When Atlanta was hit by ransomware in March 2018, the city's interim CIO had only been in the seat for a month.
The cyberattack, reportedly the SamSam ransomware strain, took more than one-third of Atlanta's 424 software programs offline or partially offline. The first month of recovery cost almost $3 million.
The cyberattack made national and international headlines. "We were dealing with a very public event and that can be extremely demoralizing, and also can really affect the morale not only of your IT department but of your entire organization," said Gary Brantley, CIO of the City of Atlanta, while speaking at the Gartner IT Symposium/Xpo Americas Monday.
Brantley became Atlanta's CIO in October 2018 after serving as CIO for seven years in the DeKalb County Schools in Georgia. Inheriting a city, technologically and economically wounded by a cyberattack, Brantley returned to operational basics. He even leveraged the Super Bowl to repair Atlanta's reputation.
"I think as an organization, as an IT department, we are just very aware, we are very intentional," in collaboration and agile response to incidents, said Brantley.
Brantley used what was already available to him before investing in new solutions. "You will be surprised what you find when you dig into what you already have to see how valuable this will be for you."
Where to begin
When the ransomware attack hit, the city did not pay the more than $50,000 extortion. "That was something that was really advantageous for us as we started to move forward," said Brantley. Atlanta's Mayor Keisha Lance Bottoms wanted the city "to be better, I wanted it to be better, my team wanted it to be better."
As Brantley took on the role and dealt with the lingering side effects of the cyberattack, he sought an operating model that aligned with Atlanta's other services. "We really, really wanted to define an IT operating model with clear accountability, we wanted accountability across our entire IT department," he said.
Brantley oversees the Department of Atlanta Information Management (AIM), which includes the Office of Information Security, overseen by Atlanta's CISO and Office of Innovation, Strategy, & Applications, overseen by the CTO.
While Atlanta's AIM budget grew in real time in the months after the ransomware attack, for FY 2021, AIM's adopted budget is over $37 million, down about 7%, or $2.6 million from FY 2020, according to public records. The city's FY 2018 expenditure increased by 9%, from $39.8 million to $43.2 million in FY 2019.
FY 2021's budget for purchased or contracted services is $22.6 million, which supports Brantley's innovation and modernization, or what AIM calls "The Application Rationalization Project."
The rationalization project focused on:
- Communication and collaboration apps, including internal and external, reporting and business intelligence analytics, project management, and document management, data archives
- Workforce management and enablement apps, including productivity suites
- Request fulfillment apps, including case management, permits and licensing, asset management, and financial management
- Request intake/customer-facing apps, including interactive voice response
The project determines an application's fate. Each app within Atlanta's repertoire is color-coded based on:
- What needs investment
- What can retire
- What can be pulled out and eliminated
Office 365 and Omnivox within communication applications are color-coded as "tolerate," with "no major investments" required. AIM intends to migrate or update its CRM platforms within its customer information applications. And within billing and payment processing apps, AIM eliminated Acculynk. Other applications pending an elimination include MS Dynamics, Taleo, Power BI and Adobe Acrobat.
"What you see is redundancy across the City of Atlanta. And I'm not talking about redundancy in a good way," said Brantley. The color-coded graphic was made to show Atlanta residents the steps the government was taking to restore trust and technological savvy.
To achieve his goals, Brantley outlined the "555 concept:" What can be done in five days, five weeks and five months?
"You would be surprised at what you could do in that amount of time if your focus is intentional," he said.
After reaching the five-month mark, AIM outlined a year-long roadmap "that was extremely attainable," said Brantley.
By the time Brantley became Atlanta's CIO, the city was preparing to host Super Bowl LIII -- an opportunity Brantley saw to "show the entire world that the City of Atlanta has rebounded, we will not have this type of event happen when we have the entire world watching."
Hosting the Super Bowl is considered a Special Event Assessment Rating (SEAR) level one event by the Department of Homeland Security, which indicates national importance and requires "extensive federal interagency support."
"A SEAR 1 event is as high as it gets when it relates to security," said Brantley. The arena seated about 70,000 fans while the city hosted about half a million people to enjoy Super Bowl-related festivities. "We had to really make sure our security both physically and also technologically was really on point," Brantley said.
But the Super Bowl was really only a means to and end for Brantley's long-term initiatives. AIM used the game to improve Atlanta's partnerships within the region, "to create centralized information and workflow around security efforts," said Brantley.
"There were hundreds of organizations in a room both public and private, going through different scenarios, setting up and sharing one shared platform, which showed us that this is possible beyond just this big game," said Brantley.
The cross-sector collaboration feeds the advisory board Brantley established for Atlanta. "It was something that I felt the city needed," he said. "Don't be afraid to ask for help. We knew we couldn't do this alone."
The tenets Brantley applies to AIM, including culture, narrow focuses, charisma, controlling the narrative, are "the basics," he said. " If you don't know how to just simply throw a right hand and a left hand pass as it relates to sports, the same rules apply as it relates to organizations."
"Before you get too fancy, make sure that you're operating very at a very high level, just basically," said Brantley. Resisting the innovative emerging technologies isn't easy, but the basics supersede "the fancy" every time.
Want to receive the Cybersecurity Dive newsletter directly? Sign up here.