Kansas City Employees Disguise Cyber Attack as Computer Outage

A Suspicious Incident

In early May, the city of Kansas City, Missouri, encountered a significant IT disruption that left various city services in disarray. While city officials publicly labeled the occurrence as a mere computer outage, internal emails suggest that employees privately referred to it as a cyber attack.

Emails Reveal Internal Confusion

An extensive records request initiated by local media revealed personal communications among city staff concerning the incident. Emails collected demonstrate that employees were cautious about how to communicate the situation to the public. Throughout the week following the incident’s onset, city workers described the scenario using terms like “hacking attack,” “IT breach,” and “security incident.”

Early Communication

The initial email from Yolanda McKinzy, the city’s general services director, was sent on May 4, detailing that internet and VPN services would be unavailable. Shortly after, Tracey Roland, the IT manager, echoed these sentiments, raising concerns about the unknown causes behind the disruption.

Official Messaging vs. Reality

While internal discussions were rife with references to ransomware and compromised networks, a directive emerged emphasizing the official narrative. Employees were reminded to use specific language communicated by City Manager Brian Platt that reinforced the idea of a temporary shutdown for safety reasons, rather than a cyber attack.

Impact on City Operations

The fallout from the incident was significant. Numerous city services, including online bill payments and building permit applications, were halted. The Kansas City Municipal Court experienced closures, causing delays in hearings and trials. It took about two weeks for services to fully restore.

City’s Response and Investigations

During a news event on May 15, Mayor Quinton Lucas characterized the situation as involving “suspicious activity” within the IT network but stopped short of labeling it as a cyberattack. The mayor also mentioned that multiple law enforcement agencies, including the FBI, were involved in the investigation, raising questions about potential data compromises.

Transparency Concerns

As inquiries continued, there was no clear disclosure about what initiated the incident. This absence of transparency stirred frustrations among citizens and raised critical questions about the city’s cybersecurity protocols. Efforts to acquire documentation revealing the city’s crisis plans were denied, citing state statutes that protect governmental operations.

Conclusion

The episode serves as a cautionary tale about the importance of clear communication during a cybersecurity crisis. While Kansas City officials maintained a public-facing narrative, the reality of employees’ concerns indicates a deeper urgency for enhanced cyber defenses and transparent engagement with the public during such events.