Attacks on state and local governments went up dramatically in the pandemic as cybercriminals sought to take advantage of the crisis but have city leaders learned the lessons?
The Covid-19 pandemic highlighted to cities around the world the importance of smart city programmes by using technology, data and innovative solutions to address their social, environmental, and economic challenges.
Indeed, 65 per cent of city leaders surveyed in 2020 as part of ESI ThoughtLab’s Smart City Solutions for a Risker World reported that the top lessons learned from the pandemic was that smart city programmes are crucial for their future.
Innovation is a double-edged sword though. As city leaders increase their investments in digital technologies, they also expose their cities to greater cybersecurity risks if they do not put appropriate safeguards in place up front.
The pandemic was a stress test for urban cybersecurity systems. Attacks on state and local governments went up dramatically as cybercriminals sought to take advantage of the crisis.
Many cities fell victim to ransomware and other attack vectors. For example, Knoxville in Tennessee was hit in June of 2020 with an attack that crippled its IT systems. The disruption escalated when hackers began publishing data online in a move to extract a ransom payment. Hackers also took advantage of pandemic-related disarray by shamelessly targeting some hospitals.
The ESI ThoughtLab study shows that cities need to do more to keep their urban centers and citizens secure. Most cities, 60 per cent, reported they are not well prepared for cyberattacks. Although small cities felt more confident about their cybersecurity systems than others, the smallest urban areas are in a more precarious situation, with only 29 per cent believing they were well prepared. This is borne out by the incidence of attacks during the pandemic on smaller cities in the US, such as Florence, Alabama and Pensacola, Florida.
One sign of a smart city leader – one that is most advanced in using technology and innovative solutions – is its level of cybersecurity Ninety-five per cent of cities classified as leaders in the study said they were well prepared for cyberattacks, against just 8 per cent of beginner cities.
There are best practices that cities can follow to shore up their defences against attacks. City managers should take a sheet from the lesson book of smart city leaders.
There are five key cybersecurity steps that leaders take far more often than other cities to address their cybersecurity vulnerabilities:
Cybersecurity areas where smart city leaders invest more
|Prioritise assets and create access control policies||68%||49%||+19%|
|Disaster recovery, response and event management technology||46%||31%||+15%|
|Cybersecurity training for staff||54%||40%||+14%|
|Protect critical infrastructure, including security testing||49%||35%||+14%|
|Develop incident response and recovery plan||43%||29%||+14%|
|Augment staff with outside specialists or outsourced functions||32%||23%||+9%|
|End-point security, such as securing mobile devices and laptops||19%||12%||+7%|
|Cloud and network security||70%||65%||+5%|
|Hire more cybersecurity specialists and staff||78%||76%||+2%|
One small city that learned the value of such best practices was Torrance, California. On 1 March, 2020, Torrance experienced a cyber incident that had an adverse impact on city operations. Just two weeks later, Torrance declared a local state of emergency due to the coronavirus pandemic.
Faced with two major crises, city leaders scrambled to set up a virtual emergency operations centre (EOC) through Slack, a cloud-based messaging platform hosted by Amazon Web Services. The city used Google Drive for all its forms and documents instead of email, as it was both safer and more efficient.
Within a week, the city had transitioned from brick and mortar, paper and pencil, to virtual operations. It was then able to connect area hospitals, the local school district, the Red Cross, Salvation Army, and business groups to the EOC for real-time information sharing. And when Torrance and Southern California experienced civil unrest – yet another disruption – a few months later, Slack allowed the city to flatten the information curve and share data, internally and confidentially, for increased awareness about the events.
“We don’t have the luxury of time. It’s not if, it’s when we’ll have another crisis, and it’s all about creating a state of readiness”
The city was able to funnel live pictures of events directly into Slack where everyone involved in the management of the response could see and better understand the situation. “There were no longer silos that could form because the departments were all dissolved,” said Jeffrey Snoddy, emergency services manager for the city.
The experience was an eye-opener, and the city has since developed a cybersecurity plan. Reminders are sent to staff regarding practices to shore up security, such as changing passwords regularly and connecting from home with city-issued devices only. The city also does routine self-risk assessments of its vulnerabilities.
“Resilience and agility are a must to survive and to thrive,” said Torrance’s city manager, Aram Chaparyan. “Governments move at a slower pace because we have fiduciary responsibility. We have oversight by our elected officials and the public. We don’t have the luxury of time. It’s not if, it’s when we’ll have another crisis, and it’s all about creating a state of readiness.”
You might also like: