In early 2018, CDOT experienced a ransomware attack that severely crippled operations, with thousands of employees unable to access email, electronic files, data, or computer applications.

There had not yet been a similar cyber-attack on a DOT to help guide CDOT actions on how to respond and recover quickly. However, CDOT has experience quickly responding to natural disasters (e.g., floods, fires). They immediately used that experience to develop a system for cyber emergency, including creating an Incident Command Center (ICC) and Incident Management Team (IMT), and defining a daily operational schedule.

Muller was brought in to back up the Incident Commander, who led the ICC, after successfully fulfilling the Deputy Director role on a previous flood response and disaster recovery, the 2013 Northern Colorado floods. For 73 days, Muller was an integral part of the Incident Command structure, prioritizing restoration, ranking business functionality, coordinating with internal and external partners (e.g., State IT, the FBI, the Colorado National Guard) and lending a hand in any way to help bring CDOT back online. 

Post response and entering into recovery, Muller was integral in CDOT’s resiliency and protection to existing technology systems, including automated backup systems, server redundancy, and establishing resiliency standards.