Huber Heights to fill IT director role vacated just days before November cyber attack

Huber Heights City Manager Rick Dzik. FILE

Huber Heights City Manager Rick Dzik. FILE

The city of Huber Heights is set to hire a new IT director this week, filling a position that was left vacant for four months following the resignation of the previous department head, who left his post just days before the city experienced a debilitating ransomware attack.

According to a public records request, the city received a total of 110 applications for the IT director position. Eight applicants were ultimately interviewed, leaving three finalists.

The Monday, March 11, meeting agenda includes a resolution to appoint Dave Warren to the position. Warren currently serves as the IT director for LaGrange County in northern Indiana and will be relocating to the area, according to application documents.

The former IT director resigned just nine days before the Nov. 12 cyber attack that took down multiple city of Huber Heights government systems and functions, resulting in weeks of recovery efforts and a rebuild of the city’s cyber network.

In total, the city allocated $800,000 to go toward the immediate response and long term upgrades.

Despite the timing, City Manager Rick Dzik said there’s no correlation between the IT director’s resignation and the cyber attack.

“While it is an unusual coincidence, there is nothing to indicate that the cyber attack occurred because the city was lacking an IT director at the time,” Dzik said via email this week. “Every indication from the investigation is that the cyber attack was the result of a threat actor group attempting to infiltrate whatever network was available to them.”

Following the cyber attack and up until the point when a new IT department head is in place and up to speed, Dzik said the city has been working with a cyber security firm, which provided an interim IT director.

Day-to-day responsibilities of the IT director, Dzik said, include managing department staff and technicians; developing policies, trainings, and procedures related to IT for all city departments; developing plans for future IT needs; and ensuring the city’s technological assets are up-to-date, secure, and functional.

In the time since the November attack, Dzik said the city has learned the importance of having proper cybersecurity prevention strategies, as well as the necessity of regular maintenance and upgrade of networking devices.

Part of the vulnerability of the city’s previous cyber network, he pointed out, was a lack of adequate segmentation of its various parts. This division technique can provide additional security and control against malicious actors.

“Moving forward, the city will have a segmented network that allows us to quarantine any future attacks before they affect the entire city,” Dzik said, adding that 24/7 cybersecurity monitoring will also be part of the cyber defense arsenal. “I can say confidently that the investment made by city council late last year has ensured that we are taking every possible step to avoid a similar situation in the future.”

About the Author