Cyberattack on city was predictable

After experiencing a cyberattack on Dec. 7, 2019 that impacted the City of Pensacola’s network, the city engaged Deloitte & Touche LLP to assess the incident and provide observations and recommendations to mitigate the risk of further cyberattacks.

Deloitte & Touche completed its assessment of the incident and provided the City of Pensacola with areas of strength along with opportunities for improvement, which the city will be evaluating and implementing where feasible to increase network security.

Among the list of recommended changes, the consultants recommended the City consider a dedicated security staff. The City had moved its Technology Resources department to be under CFO Dick Barker six years ago. The move let the then-Interim City Administrator Barker promote a manager without the approval of the city council.

The Technology Resources manager was a former communications technician who was hired 28 years ago as data processing clerk after graduating with an associate degree in scientific programming from Pensacola State College.

The mayor’s transition team expressed concern that Technology Resources wasn’t an independent department. However, the City didn’t listen.

Other recommendations included developing a more robust Incident Response plan and conducting regular assessments of the security posture of the City and addressing issues as they are discovered.

In a press release, the city said it would evaluate the recommendations included in Deloitte & Touche’s executive summary, along with additional security measures outlined in the full report, which would not be made public in order to maintain the city’s network security (exempt from public records per Florida Statute 119.071(3)).