Dallas County IT officials were warned about cybersecurity concerns shortly before county systems were hit with a ransomware attack.
As previously reported by The Dallas Express, the County fell victim to a cybersecurity attack on October 19 that resulted in data being stolen from county systems and posted online.
Yet during September and October IT Executive Governance Committee meetings, concerns were raised about vulnerabilities in the County’s computer systems, including passwords, document disposal, public network, and reCAPTCHA, as reported by KERA News.
Dallas County did not have an IT director at the time of the ransomware attack, as former director Melissa Kraft had resigned in July. Dallas County commissioners indicated an intention to begin searching for a new director soon, as previously covered by The Dallas Express.
The County’s current top IT official, Chief Information Security Officer Collins Dibaki, told the IT Executive Governance Committee in September that the department already possessed the funding and resources to protect its system from ransomware attacks.
“I have the resources I need now, building the muscle we need to deal with any potential incidents that are coming our way,” Dibaki said, per KERA. The IT department’s current annual budget is $70 million — $12 million more than its $58 million budget last year.
However, those resources were apparently not effectively mobilized, as the County still experienced a data breach. Now, following the October incident, county commissioners remain concerned about the County’s cybersecurity.
“You know, my concern is here we are navigating, how do I say this nicely, navigating treacherous waters,” said Commissioner Elba Garcia, per KERA News. “You know, when it’s very challenging for every single department, moving more pieces that we don’t know where they’re going, and we don’t have the people to solve it if these pieces do not work.”
In August, the County hired research and consulting firm Gartner to analyze its computer system. Commissioners have hesitated to authorize additional funding until after Gartner reports its findings.
“At this point, I’m just going to abstain,” Garcia said. “We’re having a study coming. We have no director. We have the same structure that made the same decisions that obviously were not probably timely.”
The City of Dallas suffered a ransomware attack in May, which led to hackers posting sensitive information from 26,000 people, including children, as previously covered by The Dallas Express.
