By John Breyault

Vice President of Public Policy, Telecommunications and Fraud at the National Consumers League in Washington, D.C.

In Flint, Michigan, the failures of the municipal government to safeguard the safety of the water network did not only put tens of thousands of residents’ health at risk, it poisoned citizens’ faith in their local elected leaders.           

Flint is a cautionary tale; but it is also an instructive one. By switching to a cheaper water supply, Flint sought to address a short-term financial emergency. But by neglecting to consider the downstream impact of that decision, the city endangered its citizens’ health and their faith in government for a generation. 

It is this pitfall that city leaders must seek to avoid as they embrace the promise of near-ubiquitous broadband connectivity and the resulting data revolution. The benefits of more and better data to cities of all sizes are clear: more efficient government services, more accessible educational opportunities, better data to inform city planning, to name but a few. However, simply layering the tools of the digital revolution onto aging municipal government infrastructure without careful planning is, at best, a waste of taxpayer funds. At worst, it is a recipe for disaster.

Take, for instance, the current wave of ransomware attacks targeting cities and municipalities. Cities are tempting targets for such attacks precisely because they have moved so many essential services online without sufficient attention to the lucrative attack surface they are creating. When localities can’t provide services because their data is locked up for ransom, the promise of ubiquitous connectivity and plentiful data becomes a real-world liability. Small businesses can’t get permits. Marriage licenses can’t be granted. Property sales can’t be finalized.

As we come to the end of National Cybersecurity Awareness Month, it is imperative that local officials use this opportunity to review their cyber resilience. While there is no silver bullet for protecting local governments from cyber attacks, there is much that can be done to reduce the risk. Cyber resilience solutions do not have to put a big dent in municipal budgets already stretched thin by the COVID-19 pandemic. Digital literacy education of city workers is a cost-effective solution that can reduce the number of attack vectors for hackers to exploit. Reinforcing the message not to click on suspicious emails or attachments, should be a basic component of any organizations’ cyber risk management plan. Backing up critical systems in preparation for a ransomware attack can change a catastrophe into a manageable annoyance.

Fortunately, there is no shortage of success stories when it comes to effective cyber threat management. The Cyber Huntsville initiative in Huntsville, Alabama, is promoting cyber resiliency throughout the Tennessee Valley region while creating a pipeline of cybersecurity talent. The Multi-State-Information Sharing and Analysis Center (MS-ISAC) uses the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework to help state, local, territorial, and tribal entities share best practices and provides guidance to help them improve their cybersecurity program. Non-profit organizations like the New America Foundation are doing yeoman’s work in helping states and localities identify best practices and resources for implementing smart cyber threat management plans.

Whether we are talking about water or data, the message is clear: advance planning and preparation for unexpected threats to essential municipal networks is an essential responsibility for local governments.