The city’s new chief information technology officer recently told the City Council he believes training and long-term investment will be needed to ensure the city’s computer network is secure in the aftermath of a cyberattack of that network.
Gregory Cotten reported for work more than a month after the disruption to the network began in August. Hackers demanded a ransom payment from the city in return for a tool to decode computer files for the city to regain access to them and for any data possibly taken from the network.
Cotten outlined a list of his recommendations for greater future network security during a council work session on Oct. 12. On that list, Cotten said, is having a business systems analyst.
Generally, a business systems analyst works with the computer technology required at a business or an entity and decides what upgrades and installations will improve efficiency in the workplace.
On that list of recommendations, Cotton also said, is having an emphasis on preparation to keep the city’s computer network fabric of connections intact and to keep the network from intrusions.
Cotten said this includes making sure the city is able to educate city employees using the computers about intrusions to help them identify what they look like.
“And I recommend that we have ongoing cybersecurity training for all employees on a quarterly basis with tests,” this to be certified to use the city’s network, Cotten said.
“That is something that I’m big on,” Cotten said.
Cotten also said he recommends following guidelines used by the federal government to help keep a cyberattack from occurring again.
During his remarks to the council, Cotten also said he recommends the city have policies for users of the city’s computers to create special characters when changing passwords so hackers cannot gain entry.
Cotten said he recommends changing passwords every 90 days.
Overall, Cotten said, “Of course with any of this, funding will be a challenge, because there are specific agents and devices that I would need to put on the network that is not going to be too cheap, but it’s in order to keep us in the same vein.”
Generally, an agent is a program designed to perform continuously and separately on behalf of a person or an organization, with an example being the archiving of files.
“We have to really strongly recommend a funding stream for this, whether it’s capital or operational,” Cotten said.
Councilman Lige Daughtridge told Cotten the city does have some challenges “and I know funding is one of those.”
Daughtridge asked Cotten, “Have you explored any initial expenses that are facing the city with what you’d like to do or is it too early to answer that?”
Cotten told Daughtridge at this time, “I’ve created a rough order of magnitude” and that will be something he will present to City Manager Rochelle Small-Toney.
“And that’s the best that I can tell you at this particular time. But yes, I have explored that,” Cotten told Daughtridge.
Daughtridge told Cotten he has benefitted from using a password generator and added he thinks this would be a good investment for the city.
A password generator is a device that can automatically generate a password based on guidelines one sets to create strong and unpredictable passwords for each of one’s accounts.
Councilman Richard Joyner asked Cotten whether he has had any chance to look at how the city’s computer network compares to those in surrounding cities.
Cotten said he has looked at some of the agents Durham has on that city’s network and understands what Durham has.
Cotton said he and his team will mimic that and expand on what he believes will keep Rocky Mount’s network going in the right direction.
Cotten said he has not yet spoken with Durham’s chief technology official but plans to do so.
Cotton also said he believes that since Rocky Mount is close to Research Triangle Park, the city needs to capitalize on some of the expertise there, as well as from where he came from.
Cotten has 20 years of experience in delivering technology, including after most recently serving as general manager for Standard Office Solutions.
Councilwoman Chris Miller, who participates in council work sessions and meetings via teleconferencing, told Cotten that as he spoke, he used a lot of jargon and lingo familiar to those working in the computer industry.
“It would be helpful if you would provide a brief glossary of the terms that you are using so that we all understand the meanings,” Miller said.
Cotten acknowledged Miller’s request and Miller said she would welcome the response to her request in an email later.
The city administration said the network disruption first was detected on Aug. 14.
The Telegram, for a story published on Aug. 19, reported that police were having to fill out incident and offense reports by hand and that the city’s system to enable a customer to pay his or her bill online was not functioning.
The city’s Facebook page said customers could use the drive-up service at the Business Services and Collections location along South Franklin Street and pay bills with cash, check or money order.
The city on Sept. 2 held a news conference led by Small-Toney, City Finance Director Amy Staton and Mayor Sandy Roberson.
The public found out a person or persons hacked the city’s computer network by using Conti ransomware — and the municipality, based on recommendations from authorities, refused to pay a ransom.
Conti is a reference to a family of ransomware and can be used to target corporate networks.
The public learned the demand was for a payment with Bitcoin digital currency.
Cotten began working for the city on Sept. 21 after the city administration had been unsuccessful in filling what was a newly created position to highlight and expand the city’s technology.