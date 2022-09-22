High tech cleanup continues in the Stowe town offices, as tech crews continue to comb through its email servers following a hack attack last month.
The town selectboard Monday authorized spending $18,000 to implement new network and system monitoring services. That’s how much it’s estimated to cost — the subscriptions total roughly $2,000 a month — for the rest of the fiscal year.
Since the expense was not previously accounted for when this fiscal year’s budget was adopted in January and approved in March, it required board approval to transfer the funds from the administrative contingency fund to the IT budget.
Stowe resident Paul Sakash asked if the work had been put out to bid. It was not, explained board chair Billy Adams, because it was basically an “add-on” to services already provided by the IT company, Simple Route.
According to an incident summary from the town’s IT director, Jonathan Thereault, although the initial Aug. 30 attack was on finance director Cindy Fuller’s email, a forensic analysis on that account and the entire town email system revealed another nine accounts with suspicious activity. That activity and potential unauthorized access is believed to be related to the original phishing email.
Active sessions to those nine accounts were terminated — as was done with Fuller’s account — and multi-factor authentication was implemented for all town accounts.
After that, all the compromised accounts were evaluated to see if there was any personally identifiable information. That scrub turned up an additional four accounts that are now also undergoing forensic analysis.
“Steps have since been taken to improve security across the network,” the incident summary reads. “Multi-Factor Authentication was on the roadmap for the municipal network already, but its deployment has been prioritized and it is in effect on all user accounts, which has been followed by a required password reset. In addition, the methods of remote access into the municipal network are being consolidated and will have much stricter authentication requirements going forward.”
Town manager Charles Safford said the phishing attempt got the town’s attention as well as the attention of the town’s insurance company.
“We have people’s bank routing numbers due to property tax payments, we have employee Social Security numbers on our computers and we’re looking for reasonable measures to try to do things that would protect our interest, and those who provide us information, to keep it secure and to keep from having to be subjected to ransom demands or other things that might put us offline operationally,” Safford said.
The $18,000 transfer to cover the security subscriptions for the rest of the year had originally been included as part of the board’s “consent items,” a grouping of relatively minor actions at the top of every selectboard agenda that are typically passed as a slate, with little fanfare.
But board member Paco Aumand asked for the item to be pulled out so it could be discussed and passed as a standalone motion.
“It’s $18,000 of unbudgeted funds coming out of a contingency that is basically going to lock us into future payments of $24,000 on a yearly basis,” Aumand said. “I just think that it’s not appropriate to place that in a consent agenda.”
