Protecting Our Data: What Cities Should Know About Cybersecurity

October 29, 2019

National League of Cities (NLC)

Download
L ocal governments do not often think of themselves as tech organizations, but nearly everything a government does depends on its ability to create, maintain and share large quantities of data — and to ensure that data is secure. Undoubtedly, the confluence of government and technology has great potential for cities to improve service quality and efficiency. But embracing technology-driven governance is not without risk.

Today’s networks are constantly being probed for weaknesses and vulnerabilities. All organizations must deal with these threats as technology continues to play a larger and larger role in business and governance. From Russia disrupting Ukraine’s infrastructure and breaches of corporations such as Equifax and Marriott, to attackers targeting American cities like Atlanta, Baltimore, and Riviera Beach, FL, ransomware and email scams plague internet users daily.

Local leaders should make cybersecurity an administrative and budgetary priority. When a local government is the victim of an attack, the cost can far exceed that of proactive investment in cybersecurity. In 2016, the average cost of a data breach was estimated to be about $6.53 million. However, in many cities, the cost can be even higher, and the price of failing to secure our networks is clearly rising.

While there are several examples of high visibility hacks on the private sector, there are three main reasons why the concerns are very different when a local government falls victim to a breach:
  • Governments collect and maintain far more sensitive information than most private sector companies.
  • Residents can’t easily move or choose a competitor if they are unhappy with their local government service and security.
  • Trust in government is eroding, and security breaches may further reduce faith in government.
Cybersecurity and smart city initiatives must go hand in hand as local leaders continue to invest in 21st century infrastructure. This municipal action guide is a collaboration of the National League of Cities and the Public Technology Institute and aims to strengthen cybersecurity policies and systems in local governments. The guide looks at the state of cybersecurity in local governments and includes policy recommendations for local leaders to implement in order to keep their residents, and their own data, safe. To get a clearer picture of the state of cybersecurity in local governments today, NLC and PTI conducted a small survey of PTI’s IT members and NLC’s Information Technology Committee (ITC). While local governments are making improvements, they still lack support from elected leaders and face budget constraints that limit their abilities to improve cybersecurity further.

There are many simple and effective steps cities can take to avoid vulnerabilities and reinforce cybersecurity best practices:
  1. Identify one individual to be responsible for cybersecurity programs in that jurisdiction
  2. Make digital hygiene an institutional priority
  3. Educate the local workforce, elected leaders and residents about cybersecurity
  4. Conduct an analysis of local government vulnerabilities
  5. Ensure your data is properly backed up
  6. Implement multi-factor authentication
  7. Create policies or plans to manage potential attacks
  8. Ensure public communication is part of your attack response plan
  9. Adopt a dot gov (.gov) address to reduce risk of fraudulent municipal websites
  10. Work with educational partners to create a cybersecurity talent pool.
No network can be 100 percent secure, but by following the recommendations in this guide, local government leaders can reduce the risk of a cyberattack and be more resilient when one does occur.

Back to Listing