Baltimore officials did not welcome help from Maryland information technology experts for the first week after City Hall’s computer networks were locked up by hackers on May 7 — a delay that is adding to a chorus of complaints about the city’s response.

At the Maryland Cybersecurity Council meeting last month, a senior official for Maryland’s Department of Information Technology briefed the group on Baltimore’s response to the ransomware attack that continues to cripple several city payment functions.

Advertisement

“Initially, for the first week or so, it was very hard to actually get people in there to work with them, and I think that’s because there wasn’t this working, trusted relationship happening prior to the event,” said John Evans, the state’s chief information security officer, according to a transcript of the May 22 council meeting obtained by The Baltimore Sun. “We almost felt a little bit like being kept at arm’s length.”

Evans could not be reached for comment, but he told the council he wasn’t criticizing the city but said rather it offered a lesson about why local jurisdictions and his agency need to establish policies to jointly respond to cyber attacks.

Lester Davis, a spokesman for Mayor Bernard C. “Jack” Young, said the state has “been a godsend” regardless of when its assistance began.

“We were thankful that the state was there and has been there,” Davis said. “When you’re talking about 21st-century cyber warfare the playbook is still being written.”

But some City Council members said they were troubled to learn that the city’s information technology officials did not have a working relationship with their state counterparts.

Baltimore ransomware update: what city residents need to know about water bills, taxes, tickets and more

Baltimore City officials say 65% of employees have email access and expect 95% of email addresses to be restored next week.

Evans told the cybersecurity panel that the state’s help would have been accepted “much faster” if a preexisting “cohesive relationship” had existed between state and city information technology staff.

“Since my guys have been there, I think there’s been some — they’ve contributed to some really significant work, and I think we could have been getting through things faster had that already been in place,” he said, according to the transcript.

Councilman Eric Costello, a co-chairman of a committee investigating the ransomware attack, said the lack of such a relationship deprives the city of valuable state resources. The city’s information technology office operates with a nearly $40 million budget compared to the state IT agency’s nearly $175 million budget.

“The city would have been better positioned if we had access to those resources,” Costello said. “If we don’t have a relationship, we don’t have access.”

Council President Brandon Scott said the city should have as close a relationship with state officials as it does with federal authorities, who quickly responded to the attack last month.

“If they have a working relationship with our federal partners, they should have the same with our state partners,” Scott said. “It’s unacceptable for them not to have a relationship.”

Baltimore Council President Scott to form panel to examine city's cybersecurity after crippling computer hack

Baltimore City Council President Brandon Scott is forming a special committee focused on cybersecurity and emergency preparedness after a ransomware attack.

During a budget hearing Friday, council members criticized Frank Johnson, the city’s information technology director, for his handling of the aftermath of the ransomware attack. They said his office had done too little to communicate with other agencies and elected leaders.

Costello said attacks on computer systems are now inevitable.

“The problem is how we responded to it,” Costello said. “He didn't respond the right way.”

Advertisement

Michael Greenberger, a cybersecurity council member who attended last month’s meeting, said Evans’ comments were delivered to support his presentation about how to improve cooperation between local and state IT officials — similar to how Maryland and local emergency management personnel regularly practice for hurricanes, epidemics and terrorist attacks.

“I can understand how that happened,” said Greenberger, director of the Center for Health and Homeland Security at the University of Maryland’s law school. “In the best of all worlds, the city people should know who the state people are and vice versa.”

But a week-long delay is “understandable” with the FBI on the scene and “all hell breaking loose,” he added.

“Emergency management is nonpartisan,” Greenberger said. “The ransomware shows us we have to move in that direction of doing joint exercises between the state and local jurisdictions.”

A spokesman for the Maryland Department of Information Technology said Gov. Larry Hogan’s administration “is working closely to help with the restoration of Baltimore City’s systems and is providing state and contractual resources, including five employees detailed to the city.”

“Local jurisdictions are encouraged to collaborate with [Maryland’s Department of Information Technology] on the sharing of best practices to strengthen their cybersecurity posture and IT infrastructure,” spokesman Patrick Mulford said in an email.

Baltimore won't be able to send water bills again this month as ransomware recovery continues

As the city digs out from the ransomware attack, officials said they would be unable to send water bills in June.

Davis said Hogan and Lt. Gov. Boyd Rutherford have given Baltimore all the help it has requested and more.

“We couldn’t have asked for more help from the state,” Davis said. “They’ve bent over backwards to help us out, and that will be their posture for the foreseeable future.”

In his briefing before the state cybersecurity council last month, Evans acknowledged that current working relationship.

“We've been working closely with Baltimore City,” Evans said. “At any given time, there’s four to five state personnel pretty much around the clock working with Baltimore City.”

Advertisement
Advertisement
Advertisement