Brian A. Hawkins Googles his name and last employer and winces.
The words that appear are verbs like “fired,” “axed” and “sacked.”
The former information technology director of Lake City, the northern Florida city that was forced to pay out nearly half a million dollars after a ransomware attack this summer, was blamed for the breach, and for the long time it took to recover. But in a new lawsuit, Mr. Hawkins said he had warned the city about its vulnerability long ago — urging the purchase of an expensive, cloud-based backup system that might have averted the need to pay a ransom.
But there was no money. And to those weighing the many competing priorities in the northern Florida city of 12,000 people, purchasing capacity on remote computer servers didn’t seem to rise to the top — at the time. Once the city’s entire computer network crumbled in the space of a few hours, there was an intense round of finger-pointing, and it ended with Mr. Hawkins.
“My name has been blasted all over the media and across the country for weeks,” he said in his first interview with the news media since the attack earlier this summer.
The recent cyberattack in Texas, which crippled the computer systems of nearly two dozen cities simultaneously, has served as another reminder of how outgunned most municipalities are against sophisticated hackers. With cities from Florida to Maryland grappling with an onslaught of ransomware attacks that are costing millions, the harsh reality is that it is often one- or two-person information technology offices with meager budgets and strict spending rules that are the main lines of defense.
[Ransomware attacks are testing resolve of cities across America]
They are often up against organized criminals and nation-state actors who know how to take advantage of their weaknesses, and who are able to refine their weapons with the hundreds of thousands of dollars in ransoms being paid by vulnerable cities.
The lawsuit Mr. Hawkins filed in Columbia County state court on Aug. 9 raises the inevitable question of liability: When hackers wipe out a city’s computer system, who is to blame?
“There is a push for accountability, which means firing people. It almost never happens,” said James A. Lewis, a researcher at the Center for Strategic and International Studies. “A lot of times ransomware exploits a vulnerability that should have been fixed. You need to look: Did somebody slip up on the job?”
Two high level I.T. employees were fired after an attack this year in Baltimore, but city officials denied that the dismissals were related, The Baltimore Sun reported. No one in the Texas city of Laredo was disciplined after an attack there. A spokesman for the Texas Department of Information Resources declined to comment, citing the pending investigation.
The troubles in Lake City, about an hour west of Jacksonville, began when…
Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector
As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to repor…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
