Columbus to spend 23M on cybersecurity after 2024 city hack

pDays before the oneyear anniversary of the cyberattack that temporarily crippled Columbus computer systems and resulted in the leak of stolen city data on the dark web the city is considering investing 23 million to strengthen its cybersecurityppThe Columbus Department of Technology is asking the Columbus City Council at its meeting tonight July 14 to approve the spending on implementing a zero trust networkppSoon after the hack was discovered around July 18 2024 the cybercriminal group Rhysida took credit for the attack and released city data on the dark web That data included private information such as Social Security numbers for nearly half a million residents and thousands of city employees as well as information about crime victims and undercover officersppThe funding being considered by the council would modernize the citys IT infrastructure and address industrybest practices according to the proposed ordinanceppJennifer Fening deputy chief of staff of communications for Mayor Andrew J Ginther told The Dispatch in an emailppFederal state and local governmental entities including the City of Columbus face persistent and sophisticated cybersecurity threats These threats are constantly evolving and increasing in sophistication Cybersecurity experts and researchers have developed the Zero Trust Network framework to adapt to these threatsppUnlike traditional security frameworks a zero trust network assumes threats can exist inside and outside the network and requires strict verification for every user and device according to Fening The new framework will also segment the citys network into smaller isolated zones making it less likely that a threat could reach the entire networkppThe City of Columbus is seeking to commence its Zero Trust Network project later this year and anticipates that it will take at least two years to implement with an estimated investment of 23 million Fening saidppColumbus previously spent 7 million to contract with Dinsmore Shohl a law firm and its cybersecurity subcontractor for forensic analysis and to develop a report about the hack The city has also spent 625000 on legal services from Vorys Sater Seymour and Pease to defend the city against two lawsuits brought by city employees over the attackppRelated news Columbus Mayor Ginther are finalists for secrecy award over handling of 2024 cyberattackppFor nearly a year Ginthers administration has repeatedly pushed back the expected release date of the report from Dinsmore Shohl about the attack Currently no release date has been announcedppThe city has released little information about how hackers breached city systems or how the city handled the fallout behind the scenes Ginther initially told reporters that the stolen data was encrypted or corrupted and unusable A local cybersecurity expert went to the media within hours and revealed that to be falseppThis story will be updated based on Monday evenings Columbus City Council meetingppGovernment and politics reporter Jordan Laird can be reached at jlairddispatchcom Follow her on X Instagram and Bluesky at LairdWritesp