President Joe Biden on March 21, 2022, warned that Russian cyberattacks on U.S. targets are likely, though the government has not identified a specific threat. Biden urged the private sector: “Harden your cyber defenses immediately.”
It is a costly fact of modern life that organizations from pipelines and shipping companies to hospitals and any number of private companies are vulnerable to cyberattacks, and the threat of cyberattacks from Russia and other nations makes a bad situation worse. Individuals, too, are at risk from the current threat.
Local governments, like schools and hospitals, are particularly enticing “soft targets” – organizations that lack the resources to defend themselves against routine cyberattacks, let alone a lengthy cyber conflict. For those attacking such targets, the goal is not necessarily financial reward but disrupting society at the local level.
From issuing business licenses and building permits and collecting taxes to providing emergency services, clean water and waste disposal, the services provided by local governments entail an intimate and ongoing daily relationship with citizens and businesses alike. Disrupting their operations disrupts the heart of U.S. society by shaking confidence in local government and potentially endangering citizens.
In the crosshairs
Local governments have suffered successful cyberattacks in recent years. These include attacks on targets ranging from 911 call centers to public school systems. The consequences of a successful cyberattack against local government can be devastating.
A cyberattack on the city of Baltimore disrupted municipal services for weeks in 2019.
AP Photo/Patrick Semansky
I and other researchers at University of Maryland, Baltimore County have studied the cybersecurity preparedness of the United States’ over 90,000 local government entities. As part of our analysis, working with the International City/County Management Association, we polled local government chief security officers about their cybersecurity preparedness. The results are both expected and alarming.
Among other things, the survey revealed that nearly one-third of U.S. local governments would be unable to tell if they were under attack in cyberspace. This is unsettling; nearly one-third of local governments that did know whether they were under attack reported being attacked hourly, and nearly half at least daily.
Ill-equipped
Lack of sound IT practices, let alone effective cybersecurity measures, can make successful cyberattacks even more debilitating. Almost half of U.S. local governments reported that their IT policies and procedures were not in line with industry best practices.
In many ways, local governments are no different from private companies in terms of the cybersecurity threats, vulnerabilities and management problems they face. In addition to those shared cybersecurity challenges, where local governments…