Are Local Government Managers Finally Getting Real on Cybersecurity?

Developers working on programming and coding techniques.

Developers working on programming and coding techniques. REDPIXEL.PL

 

Connecting state and local government leaders

COMMENTARY | City and county managers see a tipping point about cybersecurity.

The use of new technologies has exploded in local governments in the last several years. But in all the rush to adopt solutions aimed at improving the effectiveness and efficiency of services, the underlying question of the security of highly connected digital tools and the data that powers them was lost. 

Local governments have been behind the curve on cybersecurity for quite some time. In 2016, the International City/County Management Association (ICMA) and the University of Maryland, Baltimore County, conducted the first survey to assess local government attitudes, actions and experiences with cybersecurity. The report disturbingly found that local governments were largely unaware of cybersecurity issues and underprepared for a cyber incident.

But the recent run of high-profile ransomware attacks in places such as Atlanta, Baltimore and more than 20 Texas municipalities—along with the associated costs of responding to these events—may finally have been the tipping point that is altering local managers’ mindsets on their role in cybersecurity. During the 2019 ICMA Annual Conference, several city and county managers discussed the shift they are seeing in the mindset of local managers. As Tad McGalliard, ICMA Director of Research and Policy Expert on Local Government Cyber Security, stated, “Cybersecurity is no longer an IT problem, but a holistic organizational problem.”

Previously, one of the major problems cited with understanding the significance of cybersecurity was that it was discussed in a highly technical manner. Todd Selig, town administrator of Durham in New Hampshire, described how the IT director in his jurisdiction would discuss cybersecurity, but he felt as though he needed that explanation translated to him. Essentially, Selig felt he was reliant on a tech-savvy person whose solutions were very costly and did not help him understand what the true needs were. What has changed for managers is that the security of cyber networks is an integral component of their business operations. For instance, city and county managers are now viewing their digital networks as a piece of infrastructure in the same way as roads and water and sewage are. That connection of digital networks to infrastructure has helped to underscore the importance of cyber networks and that their protection is essential to the business of government. Selig laid out all the ways that municipalities are starting to understand the high stakes of doing nothing in cybersecurity—loss of continuity of operations, loss of critical data, loss of confidentiality and the loss of public trust.

But for some city and county managers, cybersecurity is personal. Mike Land, city manager of Coppell in Texas, acknowledged that when most people hear cybersecurity, at first it seems like a very high-level “out of this world” problem. However, when a cyber incident occurs in a city or town the manager is squarely in the middle. Land said “If at the end of the day my citizens get hit, I get hit.” He went on to say if managers think in those terms the impact and value of cybersecurity will resonate.

Although city and county managers desire to become more proactive than reactive, the realities of being behind the curve still exist and the game of catch up has ensued. One challenge in changing gears and becoming more proactive are the policies previously in place, particularly those related to government transparency. In the last decade, local governments have made moves to provide more information to meet the demands of citizens who want to hold government accountable. As a result of that, cities and counties began to put more information into the public sphere than ever before. But that has now put them in an awkward position.

Cities and counties have worked to create more accessibility for citizens with city government employees. One example is of providing contact information such as email and phone numbers directly on websites. And while that has helped with transparency it has opened the door for bad actors to use those emails in phishing attempts. As Land said, “The idea of transparency is great but when used against you, you have to take action.” City and county managers will have to find ways that allow them to stay true to transparency but also have an eye to security.

As with most things, the way to handle this conundrum will be education. The best place to start this education is with elected officials and the staff of city and county government. As Xavier Hughes, ICMA Chief Technology and Innovation Officer said, “You need to educate on cyber as much as you educate on procurement practices.” One way that Selig suggested city and county managers start having these conversations is to simplify them by discussing what is needed and why it is needed. When he did that, it allowed him to talk more about cybersecurity in the same way he discusses increases to the police force or building a new fire department.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.