Q: As Jacksonville Today reader Duke L. observes, Jacksonville Beach appears to still be suffering from the possible cyberattack that struck in late January and temporarily shut down city services.
Jacksonville Beach city officials first reported Jan. 29 that a “cybersecurity event” had affected its digital infrastructure. The incident forced City Hall and most city facilities to shut down, with staff emails and online activities inoperative. The incident also initially affected the city’s accounting functions.
Within days, City Hall reopened. Most of its staff were able to handle online work, and Beaches Energy and the city’s pollution control and water plant became fully operational, an update statement said.
But as recently as last week, Duke noticed that a City Council meeting wasn’t live-streamed. “There really seems to be no documentation other than minutes of the meetings given out weeks later,” he wrote to Jacksonville Today.
And he wonders why the city hasn’t provided more information about what actually happened, or whether the situation has been resolved.
A: The city has never released an official cause of the cybersecurity event, only that IT teams and security specialists are doing a forensic investigation.
Asked what exactly happened, Mayor Christine Hoffman tells Jacksonville Today that the city is “providing updates when they are warranted and under the advice of the professionals who are working with us on this event.”
As for the City Council YouTube live stream, Hoffman confirms that it is not yet available, but all City Council meetings are recorded and later posted at jacksonvillebeach.org/555/City-Council-Audio-Recordings.
Jacksonville Today asked Iman Vakilinia, an assistant professor in the University of North Florida School of Computing, what a “cybersecurity incident” could refer to. In an email, he says it’s “any malicious activity or breach that compromises the confidentiality, integrity or availability of digital systems.”
“Cybersecurity incidents can happen through various means, including cyber attacks, human error, system vulnerabilities,” he says.
Vakilinia says recent news reports indicate that cyber attacks targeting government operations and hospitals have increased.
In early February, Hoffman provided the City Council with a memo saying that staff were working with police and cybersecurity specialists. But “due to the active investigation into this matter, I am limited in the details I can provide.”
“First and foremost, I want to emphasize that the safety and well-being of our community remain our top priority,” Hoffman said in the memo.
While the city encountered some challenges with its accounting functions, all pension and employee payroll is being processed, she said.
“Our IT teams and external cybersecurity specialists are conducting a thorough forensic investigation to understand the full scope of this event,” she wrote. “Concurrently, we are working diligently to safely and fully restore the technical environment, enhance our cybersecurity posture, and prevent future incidents.”
Jacksonville Today asked Vakilinia how long it could take a city government to get back to normal after a cybersecurity incident. He said recovery “can vary significantly depending on various factors, including the nature and severity of the incident, the effectiveness of the organization’s incident response plan, the extent of the damage or data loss, and the resources available for remediation.”
“In some cases, an organization may be able to resume normal operations relatively quickly, especially if the incident is promptly detected and contained and if backup systems are readily available to restore affected data and services,” Vakilinia said. “However, in more complex or severe incidents, the recovery process may take days, weeks, or even longer.”
Have a question you’d like the Jacksonville Today team to look into? Email news@jaxtoday.org with #AskJAXTDY in the subject line, and you might see your answer soon.