Listen to this article.
WASHINGTON D.C. — Atlanta Mayor Keisha Lance Bottoms delivered testimony before a U.S. House committee on cybersecurity, infrastructure protection and innovation. The hearing was entitled “Cybersecurity Challenges for State and Local Governments: Assessing How the Federal Government Can Help.”
During her testimony, Bottoms talked about last year’s cyber attack on Atlanta’s city government, how the city dealt with it and how the federal government could help in situations like what happened to Atlanta.
You can read Bottoms’ full remarks below:
My name is Keisha Lance Bottoms and I am the Mayor of Atlanta, Georgia, the cradle of the Civil Rights Movement and the anchor of the 10th largest economy in the United States.
I want to thank Chairman Bennie Thompson and Subcommittee Chairman Cedric Richmond for inviting me today to testify at this important hearing. I am honored to be here.
In the early morning hours of March 22, 2018, Atlanta’s government experienced a ransomware cyberattack which impacted our operations and our ability to provide services to our residents and visitors.
To paint a broader picture of the confusion of that day, the City of Atlanta has nearly 9,000 employees. Many rely on technology to do their jobs and keep the City running.
Suddenly, they were incapacitated.
Fortunately, our mission-critical services such as fire, police and ambulance were not affected. Neither was our water supply.
However, some departments and government entities suffered irreparable damage.
The Atlanta Municipal Court had to cancel and reschedule hearings, suffering a major interruption.
Our customer-service interface, known as ATL311, was knocked offline.
Many other applications were impacted or affected, delaying the delivery of city services.
As that first day unfolded, it became clear to us that criminals had attacked the City’s computer systems.
We moved quickly to mitigate the situation:
The first few hours after the attack were crucial for limiting the damage and determining the next steps forward.
We notified law enforcement and key partners — our insurance carrier, outside counsel, government partners and the media.
We also needed to learn in detail what systems, functions and operations were impacted.
That might sound simple, but during an emergency, the process of identifying every compromised system was challenging, especially without the assistance of technology.
Out of an abundance of caution, we took some systems off-line. We also hired an outside security firm to assist with our response.
We soon discovered that the attackers were demanding a ransom payment of $51,000 in Bitcoins to unlock our systems. We refused to pay.
The cost of recovery to date has been about $7.2 million and we expect it will go higher.
Some costs have been reimbursed under our cyber-insurance policies. And additional reimbursements are pending.
Last November, federal authorities charged two Iranians with the attack and outlined their massive scheme to breach computer networks of local governments, health care systems and other public entities.
Atlanta’s cyberattack was not unique.
Digital extortion is now a common occurrence affecting many organizations in the public and private sectors, even hospitals.
With cyber threats becoming more hostile and frequent, organizations must understand how to protect themselves against attacks when they do occur.
The good news is that the City of Atlanta is rebounding from this attack and sharing its experience with other cities.
We are advising them to understand the business-continuity measures they need to have in place. And to do it now.
We are adopting a more flexible and hardened infrastructure, using advanced technologies and the Cloud to diversify and minimize our risk.
We are emphasizing the importance of cross-functional response teams, which include federal and state government partners.
We are in a good place going forward, but no city can do all this effectively without robust partnerships.
Through our process, Atlanta has worked with the FBI, Department of Homeland Security, Secret Service and private sector.
The work we did to prepare for Super Bowl 53 earlier this year was a great example of this collaboration.
We are staying pro-active, so we can understand and manage this ever-changing landscape.
But we’ve also learned that you can never completely protect a computer network.
The City of Atlanta is more prepared and resilient than ever, but local and state governments continue to need your partnership.
You can help by providing funding to assist cities in preventing, preparing for, and responding to cyberattacks.
You can help by empowering agencies to develop and share best practices with state and local governments:
Many small cities lack the resources necessary to develop this kind of safety net.
The federal government should also expand programs that share real-time threat information, which is often critical in avoiding and mitigating threats.
We should also have federal programs in place to provide cybersecurity disaster-relief funding. This will help offset recovery costs borne locally.
Lastly, we need your help to ensure the safety and security of the electoral process, as city and state governments administer the elections that are the foundation of our democracy.
We are living in a different digital world now.
Nation-state actors and other foreign adversaries are on the attack. We need a strong federal partner to defend against them.
With the support and assistance of partners such as the Department of Homeland Security — and this distinguished Committee — all our cities, and our country, can be safer by being better prepared.