The malware / ransomware epidemic continues and it has been surprising to see courts unable to quickly recover from attacks. Philadelphia’s state courts were offline for weeks, causing lawyers to resort to paper-and-courier filing. Georgia’s state court servers were attacked and offline for about 2 weeks in July. What plans does your law library have to recover from this sort of attack?
Philadelphia’s outage ended July 1, Georgia’s on July 15. I am particularly curious about why Philadelphia has now banned Google Chrome use on the e-filing system. Georgia was much more transparent – both about the incident and the limits of their transparency- than Philadelphia.
Public libraries have been in the news almost weekly, as ransomware takes down their systems. Public libraries in Kentucky, New York, Pennsylvania, and South Carolina have all been recently hit, sometimes repeatedly.
This is likely to be an ongoing issue for libraries, including courthouse law libraries, depending on how closely affiliated they are with the local court system. Law firms and universities aren’t immune, but they may have greater input into their disaster recovery options. And it’s not limited to exploits – sometimes, as in England, the technology just doesn’t work properly. It’s a particular problem to the extent that a courthouse law library collection is weighted toward electronic resources.
While having a small print collection as a backup may be useful, it’s not an answer. There are fundamental changes in where lawyers are these days. Firms that have vacated the urban core – and the central court locations – are no closer to the courthouse than they were before. A law library will need to continue to respond to remote access, remote requests, regardless of the state of their systems.
One question I had immediately was the extent to which a courthouse law library can recover separately. It probably depends on the extent to which you keep data on public access and staff computers. If there is a risk that library devices will re-infect the network, they may be forced offline until everything is fixed.
If, for example, your public access terminals are secured against customization and have a standard software load, it’s not clear to me why you wouldn’t be able to either (a) reload the PCs with a clean load of software or (b) throw away the old drives and replace them with new ones, with a clean load of software.
What if you don’t have IT support? Windows 10 computers can be reset if you don’t need to keep any data. Google Chromebooks may be a good option for public terminals too and more resilient to attacks. A law library that is more internet-reliant may actually be in a better position to recover quickly than one that relies on installed software other than a web browser for research.
If you haven’t already, your law library might want to:
- use a tool like Macrium Reflect Free to make a copy (“image”) of one of your public terminals and one of your staff terminals. That may give you a quick starting point if you need to wipe your computers;
- review your data backup processes, to ensure you know where your data is and what you’re liable to lose in a ransomware attack. In particular, know whether you can recreate your catalog information and, if needed, partition records;
- consider whether you can supplement any court-provided (or mandated) backup with your own, offline external backup. By keeping the libraries content – which may be minimal beyond catalog data and digital collections- backed up separately and offline, it may be less susceptible to infection and attack;
- keep a copy of passwords somewhere other than on your primary devices.
Law firm and corporate librarians may wonder why a law library would want to try to have its own response to disaster recovery. The reality is that a courthouse library may not be important enough to get access to the costly business continuity tools that the rest of the organization utilizes.
Our library is one of those. Although we belong to an organization with 600+ staff and $100+ million budget, the Great Library is not a core business function. When the IT team spec’d out the disaster recovery, it excluded the library’s ILS and digital repository. This meant that, while the systems were backed up, the systems would go offline during a disaster. It was a primary factor for us to have our systems hosted by our ILS provider in the cloud.
One thing to consider is a redundant internet access pathway. While many corporations maintain 2 different internet connection paths – in case one is attacked or goes down – that’s less common in my experience in smaller organizations. We have a contract with our local wireless phone provider for a wireless hotspot.
It means that, when our IT team loses control of our internet access – it happens more than you’d think – we have an alternative. The hotspot – like this one from Verizon – can be brought up with a data connection. Your public PCs using wireless and your users on their own devices can get to the internet this way. It isn’t ideal but it’s an access enabler.
Cost of Recovery
You may or may not have money in your budget to respond to this sort of crisis. A replacement hard drive can run $50-60 so you may not be able to replace all drives. You may or may not have the technology skills to re-image your computers, and so need to hire a consultant.
One thing to consider is the extent to which staff could get their work done on public computers. If much of your data is stored in the cloud and your staff can use web apps, like the Microsoft Office apps or Google’s G Suite, you may have some additional flexibility. Your cost will go up as you need to worry about data and applications installed on your computers.
There is, of course, the cost of paying the ransomware. Since there is no guarantee payment will result in getting access to your data back, I’m not sure you should plan for this. If you approach ransomware as if it was a particularly fierce lightning strike that wipes everything out, you may have a better mindset for getting up and running again.
The reality is that courthouse libraries need to know how they respond if their courts are disabled by a malware attack. Lack of computer access is practically the same as lack to legal information in the modern courthouse law library. There are preventative steps that can be taken to ensure we’re prepared for the worst.