Cyber experts 'working around the clock' to fix disruption of Hamilton services: city manager
City says 'swift action' has been taken but shared few details on what occurred
The city is working with cybersecurity experts and has "engaged" police to address a days-long incident that's disabled IT systems and impacted services, says city manager Marnie Cluckie.
The disruption began on Sunday and the city initially thought it was an issue with an IT server, Cluckie told CBC Hamilton in an interview Tuesday afternoon. By the evening, staff realized a cybersecurity "incident" was behind the disabling of some of the city's IT systems.
She would not provide any specifics about the nature of the incident or exact cause.
Cluckie said the city must be careful about what information is shared as the situation is ongoing. "City staff are working still and many services are running fairly seamlessly," she said.
A list of impacted departments and services will be released soon, she added.
"I also want to assure residents we are taking this matter extremely seriously and have engaged with a team of extremely talented cyber experts who are working around the clock with us to investigate and minimize impact and protect the community," she said.
City emails, phone lines, the transit app HSRnow and onboard bus stop annunciators were among the services the city said were disrupted.
All city committee meetings that were scheduled for Tuesday, including the airport subcommittee and the veterans committee, were cancelled "due to technical issues."
Services with the Hamilton Public Library also continued to be impacted — WiFi was unavailable at all branches, it said Tuesday, and its Virtual Book Club slated for Tuesday evening was cancelled. Branches remained open, however.
The city has provided no specifics on what exactly occurred and if personal information was accessed.
"Critical services such as transit, water and wastewater treatment and emergency services are operational," the city said in the Tuesday statement, adding that "a dedicated team of experts has been working as quickly as possible to get the system up and running in a safe and secure manner."
City staff processing transactions manually
The Customer Contact Centre is operational and able to take phone calls from residents at 546-CITY, but the city says their team is on a reduced capacity. It is therefore asking for the public's patience while the team triages phone calls.
City staff are also processing routine transactions manually, the city said.
Hamilton Street Railway (HSR) said Tuesday some of its services continue to be impacted by the ongoing city-wide IT issue.
Buses were starting as scheduled, with minimal delays, but HSR asked for understanding and patience from customers as "bus operators will be driving without the aid of the computerized schedules."
The HSRnow trip-planning app is also affected, and email and phone lines are not operational, HSR said.
Eric Tuck, president of Amalgamated Transit Unit Local 107, said the job of bus drivers is "somewhat difficult" right now.
If a driver needs to make a detour they have to pull the bus over and write the instructions down, because the communications systems are down.
Tuck said drivers have been asked "to call out the stops as well because the system that usually announces them doesn't work."
Drivers are "managing for the most part," he told CBC Hamilton.
No silver bullet to stop attacks: expert
In recent months, several public institutions in Ontario have been hit by cyberattacks. These include the Toronto Public Library, Laurentian University in Sudbury and all five southwestern Ontario hospitals.
Joe Stewart, principal security researcher at eSentire, a Waterloo, Ont.-based provider of cybersecurity, says while cities can't prevent cyberattacks they can definitely prevent them from being successful.
"While there's no single silver bullet that will stop these, it's the same thing that we've been preaching about for years and years and years — it's a layered defence," Stewart told CBC Hamilton.
Stewart said cities "are a favourite target" for cyberattacks, because of the number of entry points into the system and the sheer amount of data it collects, so they should have a plan for when an attack happens.
Stewart also had the following security recommendations for cities:
- Have a backup copy of all critical files and make sure they are offline backups. Backups connected to the infected systems will be useless in the event of a ransomware attack, for example.
-
Require multi-factor authentication to access your organization's virtual private network (VPN) or remote desktop protocol (RDP) services.
-
Phishing awareness: Ensure that your employees are regularly receiving security training.
-
Ensure your organization's IT environment, including your network, endpoints and logs (both on-premises and in the cloud) are protected 24/7 by a Managed Detection and Response solution or service.
-
Ensure that your organization is doing regular and timely patching and updating of its software applications, operating systems and all third-party tools.
-
Employ the principle of least privilege with staff members.
Are you impacted by the cyber incident in Hamilton? Tell us how: hamilton@cbc.ca
With files from Samantha Beattie and Bobby Hristova