Increasingly sophisticated cyberattacks are battering at the defences of municipalities across the country - including 海角社区官网- experts say.
Sometimes, like in the case of a聽ransomware attack on the 海角社区官网Public Library聽in late October that is expected to leave online services down until the new year,聽the attack is successful, resulting in stolen personal data likely being shared or sold on the dark web and leaving the victims vulnerable to fraud and identity theft.
It鈥檚 a serious data breach. But think about how much more a municipality covers: Water. Waste. 911. If these were to be compromised by hackers -聽听辞谤听聽- the result could be deadly.聽And as more services go digital聽there are more opportunities for disaster.聽
Municipalities 鈥渁re a treasure trove of information,鈥 said Kyle Bateman,聽manager of Information Technology for Port Hope.
鈥淚n the services they provide, if anyone is looking to do damage or looking to have some sort of impact within an organization in a negative way, a municipality would be a prime target.鈥
Cybersecurity policy expert Charles Finlay at 海角社区官网Metropolitan University聽said聽the library聽attack should serve as a warning for what vulnerabilities could exist in the security of critical infrastructure.
Maneesh Agnihotri is聽responsible for keeping the City of 海角社区官网safe from such attacks. He’s been the city鈥檚 chief information security officer for the last year and leads a team that has grown from five people when the division was created聽three years ago to 80 people today.
They work with divisions across the city and advise city agencies to ensure everything from 鈥24/7/365鈥 threat monitoring, which includes a team that scours the dark web to see if 海角社区官网is being mentioned as a target, to properly encrypted files to making sure organization鈥檚 weakest point 鈥 the people who work there 鈥 are properly trained in cybersecurity awareness.
The reality of his job 鈥 and those of his peers across the country 鈥 is that the number of cyberattacks are increasing. Many are driven by profit, others come from 鈥渉acktivists鈥 who want to disrupt public systems. Some come from other countries, often during election times, global conflicts or during the visits of foreign leaders. The number one type of attack is ransomware, typically in the form of 鈥減hishing,鈥 which is an attempt to deceive a person into sharing sensitive information or passwords, rather than a breach of a network.
鈥淵ou have groups that are very sophisticated,鈥 Agnihotri says. 鈥淭hey are like companies 鈥 you can get ransomware as a service.鈥
While it is easier than ever to hire hackers as a service, what is unusual is that some hacker groups operate by a set of ethics. Agnihotri points to a ransomware attack on Sick Kids Hospital in December 2022. When the group who made the ransomware software learned it had been used to attack a hospital, they provided Sick Kids聽with a code so they could regain control of its data. He says these 鈥渞ules of engagement鈥 also mean that some attackers,聽if you pay them, will not attack again, which makes how the city communicates to the public about an attack even more delicate.聽
Even so, he says communication is important for public trust, and is one reason that when an attack is successful the most important thing is to contain the threat and figure out what, if anything, has been compromised.
Agnihotri is careful not to share the details of the city鈥檚 cybersecurity plans 鈥 a practice that is part of the city鈥檚 cybersecurity plan. He won鈥檛 say, for example, whether the city has ransomware insurance, an expensive but common practice that allows organizations to pay out ransoms. He also won鈥檛 share how many attacks the city has experienced, though he notes that in the year he鈥檚 been in charge there has not been a 鈥減riority one鈥 incident, the most serious category, directed at the city of Toronto. (This excludes agencies like the library, which don’t fall under his department’s direct control.)聽
Agnihotri feels the city is in a good position right now, compared to most municipalities, though no organization can ever be totally risk-free.
So, while the city and the library don鈥檛 comment on specific cybersecurity strategies, cybersecurity expert Finlay says talking about the steps the city and its agencies are undertaking to strengthen its cybersecurity measures could go a long way to rebuilding resident鈥檚 trust in the safety of these systems.
鈥淚 think the city has to be more forthcoming about what it is doing to ensure that those services are secure from cyber-attacks,鈥 said Finlay.
Based on the statements the library has made publicly since the ransomware attack, Finlay believes it has done everything it could, including working with police and alerting those affected. He hopes this situation serves as a call to action. He says it鈥檚 not a matter of if, but when, other city services will face similar attacks.聽
鈥淭his is an attack essentially on all of the residents of Toronto,鈥 he said. 鈥淚t should be responded to with聽the kind of investments and improvements that are necessary in light of that.鈥
This is particularly true given that a recent survey of municipalities done by聽聽found that attacks are on the rise.
鈥淚t is critical for the provincial and federal governments to realize that critical infrastructure - and many day-to-day citizen services are on that level 鈥 needs to be protected,鈥 says Kush Sharma of Municipal Information Systems Association (MISA) Ontario, a group that brings together municipal technology experts and advocates for more support for municipal IT operations including cybersecurity聽from other levels of government.
Sharma was also Toronto鈥檚 first chief information security officer. 聽
He says there has been improved information-sharing among municipalities and between other levels of government, including regular threat briefings, free resources and even pooling funds to access more advance security tools.
This is especially useful for smaller municipalities that struggle with funding and resources more than 海角社区官网does with its $38 million budget.
The good news, he said, is that the survey found in 2023, 91 per cent of municipalities had not had a significant cyber breach. Where ransomware attacks did happen, the ransom requests ranged in amount from under $50,000 to more than a million dollars.
The 海角社区官网Public Library has said they did not pay a ransom but did not provide details on what demand may have been made.
The investigation into the library attack is still ongoing, but Agnihotri says there are some early lessons to be learned. Constant threat monitoring is important, and so is employee cyber-awareness. The phishing awareness campaigns conducted by his office have been promising, he says, with a low click-through rate but it only takes one to potentially lead to a security breach.
And there must be ongoing training to keep employees consistently aware of new threats.
鈥淭hey are always knocking at the door,鈥 Bateman said. 鈥淭hey are always looking for ways to get in, they are always trying new things.鈥
Correction聽鈥 Jan. 3, 2024
Maneesh Agnihotri is the city鈥檚 chief information security officer. This file was updated to correct his job title.聽
To join the conversation set a first and last name in your user profile.
Sign in or register for free to join the Conversation