A few weeks ago I wrote about my memorable December 2014, when I saw some original, founding historical documents. While I was busy time traveling, our City IT staff was spending the Christmas holidays struggling with a very nasty gift from a very bad Santa. It has passed into our lore as the “Christmas DDoS Attack.”
Around 11 p.m. on Wednesday, December 24, we were alerted to a distributed denial of service, which was reported to the community. Our website went down, and we guessed it might have been the work of Anonymous. The TV station that reported the problem had a similar attack on Friday. The station’s website had issues that weekend, and we were functional again on Saturday.
Our tech folks say that a DDoS attack is like death by a million hugs. The perp tries to overwhelm online services with a lot of traffic that saps bandwidth and makes a site unavailable to users. While you’re down, people can’t pay bills or fines, online forms are unavailable and GIS and public safety services can be threatened. Successful attacks are embarrassing, our folks say, even when it’s not your fault.
Well, we learned that Anonymous was not behind the attack. One of the actual perps chided us for our ignorance. We also learned great lessons that, now that everyone had been debriefed, our IT staff is encouraging me to share with you.
When asked, “What the heck is going on,” avoid IT-speak that does not build trust, such as:
- “We are aware of a problem and technicians are working to resolve it;”
- “We are experiencing unusually high volumes of website traffic;” or
- “We do not discuss security incidents.”
Instead, notify your management, your tech staff, all affected employees, the news media and your industry partners. Our holiday messages were:
- “Our website outage was caused by a cyber-attack. No private data has been breached (for media);” and
- “We just experienced a DDoS. If you want more information or want to know what we’ve learned so far, let us know (for partners).”
Our IT folks don’t get a lot of news media experience, but they performed like pros. They developed their message early, stuck to the message, had a single point of contact, took questions and delivered answers as soon as they had them. They used social media and engaged proxy experts to run defense, providing facts when inaccurate posts and speculation started piling up. Most important, they were honest and “up front” when handling questions. That’s a sound strategy for most communication challenges.
The event was a resume-builder, with lots of payoffs:
- A new hacking technique, previously unknown to the FBI, homeland security officials and other, was unconcovered;
- Nationwide exposure identified several of the attackers;
- Because we engaged them during the attack and followed up later, local businesses and institutions are better prepared to deal with their own issues;
- We shared lots of input on security improvements and have a strong professional network going forward; and
- We proved to be a trustworthy institution.
There remains only the stated reason for the attack. Please check this link for a local news report. I just have a “he-who-must-not-be-named” feeling about this, but I’m sure proud of our IT strike force!
Toni Messina is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.