Philly court system virus was a warning | Editorial
The viral infiltration of the city court system forced the shutdown of online services for more than a month but could have been worse. What's the takeaway from this brush with the sort of expensive that befell municipal networks in Baltimore and other cities?
It appears Russian hackers were not behind the malicious virus that initially affected what officials described as “a few computers” but nevertheless forced the First Judicial District of Pennsylvania, commonly known as the Philadelphia Courts, to shut down its servers, internal email, and website May 21.
Last week, a “miscommunication” led the court system’s administrator to assert that Russian hackers may have been responsible, only to walk back that assertion a day later. The actual source of the attack has yet to be publicly identified.
There is some better news: No ransom demands or data breaches are known to have occurred, internal email service was restored two weeks ago, and the court’s website was back online Wednesday, with electronic case document filing, juror service, and document search functions expected to go live soon.
These are welcome developments, as is the apparently successful quarantining of the virus and the fact that courtroom proceedings and in-person, on-paper filing of court documents have continued. But this hardly means the malware intrusion was a minor event.
Daily, hundreds if not thousands of people interact with the Philly courts, a system with 3,000 employees and a $110 million annual budget. Remediation costs and other expenditures associated with the disruption are not yet clear, although SoluStaff, a firm headquartered in Montgomery County and hired by the court to combat the attack, has so far been paid $17,000.
Last November, City Council unanimously approved a resolution requesting the City Controller’s Office to conduct a performance audit of the city’s information systems and technological infrastructure. The work will include an assessment of how the city manages IT-related projects and is expected to begin by August.
“We’re interested in not only whether the city is susceptible to hacking, and whether the system can be taken down by a virus, but whether people’s information in the system is as secure as it should be,” said City Controller Rebecca Rhynhart.
We support these priorities and also are heartened that city and court employees reportedly worked cooperatively and effectively to isolate the virus and prevent further disruption. The city and the court networks are separate, but linked, behind a common firewall the city maintains. These networks can encompass generations of hardware and iterations of software. They are used daily by tens of thousands of public employees and private citizens. And access can translate into vulnerability.
The Philly attack followed even more extensive and expensive viral infiltration of government computer networks in Baltimore, Atlanta, Allentown, and other cities in the last 12 months, suggesting widespread vulnerabilities — and widespread threats. Experts say the notion that Philly or any other public or private entity will be able to render its networks invincible is a pipe dream; the days when a firewall and anti-virus software would do the trick are over, particularly in an ever-evolving technological and political landscape.
Resiliency, rather than invincibility, ought to be the goal. This should begin with the IT auditor who will be hired by the controller’s office and the security experts already working for the courts.