A regular meeting of the Board of Aldermen was held Tuesday, May 28, 2019, at 7:30 p.m. in the
Aldermanic Chamber.
President Lori Wilshire presided; City Clerk Patricia D. Piecuch recorded.
Prayer was offered by City Clerk Patricia D. Piecuch; Alderman Richard A. Dowd led in the Pledge to the
Flag.
The roll call was taken with 14 members of the Board of Aldermen present; Alderman Gidge was
recorded absent. Alderman Lopez, Alderman Laws and Alderman Clemons arrived after roll call at 7:31
p.m., 7:32 p.m., and 7:33 p.m., respectively.
Mayor James W. Donchess and Corporation Counsel Steven A. Bolton were also in attendance.
REMARKS BY THE MAYOR
Mayor Donchess
First of all | want to thank everybody who was involved in yesterday's Memorial Day Parade. The
Veteran’s Committee did a great job in putting the parade on. We had a number of Aldermen come and
march in the parade which was really great. The weather was fantastic; the crowds were | think more
than usual. | think overall it was a great tribute to our service people and the Veterans from Nashua and
throughout the region that we were honoring in holding the parade. So | want to thank everybody
involved.
On an issue that has been in the news recently, if you read the New York Times on Sunday on the front
page, “City is high-jacked by tools stolen from the NSA, Baltimore is extorted”. What this is about is a
malware which they call “Eternal Blue” which has being used by bad actors around the globe to try to
penetrate the security, IT Systems of cities and towns and private institutions as well; businesses and
the like. They try to extort money in exchange for them giving up what they are doing. So what
happens is they use this “Eternal Blue” malware to get into a system, and IT System, and completely
shut operations down. Baltimore has been hit recently, Atlanta back a ways, many other cities and
towns have been attacked. When this happens, the cost can be very, very considerable. And of course
the disruption is also very considerable.
So | want the Board of Aldermen to know, because you might have read these same articles, that the
City is actively working to prevent our system from being penetrated or compromised by this or any
other malware, ransomware or anything else. If you want to, we could set up a meeting with Bruce
Codagnone who is the Director of IT to talk about some of the details. As an overview, our system
blocks known malicious IP addresses, those are regularly circulated by Homeland Security. There is a
very effective firewall that prevents suspicious e-mails and other traffic from getting into the City system.
There is a subscription to a service which notifies us of zero day threats. In other words if a flaw ina
software system is discovered elsewhere, which is somehow penetrated, before a patch is developed,
we, the City, get notice that this has occurred so we can here act to block anything that might come in
before there is a patch developed that can permanently block that threat.
There is malware detection software on all the PC’s, there is ant-virus software and the City receives
security patches when a flaw in a software system that we operate is discovered elsewhere. The users,
in other words, our employees, are asked to report suspicious e-mails so that they can be investigated.
There is a practice that is often used called “phishing” which puts an e-mail into someone’s box which
looks like something official. It might say “Click here to update and confirm your user name and
password” but that would never come from a legitimate City source. IT would never ask someone put
your password in an e-mail. That did result and it was reported in a newspaper a phishing expedition, a
successful one over at the school department where maybe a year ago some payroll was stolen from a
few employees who were duped into responding to one of these phishing e-mails. That money was of
course restored by Risk but was lost to the City as a result of the details of the scheme.
