During its Wednesday meeting, the Dallas City Council directed $2.7 million toward cybersecurity, a move that comes as Dallas County wrestles with its own attack from online hackers.
As previously reported by The Dallas Express, the City of Dallas had already spent at least $8.5 million on recovery from the ransomware attack in May in which hackers obtained the personal information of more than 26,000 City employees and family members. It also allocated an additional $3.9 million for a new system to detect potential cyber-attacks in the future.
This nearly $4 million system is being acquired from Netsync Network Solutions. Among the $75 million of taxpayer spending authorized by the council on Wednesday were two more deals with this same company totaling $2,677,834.
First, the council approved spending $2,167,522 on network security management in a four-year purchasing agreement. City officials told The Dallas Morning News that the agreement is intended to allow the City to continue using a network monitoring tool it already has.
“The security operation team will utilize this technology to assist in detection and prevention of network security breach and destruction from malicious traffic,” according to city documents. “The system ensures the security team shall have adequate security alerts to allow faster response to identified anomalous traffic internally.”
Second, council members authorized a three-year, $510,311 purchasing agreement for “cloud-based security software … that will secure online communication, protect websites, and ensure the authenticity and integrity of digital transactions … through the management of a secure socket layer and secure email certificates.”
This software is not currently owned by the City, according to the DMN.
These expenditures come after a recent City error apparently caused filers of open records requests in October, namely The Dallas Express, to receive an automated alert saying that the City of Dallas was experiencing a cybersecurity issue. DX was later told that this was a leftover alert from the May ransomware attack and that there was no new cybersecurity incident.
Meanwhile, Dallas County Judge Clay Jenkins confirmed an October cybersecurity incident affected the County’s systems. Strangely, the County’s issue happened to coincide with the period when the City’s systems were sending out an apparently erroneous automated notification about a cybersecurity incident.
Jenkins further confirmed that the hackers had posted data online that they had stolen from county servers, as previously covered by The Dallas Express.
“Dallas County is aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident,” he said on Tuesday. “We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact.”
Jenkins said the investigation into the cybersecurity attack against the County is ongoing.