Dallas, TX
Cyberattacks are now the norm. Transparency is part of the response
Cyberattacks are now part of our daily lives, and local governments are a recurrent target. In our own area, it is increasingly clear from the last months that we are past the “if” and have to accept it’s a matter of “when.” Hacking incidents are now inevitable. What local governments do to avert them is just as important as what they do when they actually occur.
As we learned this week, Dallas County has been dealing with its own cybersecurity incident. It is our hope that officials there can draw some lessons from the city’s ransomware attack last April, an incident that was much larger and more damaging than we were originally led to believe.
Dallas County administrators should have a playbook of do’s and don’ts stemming from the city’s experience. Dealing with the technical and criminal response is important, but keeping your constituents well-informed post-incident is vital.
So far, the county has not said much about the breach, but at stake is crucial information for county governance, like court case records, prison data and even residents’ health data. County officials did not answer our questions, but they directed us to a website where they promised more details, as they become available, as well as constant updates and transparency. We hope this is the case.
“While our goal is to be transparent and forthcoming with information relating to the incident, we do not want to make premature assumptions about the extent of impact or other details, which may evolve as the forensic investigation advances,” says the statement in the website.
A group called Play is now claiming responsibility for hacking Dallas County, and it is promising to publish information soon. County officials believe, however, that they have limited the breach thanks to security measures they took. We still don’t know, however, if departments and people whose information was compromised have been contacted.
“It appears at this time that the incident has been successfully contained and that Dallas County’s systems are secure for use,” according to the same statement.
If this is true, Dallas County may be in better shape than other organizations, a cybersecurity expert told our newsroom colleague Josephine Peterson.
Back in August, we criticized the city of Dallas for its handling of the April cyberattack after we learned months later that the information from thousands of employees and residents was compromised.
Cybersecurity is a smart investment for local governments and businesses, but we are still on the learning curve. Dallas County should remain vigilant, as there are still many unknowns.
The truth is bad actors are getting smarter and keeping up with the technology is just one part of the defense strategy. Keeping your residents well-informed and prepared is equally important.
We welcome your thoughts in a letter to the editor. See the guidelines and submit your letter here. If you have problems with the form, you can submit via email at letters@dallasnews.com