The CDK Hack: A Wake-Up Call for Public Sector Fleets

In 2023, 100 cases of private data exposure were reported, up from 74 in 2022. According to a 2022 Nationwide Cybersecurity Review by the Center for Internet Security (CIS), cyberattacks on state and local governments increased from 2022 to 2023, with malware attacks increasing by 148%, ransomware incidents increasing by 51%, and non-malware cyberattacks increasing by 37%. 

This week, CDK Global, a provider of integrated technology solutions for the automotive retail industry, faced a significant cyberattack.

What Happened with CDK Global?

The CDK Global breach compromised sensitive data and disrupted services, affecting numerous dealerships that rely on CDK's software for their day-to-day operations. CDK software is used by nearly 15,000 auto dealers in the US. A CDK spokesperson told CBS News they have shut down most of their systems while working to get everything back up and running.

Lessons from Another Recent Cyber Attack

The city of Wichita, Kansas, recently experienced a similar ordeal. On May 5, the city disclosed that it made the decision to take its computer systems offline to stop the spread of malware that locks access to computer files. 

LockBit, a notorious ransomware group, was accused of the ransomware attack. The U.S. Justice Department has unsealed charges against a Russian national linked to LockBit, highlighting the group's extensive reach and impact.

During the attack, Wichita's fleet management went back to pen and paper for all duties. Email and city phones were down for two weeks, and the parts inventory system couldn't be managed digitally. Although no data was lost, the disruption underscored the need for robust backup plans.

However, the fuel system was not compromised and fuel infrastructure of 21 sites continued to function as normal. Fleet Superintendent Megan Stuart stated they had contacted every vendor personally to communicate their challenges with invoice payment. The fleet was able to continue paying for most goods and services using purchasing cards. 

After three weeks of being unable to make payments for purchases above a maximum threshold of $5,000, the Finance Department assisted in prioritizing payments by vendor and payment terms, which were then processed with manual checks. ACH processing returned shortly after allowing them to catch up with all vendor payments by mid-June.

It took nearly two weeks for staff to get caught up in entering work orders and completing parts transactions on work orders. 

“While staff made an excellent effort to document all parts requested and consumed during the cyberattack, our storeroom is performing daily spot checks to ensure inventory levels are accurate,” Stuart explained. “A full cycle count has not been identified as being necessary at this point.”

 With the exception of some detailed work order information that was not maintained during the pen and paper phase, no data was lost. 

Stuart noted that catching up with PMs due has been difficult as they have had an influx of vehicles due for service as they were unable to notify customers during that time. We have relied more on outside vendors as of recently to help get caught up.

The cyberattack also delayed the bid process and city council approval required for vehicle replacements. An estimated four to six weeks have been added to the procurement process with recent purchases.

According to Stuart, they were initially told that a cyberattack of this type could potentially down systems for 4-6 months, which would have had a major impact on operations and derailed the long-coming implementation plan of a new work order system. 

“While still challenging at times, we are very fortunate to have only been affected by the cyberattack for less than six weeks,” Stuart stated. “I think this is in part due to the quick and firm handling by our city’s leadership and IT department, as well as the resilient front-line staff who maintained daily operations without any major service interruption.”

In response to the COVID pandemic, the public works and utilities department had already started working on documenting emergency response over the last few years. Because of this, they had already created a continuity plan that identified key systems, and how operations would be impacted and mitigated if those systems were down. 

“I would highly recommend a continuity plan to ensure the organization is prepared to respond to and recover from an unexpected emergency or crisis,” Stuart noted. “It’s also equally important to revisit your continuity plans often to make updates to ensure it is reliable when absolutely needed. It is also advantageous for fleet ,anagers to work with IT staff closely to understand how our systems are stored, protected, and backed up, and how they would be impacted in different scenarios. Since technology is fundamental to fleet management, it should be a goal for managers to create those partnerships with IT in order to ensure your data is protected.”

Why Should Public Sector Fleets Be Concerned?

While the CDK hack shut down dealerships, a similar attack could cause major disruptions for public sector fleets. And relying solely on digital systems without contingencies can of course lead to operational disruptions during a cyberattack.

During a recent GFX presentation, Bob Stanton emphasized this point, noting that cybersecurity threats impact not just fleets but also OEMs and other critical sectors.

"If your organization is hit with a cyber issue, it's not just going to be the fleet affected; it will impact everything from election data to citizen records. You will be one of the many affected."

Because of this, it's essential to have a plan if and when technology fails or becomes inaccessible due to a cyber issue. Whether it involves using paperwork orders or Excel spreadsheets, having a predefined backup plan is necessary for maintaining operations when systems go down.

Here are some steps fleets can take:

• Regular Data Backups: Ensure that data is backed up regularly and stored securely to allow for quick restoration in the event of a breach.
• Cybersecurity Training: To reduce the risk of accidents that could lead to breaches, train staff on the latest cybersecurity threats and provide best practices to avoid compromising data.
• Redundant Systems: Implement redundant systems for critical operations so that services can continue uninterrupted during an attack.
• Incident Response Plans: Develop and regularly update incident response plans that outline steps to take during and after an attack.
• Invest in Cybersecurity: Continuously invest in cybersecurity measures, including firewalls, antivirus software, and regular security audits.

At the end of the day it's up to you to understand and provide info on the security needs needs of the fleet operation. We'd all like to think, "That will never happen to me," but the sad reality is that threats can and do happen to anyone at any time. Be smart out there.