City declares catastrophe following network hack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

By ASHLEY TERRY Staff Writer

Following the results of the city’s computer network compromise this summer, Granbury City Council declared a catastrophe during a regularly scheduled meeting on Oct. 17.

During the meeting, City Attorney Jeremy SoRelle recommended that the council declare a catastrophe due to the city not being able to comply with the rules associated with open records requests.

According to the Texas Secretary of State, the Texas Government Code, Chapter 552, allows the public to access government records. All government information is assumed to be available to the public, and a public information officer or officer’s agent may not inquire as to why the individual is requesting the records.

Within 10 business days, the governmental body must either release the information to the requestor; give the requestor written notice of the date and time the requestor will get the information; seek to withhold requested information by asking for a ruling from the Open Records Division; or withhold information based on prior authorization, according to

However, because the city is still reeling from the after effects of the network compromise, some documents and media that have been requested from the public in open records requests are unable to be accessed — leaving the city vulnerable and at the risk of potential lawsuits.

“Certain data, we don’t have access to, and it has resulted in the filing of one lawsuit,” SoRelle said, during the city council meeting. “I’ve handled that. It’s gone. It’s taken care of. Most of the lawyers that I’ve been able to deal with, I’ve been able to put off and they get it, but there are still some threats of litigation out there.”

SoRelle explained that the city doesn’t have access to many documents and videos, and it’s unknown when the issue will be resolved.

According to SoRelle, declaring a catastrophe pursuant to Texas Local Government Code 552.2325 will allow the city to have a temporary suspension of requirements, meaning once an open records request is submitted, the city will have an initial seven-day suspension period of the Open Records Act.

“We will try to comply as much as possible,” SoRelle said. “I did reach out to the attorney general and explained our situation, and I advised them of our intended actions tonight. The attorney at the AG that I spoke with said, ‘that’s absolutely a great idea. That’s what you should do. That’s what Dallas did when they recently experienced the same type of cyber event or data breach that they had.’ This is also an opportunity to say we’re not trying to avoid complying with the law or the open records laws. We just don’t have the ability to. There are certain records we cannot get to, and until we get to a certain place and re-implement all of our systems, we won’t be able to get to them.”

SoRelle said the initial seven-day suspension period can be extended for another seven days, but if the effects from the data breach are still not fixed following that, the city will then have to reach out to the attorney general to figure out the next steps.

He recommended that the seven-day suspension period start at 12 a.m. on Oct. 18, and for City Manager Chris Coffman to report the notice of the suspension to the attorney general and to make any necessary additional requests for extensions.

Place 2 council member Eddie Rodriquez asked SoRelle if he meant that, after the seven days, the city should be back up and running again.

“No, we’re requesting seven days because that’s all the law allows us to request initially,” he replied.

Rodriquez then asked if there was a way to declare a total suspension for a period of time until the city is back to normal.

SoRelle explained that the statute used to allow governmental entities to request for as many extensions as possible. However, during COVID, many municipalities were taking advantage of the system.

Rodriquez said, “Right now, we’re just abiding by what the statute says, seven days and then after that…”

“We will take other actions then,” SoRelle said. “The goal here is to get all of the systems back up and to get into compliance, but we need to take this action to protect the city and stop any complaints and any more threats of litigation. It’s a band-aid. It’s a temporary fix, but hopefully, it’ll last long enough to get back to where we need to be and get the systems reimplemented and move forward.

The city council then voted unanimously to declare a catastrophe pursuant to Texas Local Government Code 552.2325 and established an initial seven-day suspension period related to open records requests.

[email protected] | 817-573-1243


Click Here For The Original Story From This Source.

National Cyber Security