The National League of Cities has published a new guide to help local governments understand their cybersecurity vulnerabilities and how they can improve security practices.

The guide, “What Cities Should Know About Cybersecurity,” looks at the state of cybersecurity in local governments and includes policy recommendations for local leaders to implement in order to keep their residents, and their own data, safe. The guide explains how some cities fought back against hackers, helps communities assess their cybersecurity preparedness, and identifies simple and effective steps municipalities can take to avoid vulnerabilities and reinforce cybersecurity best practices.

Every hour, 26% of local governments report a cyberattack, according to the report. An analysis by the NLC and its partner Public Technology Institute finds that nearly a quarter of municipalities don’t have a cybersecurity plan that is designed to protect government information systems from attack.

A small survey of PTI’s IT members and the NLC’s Information Technology Committee found that while local governments are making improvements, they still lack support from elected leaders and face budget constraints that limit their abilities to improve cybersecurity further.

Local governments do not often think of themselves as technology organizations, but nearly everything a government does depends on its ability to create, maintain and share large quantities of data – and to ensure that data is secure. The confluence of government and technology has great potential for municipalities to improve service quality and efficiency. But embracing technology-driven governance is not without risk.

Data is increasingly at the core of fundamental public services such as trash collection, building and zoning permitting, fleet management, public facility operations, utility maintenance, and even tree inventories. Policymakers must now understand, manage and regulate the use of facial recognition software, micromobility technology like e-scooters, energy storage, smart energy meters or autonomous vehicles.

The guide notes that governments collect and maintain far more sensitive information than most private sector companies, and security breaches can undermine the public’s faith in government.

Today’s networks are constantly being probed for weaknesses and vulnerabilities, and all organizations must deal with these threats. While security threats are increasing in frequency and sophistication, most of the greatest threats are coming from internal network users who click on malicious links, open email attachments that contain viruses, or make other mistakes that allow hackers to gain access.

When a local government is the victim of an attack, the cost can far exceed that of proactive investment in cybersecurity. In 2016, the average cost of a data breach was an estimated $6.53 million. In many cities, the cost can be even higher. The cost of failing to secure networks is clearly rising.

The NLC guide advises local leaders to make cybersecurity an administrative and budgetary priority.

What Cities Should Know About Cybersecurity (1.5M PDF)

Written by