Blog entry: Are local officials aware of what is happening with cybersecurity?

Beyond the issue of protecting their information assets, local officials often know little about what is happening.  Surveys have shown in the US that the number of survey respondents that respond “Don’t know” to survey questions remains high.  No top official, whether appointed or elected, should be unaware of basic cybersecurity information – the number of attacked, possible breaches, or who is attacking and why.

As time goes on and computing systems become more and more intertwined and embedded in operations running “smart” cities, it will be critical for officials to understand better what is going on in their communities.  Increasingly computing systems control a series of critical environments traffic lights, heating, water facilities, sewage plants, etc. and the consequence of an attack could be far more serious than the loss of information or computing availability.

In many countries, local officials are often unprepared to respond. Those larger municipalities with an IT staff are typically better equipped to respond to cybersecurity problems. Unfortunately, the majority of municipalities are quite small. Here in Italy the municipalities with under 2000 inhabitants represent 43.63% of the total (7.915).  Those with between 2000 and  5000 inhabitants are some 25.82%.  Without an IT support staff to depend on few local officials are aware of what they need for better cybersecurity. The lack of awareness and support staff has meant that cybersecurity is not a priority in local government.

The lack of funds being dedicated to user training at all levels has complicated efforts to raise awareness.  Certainly, there are areas in Italy as in other countries where a more conscious effort is being made to promote better training, attract qualified staff, and highlight cybersecurity issues but for now they are not that common.  Mandating the hiring of qualified staff and training programs by national governments without adjusting budgetary allocations leaves local governments exposed.

In the Metropolitan Area of Rome many local officials are well aware of the need for better procedures and more training both in and outside their municipalities but they lack the resources to hire staff and organize training programs.  Much remains to be done to persuade managers and other top local officials that cybersecurity should be more of a priority.

As a report from the World Economic Forum points out all of these “cross-topic” connections and links mean for government officials and business leaders is that cybersecurity policymaking efforts and activities need to be more “collaborative and deliberative”.  Policies should come out of an ongoing iterative process, not from “ad hoc and crisis-driven responses” that lead to the patchwork legislation common to many countries.

More needs to be discussed regarding the need for common private and public collaboration to deal with cybersecurity issues.

Articles of interest:

• https://www.weforum.org/reports/cyber-resilience-playbook-for-public-private-collaboration

• https://www.govtech.com/security/Local-Governments-Cybersecurity-Crisis-in-8-Charts.html

Cesviter Team