The ability of local governments across the United States to protect against cyber attacks is limited due to a shortage of funding. This is particularly troubling because not only do local governments hold a vast amount of data about individual citizens, but they are also the primary manager of U.S. elections. Given the ongoing investigation into possible Russian hacking of the 2016 election, this is a critical weakness in the cyber security of American government.
The recently released Cybersecurity 2016 Survey, sponsored by the International City/County Management Association (ICMA), contacted over 400 local government chief information officers (CIOs). The survey found that the number of cyber security incidents is on the rise. An increase in cyber attacks in the prior 12 months was reported by a third of respondents.
It also found that local governments couldn’t compete in the cyber security labor market, which is driven by the ever-expanding need for highly skilled information security professionals and the shortage of workers with those skills. This leaves local governments unable to keep up with the rising risk of cyber attacks.
Salaries are much higher in the private sector and it is widely believed this labor shortage will only worsen. After increased funding to pay better salaries, survey respondents highlighted the need for better cyber security policies. But this is a difficult task, since without experienced staff it is a challenging assignment to create better procedures.
A research associate at ICMA, Berna Öztekin-Günaydin, discussed in an interview with 21st Century State & Local steps that local governments could take. They include training current staff to raise their awareness of specific kinds of malware and other common violations of network security. Also, the inherent risks of using email and especially opening unknown files needs need to be stressed as a low-cost first step towards better information security.
Other steps that can be taken include creating a layered defense system that can recognize the different types of security risks that are faced, doing a thorough assessment of the government’s system to find potential vulnerabilities and better allocate what funding is available, doing regular testing and virus scans of the network system, and having backup and recovery plans in place in case of an incident.
Öztekin-Günaydin also stressed that local government should communicate with one another, sharing strategies, system improvements, and current threats. She stated that sharing best practices would help all cash-strapped governmental entities, and highlighted DeKalb County, Georgia, Las Vegas, Nevada, and Jefferson County, Alabama, as local governments on the leading of cyber security efforts.