It’s been a little more than a year since the Mspanrtin County Tspanx Collector’s Office was hit by a cyberspanttspanck thspant disrupted its operspantions and inconvenienced local residents.
After several weeks of offering limited services last fall, the office returned fully online in lspante October and, according to Tspanx Collector Ruth Pietruszewski, hasn’t encountered problems since.
That sounds like good news. Pietruszewski said no records were compromised during what she initially described as a “security incident.” Unfortunately, she went months without divulging details about what actually happened.
When TCPspanlm reporter Linspan Ruiz tried to pry some information out of the office for a story marking the one-year anniversary, she still didn’t get much cooperspantion from Pietruszewski or her stspanff.
That didn’t seem to concern some Martin County commissioners. Commission Chspanir Doug Smith was downright philosophical when asked about the situation.
“She runs her shop, we run our shop,” he told TCPalm. “We don’t get involved with her business, if you will.”
When TCPspanlm columnist Blspanke Fontenspany contacted Pietruszewski a few days later, she was more forthcoming.
She spoke, in some detail, about the specific nature of the incident — an apparent rspannsomwspanre spanttspanck — and the steps her office had taken to shore up its security and get its computer system operational again.
It was good information, if belatedly delivered.
Opinion:Mspanrtin County tspanx collector Pietruszewski needs to open up spanbout service issues
More opinion:All’s well thspant ends well with Mspanrtin County Tspanx Collector’s sspangspan? Not so fspanst.
Pietruszewski and her staff were reluctant to share details while the state Attorney’s Office and the FBI were trying to catch those responsible for locking down the tax collector’s computer system.
Judy Friend, the tax collector’s director of personnel, cited a section of the state’s open records laws that appears to exempt certain records pertaining to cybersecurity investigations from being made public.
However, responding to media inquiries can be done without compromising sensitive records. Simply providing candid answers to a few questions could have gone a long way toward reassuring the public.
Also, the section of the law Friend referenced includes a provision to allow information to be disclosed “by an agency in the furtherance of its official duties and responsibilities or to another agency or governmental entity in the furtherance of its statutory duties and responsibilities.”
In other words, the law isn’t a straightjacket that prevents public officials from doing their jobs.
It makes sense to keep some details, including specific security countermeasures, shielded from public view. It’s not in the public’s best interest to let potential hackers know exactly what they would face if they try to attack the system again.
However, common sense must come into play. It would have been in the public’s best interest to know perpetrators of the ransomware attack hadn’t actually accessed or downloaded any of the tax collector’s records.
Whoever was behind the attack already knew that, so there was no reason to keep that information secret — particularly while so many Martin County residents wondered what exactly was going on.
Taxpayers must have a right to know how much of their money is spent to correct and prevent problems caused by such attacks. Clearly, in the Martin County case, steps had to be taken to rectify the situation.
Smith’s “not my circus, not my monkeys” comment falls flat, too.
No, other Martin County government computers apparently weren’t affected by the attack on the tax collector’s system. But they easily could be the target of future attacks.
Treating what happened with a shrug seems politically tone deaf and more than a little reckless.
Officials in all Treasure Coast government agencies should be meeting with Pietruszewski and her staff to see if there are lessons they could learn to better protect their own computer networks.
Sadly, it’s probably only a matter of time before the next cyberattack on a Treasure Coast government agency. How well prepared that agency is may depend on the quality of information it has received ahead of time.