As cities rapidly adopt new digital tools and cloud-based solutions, they must implement more sophisticated cybersecurity efforts to protect against innovative adversaries.
Cities are increasingly at risk of cyberattacks that pose detrimental impacts. Municipal services such as water supply, emergency services, public transportation, and waste management rely heavily on interconnected digital systems. Cyberattacks like ransomware can disrupt these services, causing inconvenience and potential safety issues for residents.
The public sector’s vulnerability to cybersecurity threats, such as ransomware, malware, and phishing, costs an average of $2.6 million for each incident. Municipal budgets may not always account for unexpected expenses, leading to financial strain and possible cuts in other essential services. In addition, municipalities handle significant volumes of sensitive data, such as residents’ personal information and financial records. Breaches compromise this data, leading to privacy concerns, identity theft, and potential misuse of confidential information.
With outdated technology and security measures at the root of the problem, municipal leaders must prioritize preventative measures encompassing everything from regular backups to cyber insurance. Consider the following nine best practices to mitigate risk from cyberattacks.
#1: Implement zero trust architecture (ZTA)
Cities can adopt zero trust architecture (ZTA) to protect against threats and authenticate all users and devices before granting access. ZTA aims to verify identity and known information about users and devices before allowing access to networks and data. Using ZTA, administrators have the ability to require users who already have access to re-authenticate each time. This re-authentication limits damage from potential attacks by restricting techniques such as lateral movement that cyber attackers use to move deeper into a network in search of sensitive and valuable data.
#2: Segment the network
Network segmentation and micro-segmentation further isolate critical systems, keeping them secure and protected in the event of a vulnerability within one area. For reference, network segmentation means dividing a computer network into smaller parts to improve network performance and security. To help illustrate network segmentation in action, imagine a large bank with several branch locations. The bank’s security policy restricts branch employees from accessing the bank’s financial reporting system. Network segmentation can enforce restrictions by preventing branch traffic from reaching the financial system. Reducing overall network traffic to the financial system helps it work better for the financial analysts who use it.
See also: Smart Cities: Regional Collaboration Synergizes Benefits
#3: Conduct regular backups
As an ongoing practice, IT teams should also ensure software and hardware stay current by regularly checking for updates, automated syncs, or scheduled maintenance. Likewise, governments should back up critical data off-premises to swiftly restore systems and files in the event of an attack without paying ransoms or disrupting public services.
In early 2022, Quincy, Illinois, faced a significant cyberattack that compromised and encrypted city files. They faced repercussions for months after the initial incident. According to a news article, many of the departments were still not fully functional six months after the incident. Quincy’s cautionary tale also shows the importance of maintaining system backups—especially backing up assets important to business functions and services.
#4: Secure operations through controlled access, encryption, and monitoring
For municipalities using cloud services, leveraging robust role-based access controls, encryption capabilities, and activity monitoring offered by cloud providers is critical. Encrypt sensitive information both in transit and at rest to limit exposure and ensure the highest level of security. Ongoing tracking is another essential component, which security information and event management (SIEM) tools can support. A SIEM can monitor user activities to catch issues early and conduct audits periodically to identify anomalies. Additionally, IT leaders should enforce what’s known as least privilege permissions, which allow users only the access necessary for their roles. City IT staff can proactively manage and protect data and other system assets using these capabilities.
#5: Carefully vet providers
It’s a non-negotiable to vet service providers before engaging in a relationship. Cloud Security Alliance outlines top security questions to ask cloud providers, some of which include:
- What is your data encryption viewpoint, and how do you encrypt data?
- Do you offer periodic reports confirming compliance with security requirements?
- What are your disaster recovery processes?
- Who can see or have access to my information? How do you isolate and safeguard my data from other clients?
- What are your methods for backing up your data?
Conducting due diligence to assess vendors’ cybersecurity practices helps identify and mitigate potential risks, reducing the likelihood that a bad actor could access city data through third parties.
#6: Discover and inventory all assets across networks, clouds, and devices
Comprehensive asset management is essential for securing cities against threats. Robust security isn’t possible without full awareness of all hardware, software, data stores, and configurations. In particular, automated network discovery and asset inventory tools are invaluable for tracking. Consider organizing data by category to help define and identify critical and sensitive information. Otherwise known as data classification, this process can help municipalities determine who should be authorized to access what data and what protection policies to apply when storing and transferring it. Asset management requires regular updating and improvement across people, processes and technology.
#7: Create and test incident response plans with stakeholder input
Effective cybersecurity is a continuous commitment that requires extensive planning. Develop what’s known as a response playbook, which outlines steps for tasks such as containing threats, eradicating malware and restoring systems from clean backups. Ensure the playbook clearly identifies team member roles, internal and external communications plans and evidence-gathering procedures.
It’s vital to test the guidelines in the playbook through simulated attacks (also known as tabletop exercises and war games). Doing so can help evaluate the organization’s readiness, reveal plan weaknesses, and develop competency in a no-pressure environment. Lastly, be sure to update the playbook regularly to enable quicker, more appropriate decision-making during actual incidents.
#8: Conduct cyber hygiene training
Employees and contractors can unintentionally become a weak link in cybersecurity. In fact, human error accounts for about 74% of total breaches from common attacks like phishing. Given this trend, ongoing cyber hygiene education is essential for all staff. Cyber hygiene aims to embed security-conscious behavior into all day-to-day activities.
Training can cover password management, phishing identification, social engineering risks, device security, and incident reporting procedures. For example, IT teams can assess workforce readiness by regularly simulating phishing and ransomware attacks. Training should include participants from various departments, such as finance, HR, legal, security, management, sales, and marketing, to ensure diverse perspectives and constructive engagement.
#9: Consider automated threat monitoring
In many cases, an attack happens so quickly it’s difficult for humans to find and fix it manually. For example, on May 2, 2021, the Alaskan Department of Health and Social Services (DHSS) saw signs of an intrusion. Three days later, Alaska’s Office of Information Technology notified the DHSS about unauthorized computer access, and they immediately shut down systems to prevent the attackers from further lateral movement. But in the three-day window between the first signs of intrusion and the state’s action steps, personally identified information (PII) from across the state was available to the intruders. The cyber criminals had access to full names, dates of birth, Social Security numbers, addresses, driver’s license numbers, etc.
Municipalities with minimal security staff can benefit greatly from investing in automated threat detection and response tools because they help with rapid containment and multiply the efforts of a lean and time-pressed team. What’s more, these tools are often equipped to keep pace with rapidly evolving attack tactics, relying on behavioral analytics to identify emerging threats.
Modern cities need a unified approach to cybersecurity
As cities rapidly adopt new digital tools and cloud-based solutions, innovative adversaries will continue to exploit uninformed staff and gaps in legacy systems. IT and security leaders need to encourage departments to work together on security plans. Keep training employees and testing systems to build a culture focused on staying safe despite unpredictable threats. Empowering employees across departments to spot risks early and prevent damage is among our best weapons against attacks. We can handle fast-changing online threats by working together while keeping city services and information safe. United, cross-department teams can withstand emerging attacks in today’s digital world and protect our infrastructure.