Fenton committee declines Spectrum DDoS add-on after IT and insurer say it won’t lower premiums

The Fenton Board Committee discussed a Spectrum-distributed-denial-of-service (DDoS) protection subscription for municipal internet service and decided not to purchase the $600-per-month option at this time.

Jacob from ENT explained that DDoS protection deflects volumetric attacks that flood network connectivity. "Any security control that you're willing to pay for to implement is a good security control and good practice," Jacob said, but he added that DDoS attacks tend to target larger government entities and foreign threat actors and are uncommon for smaller municipal networks. He told the committee that with Spectrum's mitigation the outage would be essentially instantaneous; without a carrier-level service, the city's FortiGate firewalls could detect and mitigate the attack but the outage could last hours and possibly up to about 24 hours while staff coordinate with the internet provider.

Amy de Blasio, who works with the city's cyber insurer on renewals, told aldermen that buying Spectrum’s DDoS protection would not produce an immediate, guaranteed premium reduction. "There’s not a direct correlation," she said, though she added insurers take all security improvements into account at renewal time. Committee members also reviewed the city's existing protections: enterprise Fortinet firewalls, SOC-as-a-service and offsite backups. The city’s current cyber insurance premium for the active term was reported as about $4,010 per year; staff cited a projected premium of around $7,700 for the coming year.

After discussion about cost, likelihood of an attack, and mitigation timelines, committee members concluded that the DDoS subscription was not essential today and declined to authorize payment while noting it could be reconsidered in future renewal cycles.