It's happened again. Another malicious cyber attack has taken place in one of ICMA's member communities. This time: the city of Cape Girardeau, Missouri, and it could potentially be the first of many to make an impact on local governments in 2020. According to a recent Emsisoft report (“State of Ransomware in the U.S.”), there were 621 ransomware attacks that impacted government entities, healthcare service providers, school districts, and other educational institutions (such as colleges and universities) in just the first nine months of 2019.
It's time for you and your staff members to actively prepare for cyberthreats now... or your organization and community could pay later.
In 2016, ICMA, in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local government cybersecurity practices. When asked to rank the top three things most needed to ensure the highest level of cybersecurity for their local government, respondents cited greater funding as number one, better cybersecurity policies as number two, and greater cybersecurity awareness among local government employees as number three in importance.
2020 ICMA Regional Conferences to Focus on Cybersecurity Preparedness and Awareness
With news stories about cybersecurity vulnerabilities appearing almost daily, from member feedback on the importance of cybersecurity preparedness, and from the survey results noted above, ICMA is ensuring that each of the 2020 ICMA Regional Conference events are focused on cybersecurity topics, such as ransomware, managing cyber risks, and employee training, through a series of discussions and keynote speeches. Below you can find just a few of the keynotes on the agenda:
Southeast Regional Conference
Surviving the Rise of Ransomware in Local Governments
Ransomware and hacking have been a thorn in the side of public and private entities for some time, but in recent years, the frequency of these attacks on local governments has increased, ensnaring jurisdictions from coast to coast. During this discussion, Dr. Tim Rahschulte of the Professional Development Academy will facilitate an interactive discussion about cybersecurity and how cities and counties can shield their systems from this growing risk.
West Coast Regional Conference
Managing Cybersecurity Risks and Resources to Become a Smarter City Against Urban Cyber Terrorism and Why City Size Doesn’t Matter
This session will focus on why cities have significant risks relating to cybersecurity regardless of city size and why many need a roadmap to start the process of securing the countless risk points in the journey to become a Smarter City. Speakers Barry Schalkle, JD, CPA, co-founder Protocol 46 Inc., and Cy Olsen, PhD, CEO of NetOC Inc, (Networking Organizational Capabilities), will answer such questions as:
- What must your city and its leaders do to become a smarter city to combat urban cyber terrorism?
- Why what you don’t know can hurt your city and its residents?
- Why every city is vulnerable and why cyber insurance is not the answer.
Mountain Plains Regional Conference
Benjamin Edelen, chief information security officer of Boulder, Colorado, will share a different approach to local government cybersecurity that emphasizes protecting people first and getting the basics right. Attendees will discuss ideas like bringing fun back to security training, making sure security supports (rather than detracts from) big ideas, and baking empathy and respect into a program. This approach results in real engagement with employees, a respectful environment where mistakes and dangerous configurations can be safely reported, and a plan to help the organization recover gracefully when incidents arise.
Northeast and Midwest Regional Conferences cybersecurity topics will be announced soon.
Local governments of all sizes and locations now own and operate a wide and growing array of internet-connected technology systems: employee-issued laptops, motion sensors on light poles and under pavement, mapping and informational systems inside police cars, online citizen-engagement tools, and much more. Most local governments in the United States don’t have a strong grasp of the policies and procedures they should implement to protect their technology systems from attacks. — ICMA op-ed, The New York Times, March 30, 2018
Cybersecurity Resources from ICMA
ICMA has published articles and blog posts that describe ransomware and other cyberattacks, explain vulnerabilities and risks, and provide advice for securing systems and preventing breaches. Here are some key resources to read before you attend one of our 2020 ICMA Regional Conferences:
- De-Mystifying Cybersecurity. A town administrator from a small community and an enterprise information security official from a large county offer perspectives on the risks, approaches, and challenges of today’s cyber environment.
- Ransomware Attack! Making the Hard Decisions. A first-person account of an attack on a city’s computers.
- Cybersecurity: What’s Your Risk? Six questions managers should ask.
- Technology at the Administrator's Side: Empowerment or Security Risk? An article by Dr. Costis Toregas for the National Association of County Administrators (NACA) addressing the technology tools that make the public administrator's job easier—and cautions about the security risks each one presents.
- Cybersecurity: Developing Threats. Another article from NACA highlighting several ransomware attacks on government websites.
- Local Government Guide to Cybersecurity. Guidance for local appointed and elected officials.
- Cyber Disruption Response Planning Guide. Resources provided by the National Association of State Chief Information Officers (NASCIO), equally useful at the local level.
- How You Can Protect Your Community from Getting Cyber Hacked. See the quick reference checklist for cybersecurity