Columbus City Council is voting on a $23 million plan to boost cybersecurity.
COLUMBUS, Ohio — Columbus City Council is voting on a plan that it believes will increase the city’s cybersecurity and modernize the system.
The ordinance before council on Monday night authorizes the spending of up to $23 million to implement a citywide “Zero Trust Network” to “strengthen cybersecurity and modernize its IT infrastructure.”
This move comes nearly a year after the city experienced a massive cyberattack that exposed the data of hundreds of thousands of people to the dark web beginning on or around July 18.
Mayor Andrew Ginther sat down with 10TV last year on Aug. 13 to assure that none of the data obtained in the attack was usable.
“We believe the screenshots of the data files are the most compelling asset that they had and the sensitive files were either encrypted or corrupted, making them totally unusable,” he said.
Hours later, a local cybersecurity expert proved that wasn’t the case when he found the files on the dark web.
“They contain private information, they contain social security numbers, they contain addresses of individuals, especially the people at risk in this situation are those who are victim of domestic violence, rape and other heinous crimes,” said Connor Goodwolf, a cybersecurity expert who used a name different than his legal name. “Their private information is now public information.”
Ginther later responded to the revelations in a follow-up with 10TV, saying the information he had shared earlier on the 13th was done in good faith and based upon the investigation and reports from the city’s technology team.
A cybersecurity expert talked with 10TV on Monday before the council meeting about the impact a “Zero Trust Network” would have on the city’s security.
“You must identify yourself and you must prove your identity. You must authenticate over and over again. Not just for individual users, but also for applications,” said C. Matthew Curtin, the founder of Interhack Corporation.
Curtin said the change will not prevent future attacks, but it can prevent how much data is stolen if it’s set up correctly.
“Attacks are going to happen. The question is going to be, ‘What is the damage from a given attack?’ It’s going be anywhere from zero to catastrophic,” he said. “If somebody is able to break in, everything is firewalled so they can’t get to anything except for what they’ve already hijacked in the first place. Assuming they can even get that far.”
The City of Columbus, following the cyberattack, offered free credit monitoring to anyone who believed they could have been a victim. More than 20,000 people had signed up for the service by the time the registration window closed.
