*1.2.1 The City of Atlanta*

Perhaps the most devastating known cyberattack in the United States against a government agency occurred against the city of Atlanta in March of 2018 [17, 18]. Atlanta was hit by a variation of ransomware called "SamSam" [19, 20]. The perpetrators of this attack are still at-large and unknown.

The city of Atlanta suffered major inconveniences as a result of the SamSam ransomware cyberattack. The security issues in the system had ironically been pointed out 2 months before the attack in January 2018 by the Atlanta City Auditor's Information Security Management System Pre-Certification Audit. The most crucial concerns noted in the audit report revolved around the disregard of establishing IT security control procedures [21]. The main issues listed included the lack of creating and maintaining Information Security Management System (ISMS) formal policies and procedures; lack of creating a comprehensive annual plan to aid in the meeting of security goals and compliance; and the lack of available staffing that "impact their ability to stay ahead of the security issues, such as migration of obsolete operating systems, patch management, and vulnerability management" ([21], p. 16). On March 22, 2018, the vulnerabilities were exploited by the SamSam ransomware, even though the city had been forewarned.

In June 2018, almost 3 months after the attack, it was reported that the city was still struggling to recover [22]. Over one-third of 424 software programs used by the city remain unusable or partly unusable. The ransomware attack took down crucial city systems that aid the city in managing police records, infrastructure maintenance requests, and revenue collection.

The ransom demanded by the SamSam hackers was a total of \$51,000 in Bitcoin. Atlanta reportedly did not pay the ransom, but the initial cost of restoring the city's computer network amounted to \$2.7 million dollars [23]. In a recent budgetary meeting, the interim CIO requested an increase of \$9.5 million dollars to the \$35 million already allocated to the IT department. The extra budget allocation would serve to continue the city's efforts of restoring the city's computer network [24]. Overall, the SamSam ransomware cyberattack had significant impacts on the City of Atlanta's computer network, showing local government agencies the importance in keeping their systems up-to-date.

### *1.2.2 California department of transportation*

One documented prominent instance of hacking in the study area caused an episode of public concern. In December 2015, an unknown person hacked into a California Department of Transportation (Caltrans) digital road sign in the City of Corona along the 15 freeway, a major arterial highway. The signal was hacked to display a political message endorsing the then-presidential candidate for office, current U.S. President Donald Trump. The sign displayed the message "The Inland Empire Supports Donald Trump, Merry Xmas". The hacker was able to gain physical access to the road signal, hack the system, and obtain the security passcode to change the road sign message.

In a local news segment regarding the event, an official for the Riverside County Transportation Commission, explained that this hacking incident, although seemingly benign, is very much a public nuisance because it interferes with relaying drivers with vital information about transportation construction projects and delays that could be occurring [25]. Furthermore, the hacking of public signs by vandals is both a distraction to drivers and unsettling to public confidence. While a seeming minor nuisance, this type of act can create dangerous or even life-threatening situations. For example, signs can be used to redirect traffic to hazardous areas. They can also be used as part of complex coordinated attack, where creating traffic jams will slow or block responding vehicles.

### *1.2.3 Orange County transportation authority*

In another incident in the study region, the Orange County Transportation Authority (OCTA) had a bout with ransomware in February 2016. The attack, carried *Intersection Management, Cybersecurity, and Local Government: ITS Applications, Critical… DOI: http://dx.doi.org/10.5772/intechopen.101815*

out by unknown hackers, affected around 88 of OCTA's 400 servers. The ransomware affected approximately 20 internal applications that controlled payroll, email, etc. Fortunately, transportation systems were not affected [26].

The hackers demanded \$8500 dollars, but OCTA chose to ignore the ransom demand and had internal staff and contractors bring the system back to normal. It took approximately two and a half days to restore the system servers. The total cost of the ransomware attack was around \$660,000—approximately \$330,000 went to internal labor costs and contractors, and \$218,000 was paid to Microsoft and another contractor to eliminate any remaining malicious code, and to help them devise a plan to prevent another attack [27].
