LOCAL

Safer? BWL loses 13 IT employees after cyberattack

Eric Lacy
Lansing State Journal
The Board of Water & Light has lost 14 IT and emergency management employees since an April 2016 cyberattack on its internal network. The city-owned utility paid a $25K ransom to get access back.

LANSING - Over a year after a cyberattack temporarily disabled the Board of Water & Light's internal network and required it to pay a $25,000 ransom with untraceable currency, the city-owned utility remains in transition. 

In about 13 months, the BWL has parted ways with 13 information technology employees and Trent Atkins, its emergency management director.  

Dick Peffley, the BWL's general manager, confirmed this week in a statement the 14 employees all left after an April 25, 2016, cyberattack of the utility's internal network and communications system. Officials said the attack didn't compromise any customer or employee data. 

More:

Cyberattack a $2M 'wake-up call' to Ingham County

BWL cyberattack: 20 questions

Cyber investigation has 'a lot going on' behind scenes, official says

Todd Bertolozzi an IT analyst who confirmed Wednesday he left about eight months after the cyberattack, said BWL ratepayers should be concerned about the utility's security because of the staffing losses.

 “People can ask themselves a simple question," said Bertolozzi, a 43-year-old Lansing resident. "Do people think this company is working like a well-oiled machine right now?" 

Three IT employees left BWL last year after the attack. Atkins resigned May 1. 

Trent Atkins, BWL's now former emergency management director, held up last November a copy of the utility's "red book" that includes what-to-do guides to a variety of emergency situations. Dick Peffley, general manager, and Heather Shawa-DeCook, chief financial officer, supported creation of the guide.

Peffley confirmed that 10 additional IT employees left after the attack. He said none were asked to resign and none received severance packages. Asked about all 14 who have left, Peffley said "several" positions in the IT/emergency management-related fields have been filled.

Peffley added BWL is currently in the process of hiring five people. 

"This is out of a group of over 50 employees," Peffley said of the departures. "We are routinely monitoring workloads, as we do in every department here at the BWL, and if we need to bring in contract labor, we do. We have no issue keeping up with our demand." 

Atkins told the LSJ this month he decided to leave BWL because he has offers to do consulting work and wants to spend more time with his family. Those were the reasons given his resignation letter, which the LSJ obtained in a Freedom of Information Act request, states that. The LSJ's request for records of severance or separation agreements for Atkins and a copy of his contract with the utility were denied by BWL because "the same does not exist." 

Last fall, documents obtained by the LSJ in a FOIA request showed former IT employees Greg Hess, Quentin McCallum and Tom Davis also left BWL after the cyberattack. Hess received $15,000 upon departure and McCallum got $7,500. Davis received a payment for earnings and unused benefits.

Bertolozzi, the former IT analyst, said he hopes BWL did exit interviews and learns from them to determine how its culture can be improved.

“Every time you lose somebody, especially in IT, there’s a little bit of chaos for three to six months – at least," Bertolozzi said. “When 14 people resign from any department, something is going on that’s not normal." 

Attempts to reach most of the former BWL IT employees were unsuccessful.  

Peffley said BWL has a "change management team" and will continue to put the utility in the best position possible to defend itself from cyberattacks. 

"While the number of cyberattacks globally has recently grown, no one can make a guarantee we won't be attacked again," Peffley said. "However, the BWL has devoted resources to security, restoration and resilience measures to minimize the odds of an attack, and to help us recover after in the event we are hit." 

The LSJ reported in 2014 that Atkins' emergency operations manager job had a $130,000-a-year salary. 

During a November 2016 interview at BWL headquarters about the cyberattack, Atkins said that even though the utility was "hacked," its emergency management system, IT operations and cybersecurity preparations "worked."

BWL Officials said the cyberattack shut down its accounting and email systems after an employee unknowingly opened an email with an infected attachment at about 5 a.m. April 25, 2016. The attack also forced BWL to shut down phone lines, including a customer service line often used for account inquiries. It took about a week for the utility to recover from the disruption.

The LSJ learned through a FOIA request that the cyberattack cost BWL about $2 million. Peffley said this month it appears BWL's cyberattack recovery expenses, including the $25,000 ransom paid to the attackers, will be covered by insurance.

Eric Lacy is a reporter for the Lansing State Journal. Contact him at 517-377-1206 or elacy@lsj.com.