The Cybersiege of Cities: Understanding An Increasingly Common Threat

November 10, 2021 - (4 min read)

The finger has always been a popular tool in the defensive arsenal of security teams, whether they’re protecting public or private sector assets. In politics, finger-pointing has been elevated to an art form. In sports, fingers point out a single player error to explain the entire outcome of a three-hour game. In cybersecurity, that finger has historically been used to redirect responsibility for exposure and impact toward attackers, untrained users, a previous administration, or shrinking budget line-items. Yet, the unpredictable nature of ransomware and its broad spread is making traditional finger-pointing less effective, so cities need to rethink their protection strategy.

It’s a rare public entity that has extra budget or team members with extra time to apply to this growing threat but increasing public awareness of its clear and present danger is driving interest to do more. Two years ago, security pioneer Kaspersky labeled the ransomware threat to cities its “Story of the year 2019”.  Though it may well have been, by 2021 the number of successful attacks and public incidents continues to soar. School systems, town offices, and notably police department computer networks have been compromised with increasing frequency and ramifications, fueling demands for public action. 

As cities strategize their response to threats posed by ransomware, there are good examples to follow. Pending congressional approval, the proposed federal infrastructure bill includes $1 billion in grant funding for state and local governments in support of their initiatives to improve cybersecurity. Following an attack against systems in Tulsa, Oklahoma’s second largest city, their CIO announced targeted efforts to reduce recovery time, in addition to improved data protection measures. Further, as cities evolve to provide improved services and response time with more pervasive adoption of technology, such advancements create an even higher level of awareness and attention to increased damages possible from a successful attack.

The big question for most is, “Where should we start?” The security problem is complex, and the number of products and approaches available can cause paralysis in both planning and prioritization. It’s also common for public sector teams to be short of skilled advisors and resources given that the cybersecurity sector fails to fill hundreds of thousands of security jobs every year. Cities can start by simply taking time to get to know themselves foundationally. This awareness begins with understanding the number and purpose of their networks, internet connections, critical systems, and existing user and data protection plans. Armed with this knowledge, cities can ensure all systems are being secured and monitored, thus providing a base to test their resilience to all types of cyber threats, from ransomware, to phishing, even the use of stolen credentials. The gaps this process uncovers provide a blueprint for improvement focused on the risks to be mitigated, versus ad hoc implementation of new and interesting, but pricey and inadequate technologies.

This ongoing attention to assets and exposure feeds what is called situational awareness: a battle-tested means of gathering and synthesizing information to make prompt, informed, meaningful decisions in both planning and in periods of crisis. As cities strengthen their own protections against these new dangers, such awareness will significantly reduce the likelihood of a successful attack, and the breadth of impact if an attack does happen.

Learn More

NLC has partnered with industry-leading cybersecurity providers NuHarbor Security, Splunk, and Tenable to provide a comprehensive strategy to cities’ Information Security Programs. Read more about the partnership between NuHarbor Security and NLC, and how NuHarbor can benefit your community.

About the Author

Jack Danahy is the VP of Product and Engineering at NuHarbor Security.