Washington, D.C., revived its Homeland Security Commission in 2018 with a new study and recommendations for cybersecurity preparedness. Records show the draft of that report was finished a year ago, but it's never been made public.
The D.C. government created the Homeland Security Commission in 2006 to pull together top experts from around the capital region to offer recommendations to make the District safer, but the News4 I-Team found the commission only produced two “annual” reports, the most recent of which was in 2015.
In 2018, D.C. Homeland Security and Emergency Management Director Chris Rodriguez told the News4 I-Team he was eager to read a new cybersecurity report.
"What we really want to do in cybersecurity is raise the barriers to entry for malicious cyber actors," he said.
He said the District learned from cyberattacks on big cities across the country. Most were focused on financial gain, but state-sponsored cyberattacks can also be a weapon of war, affecting utilities and infrastructure.
"In the federal government where I came from, so many institutions have been stood up to address this,” David Heyman told the I-Team after taking the helm of the Homeland Security Commission in 2018. “That's not the same at the municipal level."
That's one of the things Heyman said he wanted to improve. The commission began holding regular meetings and vowed to publish that new report — with specific cybersecurity recommendations — later that year.
Almost two years later, that report still isn't public.
The I-Team obtained emails showing the D.C. auditor asked about the report in November 2018 and February 2019 and was told "it was in final review stages" and should be "finalized within the next month or so."
Homeland Security Commission minutes from last April show it was discussed in "closed session" and "awaiting final approval."
So far, there's been no explanation for the delay.
In a statement, city leaders said they've received "confidential briefings" on the report and the District has "appropriately considered and acted upon its recommendations."
But the District has not said who received and reviewed the report or what changes they made.
The statement says, "D.C. government remains laser-focused on detecting and defending against cybersecurity threats."
Cybersecurity experts say hackers target local governments daily — even hourly — which leaves many scrambling to respond and protect sensitive information.
Hackers hijacked 123 of Washington, D.C.'s police surveillance cameras just days before the 2017 inauguration.
In April 2017, Dallas residents lost sleep over a hack that made 156 emergency sirens repeatedly wail in the middle of the night.
And in March 2018, hackers hit Baltimore's automated 911 system knocking it offline for 17 hours.
