Ransomware at Louisville Regional Airport Authority

Airports were once again subject to ransomware attacks this week as the Louisville Regional Airport Authority (the managing entity for Louisville Muhammad Ali International Airport and Bowman Field) fell victim. The good news in this case is that the attack was isolated, the issue contained, and data restored. Hats off to the team at LRAA for their work! You can read more about this story in the Courier Journal.

As we’ve seen with Cleveland, Atlanta, Bristol, and countless others, airports have become a major target for cyberattack. Not only that, over twenty US municipalities have been caught in similar situations, leading to loss of services and discontinuity of operations. Since over 70% of airports in the US are owned and operated by municipalities, we can expect to see more incidents sooner rather than later.

The LRAA incident shows that there are strategies that can help mitigate the risk associated with these types of incidents. In their case, isolation and reaction time was key: while the event did occur, their teams were able to maintain business operations and restore key systems in an effective manner.

Cybersecurity incidents will happen: it’s only a matter of time. This includes cities, airports, and private companies. What matters is proper assessments, planning, controls, and response plans are in place so that business can continue to operate and there is no risk to the safety of customers and citizens. Unfortunately, without proper plans in place, it’s only a matter of time until incident negatively affects safety. It is imperative that organizations and governments dedicate time to putting plans and measures in place to prevent that from happening.

 

Ransomware in Baltimore, Cybersecurity, and Municipal Governments

Once again, a major US city has been hit with a ransomware attack that has affected critical city services. On May 7th, the City of Baltimore fell victim to the same affliction as twenty other municipalities this year. A recent article in Vox details the events, however nothing in the scheme is very surprising.

Municipal governments face a daunting task: provide quality services to citizens and, at the same time, be stewards of the revenue they receive. Oftentimes glaring issues, such as lack of cybersecurity controls and risk management, are missed because there are other critical matters that must be attended to or the leadership in municipalities have not been aware of the severe implications that result when these key areas are overlooked.

The federal government has many focused programs on cybersecurity, however this focus can be attributed to their role in protecting our national assets, interests, and borders. As the problems get more local, physical infrastructure and service quality matters more to local leaders as citizens, rightfully so, expect them to. To that end, there are no sweeping federal regulations requiring all the various political subdivisions to comply with standard cybersecurity controls, business continuity plans, disaster recovery plans, or other related systems to help recover from these incidents.

It is imperative that political leaders and municipal mangers take heed of the recent history of ransomware attacks, data breaches, and infrastructure attacks and incorporate sound cybersecurity practices as part of their budgets and business. While the issues as of late have been more annoying than serious, it is a matter of time before one of these incidents leads to loss of life or long-term damage to critical infrastructure.