Hamden mayor estimates $500K to address spring cyberattack

Hamden mayor estimates $500,000 cost to address spring cyberattack
Photo of Meghan Friedmann
Meghan Friedmann
Oct. 4, 2022
Updated: Oct. 5, 2022 3:25 p.m.
Comments
Hamden Government Center
Hamden Government Center

Hearst Connecticut Media file photo
HAMDEN – A May 26 cybersecurity event that compromised the town’s information technology system and affected government email for weeks is expected to cost the town roughly $500,000.

The funds cover legal expenses, a forensics investigation, consultation services, a multi-factor authentication upgrade, security awareness training and increased storage space, according to a memorandum Mayor Lauren Garrett sent the Legislative Council.

Much of the money was needed to get Hamden’s system “fully operational again,” said town Constituent Services Manager Brian Murphy, who has played a leading role in the IT recovery. But the work also created a network that is far more secure than it was, he said.

Town officials believe an unauthorized user exploited a vulnerability in Hamden’s virtual network in May, Murphy said. The weak point in Hamden’s system was known as a Log4j vulnerability, he said.

More News
Avelo to 'seasonally suspend' Tweed flights to Chicago for winter

Hamden homicide victims could be honored in new garden of healing

The Federal Trade Commission warned of the Log4j vulnerability near the start of the year.

“Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services,” a Jan. 22 FTC blog post says.

It goes on to say that a “serious vulnerability” was identified in one of the Log4j logging packages, “proposing a severe risk to millions of consumer products to enterprise software and web applications.”

“This vulnerability is being widely exploited by a growing set of attackers,” the FTC post said, urging companies that use Log4j to update the software immediately.

Hamden officials believe the Log4j vulnerability “allowed (an unauthorized user) to install a piece of software on our system that eventually allowed them access to encrypt it,” Murphy said.


The town’s virtual servers were encrypted during the incident, causing them to lose functionality, according to Murphy, who said it appears the user did not take any data from the system.

Hamden was one of multiple entities targeted over Memorial Day weekend, according to Murphy, who said the town “had already identified organizational changes that we wanted to make” when the security breach occurred.

IT staffing also was a challenge at the time, Murphy said, adding that though the department had two “awesome” technicians, its former manager left last fall.

“I do think there are things that we can do to make it better,” he said when asked whether the town could have done anything differently considering the security breach. “All things considered I think that we were able to adapt to the situation and I do recognize going forward what we need to do to be able to react to vulnerabilities.”


Even though Hamden’s data was backed up, Murphy said, getting the system up and running has been a long process and is only just nearing its end after more than four months.

“The data itself was there. ... It’s kind of like having a history book telling you about a government from the past,” he said. “That doesn’t mean the functionality exists.”

The town had to rebuild the network from the data it had, Murphy said.

Early on after the incident, town email was down and Government Center employees were accessing their work by sharing the small number of Town Hall computers physically connected to the network, according to Murphy.


As the town got each server back up and running and began to restore remote access, he said, it added additional monitoring software, rolled out a multi-factor authentication system and reconfigured its security system.

An approximately $267,000 item marks the largest expense associated with the IT restoration, according to Garrett’s memo, which says the amount covers “incurred and estimated additional costs for consultant remediation services.”

Murphy said the expense has paid for toward a subcontractor that helped the town rebuild the network and complete “at least a year’s work of work in a very short amount of time.”

A cybersecurity firm, the subcontractor also tested Hamden’s system for vulnerabilities, Murphy said.


Garrett has asked the council to amend the current budget to add the $500,000 to an IT Restoration account, according to the agenda for Monday’s Legislative Council meeting. She recommended appropriating the money from the fund balance.