The National League of Cities (NLC) in partnership with the Public Technology Institute (PTI) has recently released a new guide: Protecting Our Cities: What Cities Should Know About Cybersecurity during cybersecurity month in October. This document was designed to help communities, regions, and local officials better prepare for cyber-attacks before they happen.
Despite popular belief, ransomware is not a new concept. The first ransomware attack happened 30 years ago involving floppy disks and mailed checks. Although technology has drastically changed, the intent to steal data and instill fear while costing taxpayers millions is the same. During a ransomware attack, a hacker will block access to a computer system or data and hold access hostage until the victim pays a fee or ransom. If the victim does not pay the fee, the hacker could destroy important data forever. The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) both recommend that no entity should comply with ransomware demands in order to stop the cycle of attacks as many victims who pay a ransom are vulnerable to repeat attacks.
Recent increases in cyber-attacks and ransomware campaigns can be linked to the rise of hard-to-track payment methods like bitcoin. Many consider the 2013 CryptoLocker malware incident with the Swansea Police Department in Massachusetts as the first modern day ransomware attack. Since then, there have been thousands of reported cyber and ransomware attacks. According to the Office of Management and Budget (OMB), there were more than 31,000 cyberwarfare incidents against federal agencies in 2018.
Cities and regions not only risk losing sensitive data in the event of an attack but also may face costs associated with returning their software to normal and loss of public trust. The cost for Atlanta to recover from its ransomware attack was estimated at $17 million. Similarly, the recent Baltimore ransomware attack was predicted to cost over $18 million. And it is not just big cities that are at risk. Lake City, Florida and Riviera Beach, Florida paid ransoms of $485,000 and $600,000 in bitcoin respectively to unfreeze their systems. Twenty-three Texas municipalities were affected by a ransomware attack this past summer caused by failure to take proper cybersecurity precautions.
So what can you do to help prevent cybersecurity attacks before they happen, or to mitigate the risk in the case that they do occur?
General Recommendations for Local and Regional Leaders
The combined NLC and PTI guidebook, along with other national tools can help cities, regions, and local officials protect themselves against cybercrime.
Below are ten strategies and recommendations from the NLC guidebook for local leaders to strengthen their cybersecurity efforts:
- Identify one individual to be responsible for cybersecurity programs in that jurisdiction
- Make digital hygiene an institutional priority
- Educate the local workforce, elected leaders, and residents about cybersecurity
- Conduct an analysis of local government vulnerabilities
- Ensure your data is properly backed up
- Implement multi-factor authentication
- Create policies or plans to manage potential attacks
- Ensure public communication is part of your attack response plan
- Consider converting to a dot gov (.gov) domain
- Work with education partners to create a cybersecurity talent pool
Cybersecurity Strategic Planning
According to a survey of local government IT executives conducted by the Public Technology Institute, 75 percent of governments surveyed have a cybersecurity plan. However, only 43 percent of respondents felt their communities elected officials make cyber security an adequate budgetary priority. After the recent 23-municipality Texas attack, the state Chief Information Officer attributed their cyber incident response plan to the state’s ability to swiftly contain the damage of the attack.
The Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency (CISA) has also developed a National Cyber Incident Response Plan (NCIRP) to help localities develop their own plans. CISA also hosts webinars sessions to continue outreach efforts to stress the importance of local governments remaining proactive to prevent a cybersecurity breach.
Many government agencies and private companies recommend against paying ransomware, which leaves localities footing the bill. After the event of a cyber-attack, system restorations can become very expensive. Insurance can help mitigate some of these costs. Cybersecurity Insurance has been available for 15 years and is now becoming more widely available as the number of attacks has increased. Coverage is designed to mitigate losses from a variety of cyber incidents including data breaches, business interruption, and network damage.
In the fight against cybercrime, it is also important for regions and localities to focus on ransomware avoidance. PTI identifies four key ways ransomware can cause damage to a system:
- Exploitation of a software vulnerability
- Employees opening malicious email attachments
- Employees visiting hyperlinks (phishing exploits) sent in spam emails
- Employees simply landing on contaminated websites
Making sure your employees are aware of the red flags associated phishing emails or fake websites can go a long way in keeping your data secure. Whether you are an intern, executive director, elected official serving on a board of directors, or anywhere in between, people on all levels of a regional council are responsible for the safety and security of critical data. As the digitalization of services and local management of sensitive material increases, cybersecurity efforts will only become more important.