City working to protect itself from cyber attacks

Regarding the strength of the City of Auburn's information security systems today: it's good, very good.

By Robert Whale • October 21, 2015 6:24 pm

Regarding the strength of the City of Auburn’s information security systems today: it’s good, very good.

To the 500 employees with sensitive information stored in the City’s computer systems, be it Social Security numbers, driver’s license data, health care information, or even something as simple as an application for the Family Medical Leave Act, that’s very good news.

Good news alike for police officers who deal with extremely sensitive information every day in their contacts with the FBI, the Washington State Patrol, the Central Justice Information Center and other state and federal agencies and who must follow strict security protocols to access it.

Good news as well for the City’s finance department, which processes roughly 24,000 financial transactions a month, including credit card transactions.

But as good as the City’s systems are now, there can be no resting on today’s laurels.

As David Haugan, Information and Technology director for the City of Auburn, recently told City leaders, the way to keep things secure is to stay ahead of the guys with long, bony fingers lurking in the shadows beyond the firelight.

Or in plainer terms, avid cyber thieves in Russia, China, the old Baltic states and elsewhere.

“Every single day, every month, and annually the City stops thousands, if not more, viruses from malware and from people trying to get into the system,” Haugan said.

And while the City processes 100,000 or more emails every month, it rejects 30,000 of those emails that come either from the bad guys or that enter the system in such a way that they can weaken it.

“So we already were doing a lot,” Haugan said. “The folks who built our perimeter security have kept us safe thus far. But they also recognize that we are not experts.”

Which is why the City has brought in experts to perform what Haugan called “a hard-wired, deep-dive security assessment” to ascertain, well, what the City should be doing that it isn’t.

“That’s everything, soup to nuts,” Haugan said of the assessment.

Today, the City of Auburn has three different security compliance requirements it has to meet every year, from:

1. The payment card industry (PCI)

2. The Central Justice Information System (CJIS). Compliance with CJIS protocols ensures that police officers will continue to have access to the Washington State Patrol, the FBI and all the other information they need to do their jobs.

3. The Health Insurance Portability and Accountability Act, or HIPAA.

It’s critically important that the City do so, he said, because information security is changing every single day. Last year hackers hit Home Depot and 58 million records were lost. Hackers hit Anthem Health and 170 million records were compromised.

“It’s gotten up to the point where the U.S. Army got hacked and lost 76 million records. And (recently) Apple Computer got hacked. That’s the gold standard in the IT world. Apple has been notoriously good about cyber security, yet even they got hit,” Haugan said.

“…We have a complex city here, one that is diversified, and it’s not going to get any less complex. We are dealing with an information security environment that is changing on a regular basis, and we want to get ahead of the curve and protect it as much as possible. … There’s something we’re facing in the information security world, and that’s stuff all flows downhill – to little cities like Auburn,” Haugan said.