Cyber Security

The landscape of cybersecurity threats continues to shift as technology becomes more advanced. The diversity of devices and the adoption of updated technology can be positive for local government, leading to more efficient emergency management services or improved service delivery. As more advanced technology is adopted, local systems become more vulnerable. Threats at all levels of government are concerning, but local municipalities especially do not always have the budget or access to updated security measures, leaving them increasingly vulnerable.  

In recent years, attacks have ranged from shutting down entire 911 operating systems to affecting water systems to compromising citizen  data . Cybersecurity policy recommendations have become more necessary than ever. They can provide a structure for protecting an organization and clear guidelines for best security practices while strengthening public trust in local government and providing more options for local governments to utilize technological advances without compromising safety.  

Most American adults felt confident in making the right choices about maintaining their data privacy. 

Many respondents agreed with sentiments reflecting a general lack of concern for personal cybersecurity measures or skepticism that their actions would significantly impact their online data privacy. 

33% of survey participants felt that they either were overwhelmed by the requirements of personal cybersecurity planning or did not have significant concerns about their online data privacy.  

21% of respondents felt organizations that handle personal data could not be trusted to secure their private data - indicating that American adults have little trust in companies and institutions that are supposed to manage their data responsibly. 

 Figure 2  depicts the response rates for agreement with five sentiments from American adults about their personal data privacy and cybersecurity measures. 

 Figure 1  shows the forecasted annual net loss of cash based on the percentage deviation from the average level of security, highlighting the potential damage to municipalities from cyber insecurity. 

As local governments adopt more advanced technology, cybersecurity risks increase.  

 Government Information Quarterly  analyzed 500 websites of US municipalities with populations between 25,000 and 250,000 in their study on the adoption of civic technologies. They found that city size and government type played a major role in how advanced the implemented technology was and that tools like e-services and civic engagement platforms helped to increase trust and transparency in local government.  

A 2020 UC Berkeley  report  surveyed cybersecurity experts and ranked smart city technologies by risk level. Video surveillance, smart traffic signals, and emergency alert systems were all considered high-risk technologies. A key takeaway from this report was that technological innovation could benefit municipalities and increase the likelihood of a serious cyber-attack by increasing security vulnerabilities.  

Researchers have also highlighted new risks that have arisen in the age of remote work and  expanded cloud usage within workplaces . Some key emerging risks are increased attack surfaces and international threats, both of which open workplaces or municipalities up to increased risks. AI was also mentioned as a potential solution to automate threat detection and improve security response time.  

As cybersecurity threats to small local municipalities become more complex, the need to research, manage, and discuss these looming threats becomes even more crucial to highlight the key issues present and look forward to seeking out policy solutions.  

 Baral  and a team of researchers completed data analysis on maturity levels, incident counts, and financial impacts for municipal cybersecurity challenges. Some policy recommendations they ended up with included:  

• Creating secure risk models and standardized language for risk discussions. 

• Defining “reasonable cybersecurity efforts” for municipalities to engage in – driving public and employee data protection.  

• Emphasizing security controls, evaluation of existing policies, and state-level training.  

The  US Government Accountability Office  reported in early 2024 that a federal agency responsible for a majority of critical infrastructure reported the most federal ransomware attacks (nearly 50%) but did not utilize the GAO’s cybersecurity suggestions of strengthening their cybersecurity infrastructure and enhancing the overall federal response.  

Case studies on a state level (from Georgia, Michigan, and New Jersey) provided insight into a diverse set of cybersecurity governance strategies. Some key focus areas were: 

• Strategic Planning 

• Risk Identification  

• Incident Response 

• Workforce Training/Education  

To address the growing cybersecurity risks, municipalities need to adopt proactive strategies.  

Emily Stenzel is an MPA student at the University of Illinois Chicago. She will be completing her degree in Spring 2025. Stenzel is currently the Special Assistant to Administration and Finance at the Village of Riverside in Riverside, IL. Stenzel also performs the duties of the Village Clerk. Stenzel has been with the Village for just under two years and plans to utilize her degree to further advance her skills in her career.

Katie Gross is an MPA student at the University of Illinois Chicago who will complete her degree in Spring 2025. She is currently a contract coordinator at a small pharmaceutical company. She hopes to continue working in the healthcare field, potentially shifting to focus more on health policy and equity in the future.

Krishna Marmé is an MPA student at the University of Illinois Chicago. She will be completing her degree in Spring 2025. Marmé is currently the Program Coordinator for the SPARC program within APPEAL. This organization is focused on advocating for the health and wellbeing of the AANHPI community in California specifically focusing on the topics of health equity, tobacco and cancer policy. She plans to use her MPA to continue advocating for improved health policy and local community reforms to ensure tobacco free spaces for generations to come.  

Gabriel Gulumian is an MPA student at the University of Illinois Chicago who will complete his degree in Winter 2025. Currently, he works for a non-profit organization specializing in outdoor education in Bartlett, IL. Gabriel hopes to continue his path in the non-profit field, possibly shifting to a more environmental/sustainability focus.