It was a small thing at city council on Monday, but sometimes the smallest things have the biggest implications.
At Committee of the Whole earlier this month, coun. Phil Allt asked to remove a proposed change to the Procedural Bylaw that would allow phones in closed meetings of council. Councillor Mark MacKinnon brought a motion to this past Monday’s council meeting to basically put it back in the bylaw with some discreet changes.
The debate was mostly between Allt and MacKinnon, with the Ward 3 councillor Allt as the voice for cyber security and Ward 6 councillor MacKinnon as the pragmatist. It’s 2019, MacKinnon argued, and council will be moving to an electronic agenda system in the new year that needs devices in order to be accessed.
But amidst all this, MacKinnon responded to one of my tweets covering the debate with the missive “But … Russians!”
It took me back to the debate over internet voting two years ago when some on council, perhaps unintentionally, mocked the concerns of people that internet voting was not secure. “Why would Russians hack the Guelph election?” I remember being a question asked allowed.
The answer then, is the same as it is now, Russia is not the internet bad actor we have to worry about here in Guelph. Having said that, Ontario municipalities have to be deeply concerned about internet crime that has nothing to do with Russia, the Matrix, or the Lawnmower Man.
Down the road in Stratford, they’ve struggled for months after a cyberattack that saw a hacker hit that city’s computer network with a ransomware virus, which denies entry to local computers unless the hacker is paid a ransom, at which point they send a command to allow access.
What was the ransom? Ten Bitcoins, which is about $75,000.
Russia wants to create discord and undermine faith in democratic institutions so that they might more easily accomplish their own geopolitical goals. Meanwhile, the Stratford hacker just wanted the max amount you can win on a bingo scratch ‘n’ win.
Joke all you want, but it doesn’t take much to undermine the system we rely on all the time, whether it’s getting information on city services and activities, or something a little more concerning, like all the private information attached to you property tax account.
But just as it’s case closed for Stratford, new reports have emerged about the City of Woodstock being a victim of a cyber attack. According to the Woodstock Sentinel-Review, Woodstock’s network was breached on Saturday with a virus that blocked employees from accessing email and network data.
No formal ransom demand has been received at the time of this writing, but are you seeing a pattern here?
The fact is that there’s a veritable digital crime wave happening online and in the administrations of Ontario municipalities.
In Burlington in May, a phishing scam resulting in half a million dollars being transferred to someone that was posing as a vendor used by city hall. The treasurer In Ottawa also sent money to a fake vendor, even if it was just the relatively small amount of $100,000.
On top of that, both Midland and Wasaga Beach were the victims of ransomware attacks in 2018, and the ransom there was also in the form Bitcoins.
It’s safe to say that one body or person is not responsible for all these attacks, but there are two dozen communities in Texas that can’t say the same. In the Lone Star state, 23 city and government agencies were hit by ransomware attacks in August.
On top of that, there was a report in May that listed over 169 instances of ransomware attacks against local and state governments in the U.S. since 2013.
If we were talking about pipe bombs being sent to city halls across North America, would we be joking about taking steps to enhance our security, or even just for suggesting that security should be enhanced.
There are clearly threats out there to the cybersecurity of municipalities, and even if the IT teams at those city halls think that they’re ready, it seems clear that the old adage about building a better mouse through a better trap rings true even when you’re speaking digitally.
And while all this is happening, I’m reminded that it was almost a year ago that Guelph voted in the municipal election and there was no internet voting option despite the support of many citizens and a little less than half of city council.
I also remember the visceral division that caused at the council meeting that decided no internet voting, and at the time calling for a more robust debate with expert advice and information, which has yet to happen.
If we’re still joking about municipal cyber security after the kind of year we’ve had, then we desperately need to have a more robust debate about all things digital, because a big surprise might be coming as the digital pirates keep working their way from port to port.