Maryland MVA regroups after MSBlaster attack
- By Trudy Walsh
- Aug 22, 2003
Maryland's Motor Vehicle Administration is beginning an in-depth review in the wake of the MSBlaster worm that shut down its systems this month.
'We're asking ourselves hard questions about what we can do to prevent a similar situation in the future,' said Jack Cahalan, spokesman for the Maryland Transportation Department.
The administration is 'checking to see if all procedures were followed as they should have been,' MVA spokeswoman Cheron Wicker added.
On the morning of Aug. 12, MVA computers began running slowly. Diagnostics identified the MSBlaster worm as the culprit. Although the worm affects only newer Microsoft Windows operating systems, MVA decided to take all its systems offline to prevent further spread, Cahalan said.
The so-called MVA vault'a secure mainframe storing driver's license names and addresses and other sensitive information'was not compromised in the attack because it does not run Windows.Spread the word
MVA powered down all 1,700 of its client PCs at customer-service counters, and within 20 minutes of the decision all offices were closed, Cahalan said.
An outreach campaign began on radio, television and the Web to get the word out.
MVA.state.md.us warned, 'No transactions of any kind, including online, telephone and kiosk, are available today.' MVA handles about 54,000 transactions a day.
An IT SWAT team of 31 analysts worked through the night to install a Microsoft Corp. software fix on the customer-service PCs.
The offices reopened about an hour late Wednesday morning, mostly because 'everybody logged on at once, so that slowed the system down a bit,' Wicker said.
By the following day, things were back to business as usual.
Trudy Walsh is a senior writer for GCN.