters could be asked to approve in 2024 to upgrade Dallas’ IT system in the wake of the ransomware attack.
Royal, the group suspected to be behind the cyberattack, on May 19 threatened to publicly release data stored by the municipal government. It doesn’t appear that had happened as of Wednesday.
The city announced earlier this month that free credit monitoring would be offered to employees as a precaution. City officials have said they haven’t found proof that information from workers or residents has been publicly released.
Elsewhere, Fort Worth officials announced Saturday that that its computer system had been hacked and that data from an internal information system was posted online.
This story, originally published in The Dallas Morning News, is reprinted as part of a collaborative partnership between The Dallas Morning News and Texas Metro News. The partnership seeks to boost coverage of Dallas’ communities of color, particularly in southern Dallas.
