Cyber Security Enhancements FY22

City of Durham Cyber Security Strategy

 

The City of Durham’s Technology Solutions Department priorities have been to continuously enhance and maintain a robust security posture. Using the IT governance process, the TS department develops strategies for the ever-changing security landscape. The CIO, CTO, and vCISO set security strategy in consultation with the CDO and Senior Cyber Security Analyst. New tools, strategies, projects, and vulnerabilities are discussed three times a week and as a result of those discussions, we are able to prioritize investments.

 

The City’s security strategies and investments were put to the test last year when on March 6, 2020 – two weeks before Covid-19 related lock down orders – the City of Durham had become, like many others in the country, a victim of a Cyber Security Event. Unlike some other local government agencies that were either crippled for several months or were forced to pay exorbitant ransom fees, the City of Durham was able to restore all core business systems including but not limited to: the 911, 311, ERP, utility billing systems, etc. within 5 business days thanks to the previously developed strategies

 

Cyber Security Accomplishments FY 2021

 

The most significant multijurisdictional accomplishment is best described in an article from our local newspaper entitled “Durham city, county preparation prevented data breach when hack happened” by Brian Mims of WRAL. It goes on to say:

 

"These viruses are just rattling doorknobs," Durham Mayor Steve Schewel said. He joined the city and county managers and leaders of city and county information technology departments Monday in describing the cyberattack and response by their offices. Together, the leaders praised the preparation, training and backup systems put in place that allowed for a quick response.”

Durham city, county preparation prevented data breach when hack happened :: WRAL.com

In retrospective, the following four areas were key contributing factors to the success of our recovery:

 

  1. Response Team Performance

All the team members performed exceptionally during the recovery from the cyber-attack. Teams brought the right mixture of skills and experience to bare on the attack. Core business Systems were back up within 5 days. The team consisted of TS senior management, TS managed services partners, MS-ISAC, National Guard, Duke OIT, NC DIT, NC DPS and the FBI.

 

     2. Cutting edge Backup and Recovery System

Backups for data center that were immutable from ransomware. The immutable nature and performance of backup and recovery system made the systems recovery point effective and recovery time very fast.

 

    3. Cyber Security Proactive Planning and Preparation

  • Established funds for cyber security program
  • Performed security audits
  • Received funding for security enhancements 
  • Established cyber security insurance

 

    4. Enhanced Cyber Security Awareness and training program

  • Created messaging for alerts and focus on target training campaigns
  • Creation of a cyber-security focus for City with training and communications

 

The City services where back up in time for us to simultaneously shift the organization to a work from home environment at the beginning of the stay at home orders as a result of Covid-19 with very little disruption.