IT Investments Made a Difference in Sammamish
Schommer was instrumental in getting Sammamish back on track. At a meeting with city officials and other volunteers, he drew up a plan for first building an IT perimeter and developing a secure environment for work. His approach was accepted, and the city recruited him to come out of retirement and lead their recovery for the next six months.
The first step was to get a modern firewall deployed and allow only web traffic. Schommer had a good relationship with solutions vendor FireEye from his time with the utility, which was a long-term FireEye customer. His contacts there overnighted him one of their network appliances that inspects network traffic to give him visibility into what was going on.
“You can’t fight what you can’t see,” Schommer says. “That allowed me to discover the type of ransomware, the active callbacks to the command-and-control server and the type of encryption they had used. Then we started to rebuild the city systems from the ground up.” The city now deploys FireEye’s network, email and endpoint security tools.
Schommer says the increasing number of news reports about ransomware is making it obvious that many municipalities and state agencies large and small are in the same boat Sammamish was in before the attack. “Cybersecurity equipment, endpoint protection and advanced email protection are the three components that I think every agency needs to have, because that is how the attackers get in,” he says.
READ MORE: What are the benefits of cybersecurit automation in government?
A Fresh Start with New IT Leadership
As he left Sammamish last summer, Schommer and the city finance director estimated the six weeks or so of downtime for 120 employees cost the city $1.1 million in lost labor costs — the soft costs. The city felt the impact in other ways as well.
“Vendors were not getting paid, builders were not getting permits — there are a lot of downstream impacts.”
Fast-forward a year, and Sammamish is in a much better place, according to current IT Director Jim Hominiuk. “We have continued to expand our layered approach to cybersecurity. We leverage multiple vendors like Microsoft and Cisco to help us,” he says.