Traverse City commissioners voted unanimously Monday to update the city’s insurance policy – including expanded standalone coverage for cyber liability – and to approve specialized cyber legal services following a recent ransomware attack on the city and Grand Traverse County. Grand Traverse County commissioners will also vote Wednesday on changes to public safety software following the attack, with County Administrator Nate Alger estimating that approximately 30 percent of city and county services still remain impacted by the event.

According to a memo from City Manager Liz Vogel, the city has had a “cyber liability and data breach response insurance policy with relatively modest limits” for several years. In recent months, City Clerk Benjamin Marentette – who receives specialized training through the International Risk Management Institute to analyze city operations and recommend coverage that will insulate the city from risk – began exploring a standalone policy for cyber liability “given the current climate,” Vogel wrote. Marentette said he’d already begun researching that expanded coverage before the recent ransomware attack.

Commissioners approved a $403,762 insurance payment for the city for the next year, which represents a 5.9 percent increase over last year. The increase is “primarily due to updated property values,” according to Marentette, and follows a rate decrease last year. The city’s insurance policy covers a wide range of categories – from property to personal liability to automobile to sewer backups – and protects the city “from major and potentially catastrophic financial setbacks,” according to Marentette.

Commissioners Monday also approved a $79,792.50 payment for a five-year pollution liability policy and – new this time around – a special standalone cyber liability policy costing $26,753 for the year. That policy provides $2 million in aggregate coverage for cyber-related incidents. Marentette said he felt comfortable the policy was sufficient to protect the city from attacks like the one that occurred earlier this month.

Though modest in comparison to the new policy, the city’s existing cyber liability coverage will provide up to $50,000 for specialized legal services for the city to respond to that recent attack. Commissioners approved engaging a firm, McDonald Hopkins, to assist with that work. City Attorney Lauren Trible-Laucht said she doesn’t have expertise in cyber liability, noting the city has never dealt with cyber attacks previously. Staff said they didn’t anticipate approaching anywhere near the $50,000 cap with McDonald Hopkins. However, “in the very likely event that we have any data breach notification obligations, the firm will assist us with that work, and also provides other important related services,” according to Trible-Laucht.

According to Alger, some city and county services continue to be impacted two weeks after the June 12 attack. Grand Traverse County, which manages IT for both the county and city, shut down its network early that day after a software application used by Grand Traverse County 911/Central Dispatch stopped working correctly. After employees contacted IT for assistance, a tech support evaluation identified a “potential threat,” which was later confirmed to be a ransomware attack. Such attacks occur when outside actors use malicious software to deny access to systems or data, often threatening to delete or leak data if a ransom is not paid.

Alger says the identity of the attacker is unknown, though the individual(s) used a ransomware handle called BlackSuit, which has been linked to other attacks including one on software provider CDK Global that impacted car dealerships across the country this past week. Alger says the county has not paid a ransom and is still working with authorities to determine the extent of the attack. “I think the damage has been limited, but each day we learn something new,” he says. “We’re trying to understand what it means and how it occurred. I still have a level of optimism we’ll get back to 100 percent soon and can hopefully identify if any data has been compromised.”

Alger estimates that county and services are currently back up to 70 percent operational. The county was able to get its OnBase system back up and running, which was a “major win” since the courts and many other departments rely on it for hearings, data collection, and more, Alger says. Some phone and voicemail systems continue to be impacted, and city and county online payments related to water and sewer, tax payments, and BS&A integrated payments are down as a precautionary measure by the third-party processor that handles those payments. No late fees or penalties are being assessed during this period.

County commissioners will vote Wednesday on a recommendation from IT, administration, and 911/Central Dispatch to migrate the county’s public safety software to a cloud-hosted solution. Emergency responders have been using a workaround in place of the computer-aided dispatch (CAD) system they normally use since the attack, but Alger says it’s important to restore that system if possible before the National Cherry Festival. “(The workaround) is not what those in the field are used to...all emergency responders rely on (CAD) to more effectively do their jobs,” he says.

The county and provider Tyler Technologies are working together to migrate the public safety software from on-premises – which means the software runs on the county’s own hardware infrastructure and is hosted on-site – to the cloud, where it’s stored off-site on the provider’s servers and accessed through the Internet. The cloud approach “could start to have public safety software pieces back online within five days,” according to a memo from 911/Central Dispatch Director Jason Torrey.

Alger says the change will result in an annual cost increase of $115,000. Central Dispatch’s 911 surcharge revenue “could be considered to offset some, if not all” of the cost increase “without significantly impacting long-term needs of operation or capital improvement goals,” according to Torrey’s memo. If commissioners approve the proposal Wednesday, Alger says the goal is get the system back up and running as soon as possible, with the National Cherry Festival set to begin Saturday.