Local Municipalities at Greater Risk to be "Hacked"

Limited funding coupled with infrastructure capabilities have made public works and municipalities a new favorite for hackers.

Hacking has been on the mind of many Americans after reported election interference by the Russian government. In fact a recent Gallup poll noted that seven out of 10 Americans worry about hacking, placing it atop the list of crimes that Americans worry about most.

But instead of major national breaches that target top companies and government agencies, what experts say should be most alarming are networks at the local level. Cybersecurity at the local level can be summed up in a single word: “deficient.” That is according to Don Norris, a professor at the University of Maryland, Baltimore County.

Earlier in 2017 the city of Dallas experienced overnight chaos after individuals breached their emergency notification system setting off all 156 of the city’s sirens. The year prior the city of Lansing, Mich., paid a $25,000 ransom to unlock its communications system after hackers captured it.

The Department of Homeland Security and FBI said they were aware of the breaches, but went further to say “there is no indication of a threat to public safety.”

Despite some reassurance, American City and County reported the problem was far from resolved. Municipalities do not have the adequate funding to offer competitive salaries to cybersecurity staff, and often are unable to train general employees on smart practices that could lead to breaches. Secretary of Technology for Virginia Karen Jackson said the structure of government has limited improvements, due to cut budgets and the long arduous process needed for approval.

With the average breach costing $4.5 million, the stakes are high for local governments. According to a report by Forbes by 2019 cybersecurity breaches will cost the country $2.2 trillion a year.

In order to cut down on losses, Forbes cited training as the single most important factor in preventing these breaches. Most gaps in an organization or government’s cybersecurity system are on the human side.

In July, the APWA announced one of these training programs for its utility members. The new pilot program will educate water utility operators on how to close possible cyber security gaps in their system. Around 50 municipalities already use the AWPA cyber security tool and another 90 are scheduled to pilot it by September.