[BreachExchange] Henry County has spent $650, 000 restoring computer network after hack

[Destry Winant]

https://www.ajc.com/news/local/henry-county-has-spent-650-000-restoring-computer-network-after-hack/t1NlxcLheQuf7frMyViDdJ/

Henry County has spent more than $600,000 restoring its computer
network in the five months since a cyber attack crippled the county
government’s online operations, according to figures provided by the
south metro Atlanta community.

The county has spent about $656,000 as of mid-December to get its
system fully operational, with the majority of the money — around
$578,000 — going to consultants and computer security companies for
server installation, compliance work, travel expenses and other
activities, officials said.

Cybersecurity experts said the price tag for fixing the problem will
likely increase.

“That sounds a little consultant heavy to me,” Andy Green, a lecturer
of information security and assurance at Kennesaw State University,
said of Henry’s spending so far. “If the consultants got more than
half a million and only $100,000 went to improving their technology
then they either spent too much on consultants or they are nowhere
near done spending on the technology.”

Brad Johnson, Henry’s assistant county manager, defended using the
consultants, saying they were provided by Georgia Technology Authority
and approved by pre-arranged state contracts.

“Our team did several things to minimize the consequences of the
attack and system shutdown played a major role in it,” Johnson said.
“No one can be totally prepared for such an event and we are better
prepared today than we were prior to the incident.”

Henry was attacked in the early morning hours of July 17 and
immediately shut down its entire system to protect taxpayer
information.

During the three weeks it took to get the network back up and
operational, the county returned to using paper for filings such
services as building permits and business licenses. The hack also
forced county workers to use personal email and made it more difficult
to access court records that had been digitized and to process
paperwork from the tax assessor’s office.

The attack was one of many that have hit metro Atlanta over the past
few years, including a hack of the city of Atlanta’s network in 2018.
The attackers demanded $51,000 in bitcoins in exchange for encryption
keys to recover Atlanta’s data. Two Iranian men were indicted by the
U.S. Department of Justice in October in the Atlanta attack, and
others.

A confidential memo obtained by The Atlanta Journal-Constitution and
Channel 2 Action News in August 2018 estimated Atlanta had contracted
to spend around $6 million to bring its system back but could have to
put another $11 million toward the work before the process was
complete.

Henry officials have declined to be specific on how they have repaired
their system and what software they are using to avoid giving
potential hackers information that could lead to another attack.

The county’s expense list describes many of the costs as “phase I” of
bringing the system back. The outstanding balance for $78,000 is
listed as part of “phase 2.”

Consultants on the work include Georgia Technology Authority,
CompliancePoint, Fivepoint Solutions and Strategic Tech.

Johnson, the county assistant manager, said Henry has cyber insurance
through the Association of County Commissioners of Georgia, but so far
that policy has only paid out about $4,000. He did not know when other
payments would be made.

David Barton, a managing director of accounting firm UHY Advisors who
specializes in technology risk and compliance, said cyber insurance is
a growing option for municipalities as the cyber threat has grown. But
he cautions leaders not to think of it as allowing them to take their
eye off making sure they are protecting themselves.

“Think of it like fire insurance,” he said. “You don’t want to have it
and never pay attention to keeping your facility from catching fire.
You can’t do it blindly.”