Stockton council to vote on ransomware attack response policy

The policy, which experts say is a step in the right direction, was called for in a June grand jury report.

STOCKTON, Calif. — A new policy on the agenda for Stockton city council members Tuesday hopes to better prepare the city for a possible ransomware attack. The two-page proposed ransomware attack response policy was an item called for by a June grand jury report.

The city’s proposed policy provides steps for city officials to follow when a ransomware attack is detected which include notifying the city manager, attorney, council and law enforcement. Ransomware attacks are generally carried out by software designed to block access to a computer system or files until money is paid to the attacker.

Megan Thomas, an associate professor at Stanislaus State’s Department of Computer Sciences, reviewed the proposed policy and says that while it is a step in the right direction, some pieces are missing.

“It was amusingly human-focused from my point of view, there was like nothing about the technical responses at all,” Thomas said. “Any attempt to stop the attack has got to happen within 10 minutes, so by the time we’re thinking of notifying people, you’ve either stopped it or you haven’t, but it was interesting that they didn’t even put that on the list.”

According to Thomas, municipalities like Stockton face numerous threats in the digital age from ransomware attacks to phishing schemes.

June’s grand jury report addressed some of the threats adding that while Stockton lacks a formal policy on payment procedures in ransomware attacks, the city’s large IT department places attacks and disaster preparedness at a high priority.

“Stockton is one of very few cities having license to use a cybersecurity tool integrating the city with the State of California’s Office of Emergency Services. Stockton’s IT Director meets weekly with other department heads, updating them on all matters related to cybersecurity,” the report said. “Stockton met each of the cybersecurity expectations except for the presence of a documented internal policy and procedure for response to a ransomware attack. However, the City does have a Cybersecurity Response Book detailing response procedures for other cyber events.”

Thomas says simple steps such as restricting who gets access to add software, regularly backing up systems to multiple locations, having strong passwords and enabling two-factor authentication could help avoid attacks such as ransomware attacks.

She adds that municipalities often face a higher risk due to their large budgets and employees who sometimes lack cybersecurity knowledge.

“I am reassured to see that Stockton is thinking about this, and is actually bringing it to the attention of people like the city manager and the higher-ups because a lot of times folks like members of the city council don’t think about this stuff until you know, it’s already happened,” Thomas said. “Whether it works or not, at least are trying, which is a step in the right direction to be proactive about these threats.”

Council members are slated to vote on the policy and a response to the grand jury’s report during their Tuesday meeting which opens to the public at 5:30 pm

Watch More Stockton News from ABC10: San Joaquin Delta College group provides students with essentials for success

Comments are closed.