The U.S. Conference of Mayors has spoken, and the talk is tough: we won't pay the ransom.
During its recent annual meeting, conference attendees passed a resolution urging cities to refuse to pay hackers in the event of a ransomware attack.
"At least 170 county, city, or state government systems have experienced a ransomware attack since 2013," according to the resolution.
And 22 of those have occurred in 2019 alone.
[RELATED: Florida, the Ransomware State?]
Baltimore Mayor Jack Young announced the resolution:
"I am proud to unify with the U.S. Conference of Mayors to stand up against these types of attacks and show people that they will not take control of our cities. Paying ransoms only gives incentive for more people to engage in this type of illegal behavior."
Baltimore experienced its own cyberattack in May, when a strain of "RobbinHood" ransomware disabled its computer system.
Beyond ransomware: another conference resolution about cybersecurity
But the Conference of Mayors tackled more than ransomware in its resolutions this year.
They also passed a lesser-known resolution on data security and cyber resiliency:
WHEREAS, fault-tolerant solutions at the edge and edge aggregation points provide for less cyber risk by enabling a system to continue its intended operation without failing completely, resilient and redundant networks that continue to transmit data despite the failure of some links or nodes, and preserve connectivity with the least latency for data processing and storage close to the edge sensor source,
NOW, THEREFORE, BE IT RESOLVED, that The United States Conference of Mayors urges the Administration and the U.S. Congress to encourage fault-tolerant technology solutions critically necessary for resilience, redundancy, and reliability of data systems; protecting public and private data with the highest possible standards to ensure data centers and edge computing facilities function for continuity of services and network operations; and
BE IT FURTHER RESOLVED, that federal government contracting of data storage with any private data center should only contract with entities that use fault-tolerant solutions and follow the standards set by the National Institute of Standards and Technology (NIST), and Federal Acts, FITARA and FDCCI adopted in 2014 that ensure physical protection, redundancy, sustainability, and resiliency of the power supply.
We'll take this as proof that cyber risk and related issues continue to move into the mainstream.
You can check out the full list of resolutions from the U.S. Conference of Mayors here.