Was $120k Sylint Investigation Worth It?

A long-delayed final report on the yearlong investigation into Sarasota's security flaws in its Information Technology that resulted in firings and resignations is due this month. But was it worth it? 

At a tune of about $120,000, was it still worth it?

Figures released by the city on Jan. 31, showed that so far, cyber forensic firm Sylint Group has been paid $120,887 for two contracts, one being an initial forensic imaging and review and the second, the extended scope and investigation that took nearly all of 2012 to complete. The work remains within budget so far.

Here is the break-down showing the purchase order amount and the amount spent to date:

Vendor

Brief Description of Services

PO Amount

Amount Spent To Date

Remaining PO Balance

Sylint

Initial Forensic Imaging and Review

$                    11,600.00

 $                    11,491.50

 $                          108.50

Sylint

Extended Scope and Investigation

$                 113,365.00

 $                 109,395.50

 $                      3,969.50

Totals

$                 124,965.00

 $                 120,887.00

 $                    4,078.00

The after Sylint's intial report revealed that the city's e-mail database system was living on a prayer that someone wouldn't engage a major hacking attack. 

Here's what that contract entailed:

• management consulting for the Information Technology Department to assist in resolving Exchange e-mail problems uncovered during the initial investigation;

• cyber security audit to address “potential vulnerabilities” uncovered during the first investigation; and

• continued and expanded computer forensics investigation.

Here's what happened as a result of the investigation so far:

• City Manager Robert Bartolotta resigned under pressure when the about other employees were on his machine. No criminal charges were ever filed by state and federal authorities against anyone in the case.
• The investigation revealed serious security flaws and breaches and years (and thousands of dollars) worth of updates and patches were never installed. This has since been fixed, and led to the firing of the IT director.
• A new public e-mail access system.
• Trained and hired professional, knowledgable staff in Information Technology. Executed needed software updates.

Additional information could be released in the final report revealing other work Sylint completed.

So, Sarasota, given what we know and seen, was the Sylint investigation worth the work for the city?