Local government cyber security, or the lack of it, is a digital landmine waiting to explode. We hear a great deal about national attacks like the one by China on the Office of Personnel Management, but smart cybercriminals are figuring out that local crime still pays. Please, don’t blame your local government – blame voters (that’s us) and elected officials who haven’t taken this issue seriously enough.
Resources to bolster cyber security within local government offices:
- Sileo’s Cyber Security Roadmap of Known Vulnerabilities & Solutions
- Improving the Performance of Your Security Awareness Program
- A Cyber Security Controls Framework highlighted by me (quick reading)
- Top 10 Internet of Things Threats & Solutions
7 Reasons Why Cyber Threats are Shifting to Local Government:
- Local governments house highly personal information on American citizens, and regularly provide “life-and-death” services (hospitals, police, fire, first responders, etc.) and critical infrastructure that we can’t live without.
- The critical nature of these services makes them attractive ransomware and hacking targets, and our local government’s historical willingness to pay the ransom to maintain continuity of services (the only option left at times) reinforces the vicious cycle.
- Cities, counties, states, special districts and agencies regularly have I.T. & security budgets that are ignored and underfunded, leading to a lack of technological and human resources to keep them security-competitive with corporate counterparts.
- Taxpayers balk at funding security initiatives because of the difficulty of allocating money to prevent a hypothetical future attack that, by the way, isn’t actually hypothetical. But that’s like ignoring the heart attack until it happens.
- According to a recent university report, 44% of local governments see cyberattacks hourly or daily; 28% don’t know how often they are being attacked, and 54% do nothing to log, investigate or remediate attacks. In other words, nearly 100% of local governments are under attack, but they rarely make the news.
- Local governments are often forced to utilize a patchwork of outdated legacy systems (see “underfunded” above) that don’t communicate with each other, run on antiquated software and each require a unique security strategy, making remediation expensive, time consuming and complex.
- These insecure-able systems are often connected to larger state, regional and federal stores of data and serve as a backdoor into national databases and systems.
In other words, local governments are low-hanging fruit to cyber criminals. The data they house is highly sensitive, the services they provide are mission critical and the resources they work with are minimal. We must care about these threats before ransomware renders your local hospital unable to serve your own sick child, before malicious nation states alter your vote in the next election and before cyber terrorists decide it’s your traffic-light synchronization system they will destructively manipulate. Because once it happens, it’s too late to plan ahead. And that’s costly.
_____________________________________________
John Sileo is a keynote keynote “energizer” for Local Government and City & County Insurance Pool conferences. He specializes in making security fun, so that it sticks. His clients include CIRSA (Colorado), CIS (Oregon), and many Special Districts Associations as well as the Pentagon, Schwab and some organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime.
