The Regional District of Okanagan-Similkameen (RDOS) was woefully unprepared for a ransomware cyber attack which forced the local government to take down their systems for over a week earlier this year, according to a recent report from IT consultants.
Michael Rogers with TMC Consulting presented his findings to the RDOS board at the Dec. 17 corporate services committee meeting.
“It’s not pretty,” Rogers said, echoing a statement from Bill Newell, CAO of the RDOS.
The consultants recommended completely rebuilding the RDOS technical infrastructure. The delay in restarting the regional district’s systems earlier this year was due to a lack of failover systems, or back-up servers and systems.
“When you were attacked, the fact that you didn’t have any capability for your critical systems to failover in some respects made the problem worse,” Rogers said.
The RDOS has also not had any external penetration tests, where ethical hackers try and hack into the system to point out problem areas. The report also outlined a lack of capability around security issues and the regional district’s response to breaches of security.
“Had you seen this before you actually had your cyber attack, you would heard us say you don’t have adequate security capabilities and you don’t have failover capabilities for your systems. Unfortunately, you did have that event and I think you’ve all kind of seen and felt the effects of that,” Rogers said.
The regional district’s vast geographic size, over 10,000 square kilometers, also contributes to some issues when it comes to information technology.
“You really don’t have adequate resources to support a network that is that vast,” Rogers said.
“When we look at your overall approach to connecting your locations what we’ve observed there is you don’t really have a unified approach, so there’s different services in different locations and they all have their own way of connecting. You don’t have the ability to monitor and manage these components remotely which is also an area of concern.”
The RDOS could better use its funds for telecommunications and is missing opportunities to reduce costs and improve service with more uniform systems, the consultant’s report found.
While the regional district is awaiting a post-mortem report on the cyber attack, expected in early 2021, the consultants recommended completely rebuilding the district’s IT systems.
“What your IT department has done is they’ve kind of reactivated many of your systems just to get them running. I don’t think that I would assess that and say ‘well, you’ve rebuilt them.’ There’s a difference between rebuilding and improving and just getting them back up and running again,” Rogers said.
“Obviously the most important is rebuilding your infrastructure. There is some immediate things that need to happen in 2021 to improve security and reliability. But on an ongoing basis there will continue to be upgrades that you need to do in order to keep things secure and keep them reliable.”
The regional district has received a wake-up call from both the cyber attack and the demands on technology arising from COVID-19, according to Karla Kozakevich, RDOS board chair.
“That ransomware attack, and COVID, has really kicked us in the butt and let us know that we need to improve our technology. We were really behind on it, frankly, so we are going to move forward with better technology and better security,” Kozakevich said.
She noted recent improvements to allow the regional district to livestream their meetings, an improvement which came about due to the ongoing pandemic, as a slight silver lining during a dismal year.
“With COVID, as much as it was a bad thing, I guess the good side of it was it forced us to get with the times,” Kozakevich said.
Dale Boyd, Local Journalism Initiative Reporter, Times-Chronicle