After Cyberattack, Transportation Organization Recovers Using Cloud-Based GIS

To protect data and systems from cyberattacks, organizations need to be in a position to quickly identify their IT vulnerabilities.

According to a 2020 Cybersecurity Ventures report, the costs associated with cybercrimes are estimated to grow globally by 15 percent year over year for the next five years. The report calculates cybercrime costs to include “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, postattack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”

When the City of Durham, North Carolina, suffered a cyberattack in March 2020, it lost all access to its servers, resulting in major data loss. One of the departments affected by the cyberattack was the Durham-Chapel Hill-Carrboro Metropolitan Planning Organization (DCHC MPO), which manages regional transportation planning for the western area of North Carolina’s Research Triangle.

With the cyberattack came the loss of DCHC MPO’s Electronic Transportation Improvement Program (eTIP), a map-based app that allows staff to search projects and identify where planned improvements are to be located. In addition, the organization lost access to all its enterprise GIS data, including municipal data layers and data for the City and County of Durham, Chatham County, Orange County, and the North Carolina Department of Transportation.

These crippling casualties left DCHC MPO in search of a solution that would not only retrieve what was lost but also put in place a plan, processes, and support to ensure that this would never happen again. Moving its data to the cloud instead of maintaining an on-premises server environment seemed to be the best solution.

A screen that shows the backup status for a virtual machine
Microsoft Azure’s Recovery Services stores snapshots of virtual machines, enabling instant system recovery in the event of a disaster.

DCHC MPO teamed up with Esri partner GeoDecisions to regain access to its server data; increase security; and build more efficiency by leveraging technology that includes ArcGIS Enterprise, ArcGIS Pro, ArcGIS Online, and Microsoft Azure. The GeoDecisions team decided to tackle the project in a phased approach that included procuring cloud services, setting up the cloud environment, migrating eTIP and GIS data, conducting trainings, and doing system maintenance.

The Road to Recovery

Jumping into action, the GeoDecisions team moved DCHC MPO’s GIS databases and eTIP app to the Microsoft Azure cloud computing service. During this phase, the team developed the work plan, provided project management and oversight, and met with DCHC MPO staff members and key stakeholders to discuss recommendations for cloud migration.

To move to Azure, the team needed to identify what data would move, how much RAM and bandwidth would be needed, and whether it should be a single- or multiserver configuration. One challenge that arose during this assessment was that almost 400 feature services would need to be moved while keeping the RAM costs within DCHC MPO’s budget. The organization decided to publish existing feature services using ArcGIS Pro, which can reduce RAM consumption by taking advantage of shared instances that pool central processing unit (CPU) resources for lightly used feature services. This ended up reducing DCHC MPO’s RAM consumption needs by at least 60 percent.

Setting up the cloud environment involved consolidating servers to create a single, Windows-based virtual machine (VM) that would act as a production application and database server for the eTIP app. This VM contains all the software required to run and maintain eTIP and its supporting functions. In addition, the VM hosts the GIS databases and provides the storage and networking resources the system needs.

GeoDecisions implemented system security measures as well, which included restricting remote desktop access to specific employees’ IP addresses and updating administrators’ user names and passwords. The team also put into place DCHC MPO’s full system backup strategy, which involved using Azure’s Recovery Services vault to store snapshots of the VMs. This enables instant recovery of the system in the event of a disaster.

Finally, to migrate and configure DCHC MPO’s apps, the team installed and configured the prerequisite software packages needed for eTIP, including Internet Information Services (IIS) for Windows Server, SQL Server, and ArcGIS Server. Once all the software was installed and operative, the team began migrating the eTIP app database and additional GIS databases.

ArcGIS Online Returns

To deal with DCHC MPO’s 400 feature services, the GeoDecisions team created a script to automate the publication of each feature service to the new ArcGIS Enterprise instance. This typically tedious and manual task was completed via background processing over the course of a couple afternoons.

When the feature services were republished, they maintained their nomenclature and link structure, so no additional configuration was required to remap existing ArcGIS Online apps or various links within DCHC MPO’s GIS web presence.

With the new server structure and ArcGIS Online up and running, Casey Chae, client manager at DCHC MPO, was pleased with the outcome.

“It gave us increased security and a renewed confidence in our disaster recovery,” said Chae. “We are now able to be more proactive than reactive in our efforts to manage and protect our data.”

System Maintenance, Visualization, and Ongoing Support

In addition to assisting DCHC MPO in recovering from its cyberattack, GeoDecisions now provides maintenance of the eTIP app and the server it runs on. This includes doing Windows updates, executing minor software patches, and performing virus definition updates. The project team developed a set of test plans for the app as well to ensure that it is functioning as expected.

A screen that shows key metrics, such as average CPU and total disk bytes, in graphs
Dashboards let stakeholders monitor critical metrics so that they can quickly respond to issues such as high RAM and CPU usage or low disk space.

The owners of the eTIP app can visualize system health and costs via a portal view provided by the Azure environment. And configurable dashboards allow for more proactive monitoring of critical metrics, meaning that DCHC MPO would immediately notice and be able to respond to issues such as high RAM and CPU usage, low disk space, or a failed backup.

Throughout the project, the GeoDecisions team created system documentation to ensure that DCHC MPO stakeholders can perform any necessary tasks themselves if need be. GeoDecisions recommended that DCHC MPO implement a backup and recovery process, too, which the two organizations worked together to develop.

A Successful Outcome

After nearly nine months of not having access to its GIS data and eTIP app, DCHC MPO is up and running again, continuing to do its important work addressing the transportation needs of the communities it serves.

The migration to Azure provided DCHC MPO with greater security and maintenance capabilities for its data and apps. And the integration with ArcGIS Pro allowed the organization to conserve its valuable RAM budget, reducing consumption needs by 60 percent.

With the move to a more secure environment, proactive monitoring, and an improved backup and recovery process, DCHC MPO’s GIS data is now more secure and flexible than ever.

For more information, contact GeoDecisions GIS architect Chuck Harris at 804-767-1870, or visit the GeoDecisions website.

About the authors

Sean Burke

Sean Burke is a GIS architect at GeoDecisions and has a background in GIS database administration. He specializes in data integration and creating SQL and Python extract, transform, and load (ETL) procedures for app development.

Chuck Harris

Chuck Harris is a GIS architect at GeoDecisions. He has more than 25 years of experience in the industry and specializes in providing ongoing support and maintenance for ArcGIS Enterprise, enterprise geodatabases, and related systems.