Philly courts refuse to name security firm hired to fix infected systems

City Council is calling for hearings on the city’s tech safety.

CJC

Bastiaan Slabbers for WHYY

In a move experts call highly unusual, Philadelphia officials are refusing to name the cybersecurity firm the city has contracted to help clean up the court system’s shuttered websites.

It’s now been over three weeks since a virus infected an unknown number of computers in the First Judicial District, causing a blackout for the court’s critical online e-filing and docketing services. Officials have cited security concerns as a reason to withhold details about both the virus and the remediation efforts.

But declining to name a publicly funded contractor has raised eyebrows. So far, the court has described the unnamed vendor as a firm “specializing in cyber security to assist in getting impacted operations restored safely.”

Courts spokesperson Marty O’Rourke has declined repeated requests for the name of the vendor — as well as the amount the city is paying for these services.

“Cyber security experts have advised the Courts that disclosing the information you requested could jeopardize the remediation process,” O’Rourke told Billy Penn.

Some steps have been taken to improve communications. Last week, court officials’ email accounts were restored on remote workstations. The rest of the system remains offline. For how much longer is still unclear.

Pablo Molina, a cybersecurity policy expert and the chief information security officer at Drexel University, said it’s not unusual for agencies to withhold details about cyber attacks, especially if law enforcement is involved. (It’s unclear if that’s the case with the Philly courts.)

In both the public and private sector, Molina said, companies facing a systems breach will often bring in “big guns” to assist in-house technology departments fix emergency snafus. But he’s never seen a case where government doesn’t disclose even bare details about the firm contracted.

“There’s no reason to hide this,” Molina said. “It’s highly unusual.”

Other cybersecurity experts, who were not authorized to speak on the record, echoed Molina’s concern.

It remains unclear if the city’s insurance will foot the cost of these services, or what it might cost taxpayers. O’Rourke declined further questions.

Meanwhile, court proceedings are moving forward as scheduled despite the downed systems — and the concerns of attorneys about the court’s improvised step back to a paper filing system.

Last week, City Councilmember Brian O’Neill called for hearings to examine whether or not the city is prepared for “cyber-attacks and network outages that other cities and governments have recently experienced.”

Mayor Kenney’s administration told the Inquirer last month that the attack was not ransomware. Nor has the attack been linked to recent breaches of U.S. cities like Baltimore and Atlanta in recent months, both of which resulted in multi-million dollar recovery efforts.

However, officials have not spoken since about the type of virus or its source. They have confirmed only that May 21 shutdown was “a precaution” after a virus was found on “a limited number of computers.”

So the full extent of the damage still remains unclear.

“They said they found malware in a few computers,” said Molina, the Drexel security expert, “but we really don’t know if that’s just a few, or 50 percent of the systems of 75 percent of the systems.”