DICKINSON — The Bowman City Commission held a regular meeting on Tuesday, June 2, where they confronted the city’s cybersecurity weaknesses and watched a presentation from CyberNet Security about what they can do to be safer.
The city commission made decisions on a variety of topics during their meeting such as addressing an application for a zone change, an event request and more. However, the most pressing issue brought before the commission was the cyberattack the Bowman Parks & Recreation faced.
Dan Peterson, the director of the Bowman Parks & Recreation, told the commission about how the recent cyberattack left every file the department had encrypted and inaccessible. The attack had even affected any backup files the department had that were in thumb drives plugged into devices. While there was a message from the attacker with contact information about how to access the files again, Peterson was able to decrypt the files by taking the issue to an expert in Bismarck.
“They didn’t take the files… so we got lucky in that regard,” Peterson said. “We had no idea what they wanted.”
Dorvall Bedford / The Dickinson Press
Peterson explained to the commission that there several measures the Bowman Parks & Recreation could take to be safer from attacks. One of the main ways was having better passwords — Peterson described the department’s passwords as being weak and incorporating predictable phrases.
“Our passwords were pathetic,” Peterson said.
John Nagel, president of CyberNet Security, gave a presentation over Zoom discussing what services his company could provide to improve the City of Bowman’s cybersecurity. The offer was a three-year plan that would make a multitude of changes that could prevent successful cyberattacks.
For example, Nagel explained that the first two years of his roadmap would provide cybersecurity and phishing training to every employee, which involve scoring each individual on how at risk they are to being cyberattacked. The third year would involve CyberNet Security reviewing the implemented security measures and providing additional ways to improve.
On the topic of passwords, Nagel told the commission that nowadays passwords need to be at least 20 characters long and randomized—the number of characters will continue to rise with the improvement of AI technology. Nagel suggested using password managers that store the various passwords employees would have to use.
The three-year plan Nagel offered was not cheap. The first year would cost $18,000 while the second and third years would cost $11,000 and $12,000 respectively. Lyn James, president of the Bowman City Commission, was hesitant to make a decision that evening.
“This is quite an investment,” she said. “I think we need to talk through this.”
James expressed that the issue of cybersecurity was one that she didn’t understand fully, but she felt as though this situation taught her a lot. While she sees the issue as important, she also doesn’t want to spend money where it doesn’t need to be spent.
“I’m just going to be honest, this is way above my head,” James said. “It scared me that we could be vulnerable… but I also think we need to do our own homework.”
The rest of the commission agreed to wait before making a decision on Nagel’s offer. They plan to discuss it further at their next meeting on June 16.
