Building Cybersecurity Preparedness in Local Governments

Feb. 9, 2022

From the ransomware attack on the Colonial Pipeline to the distributed denial of service (DDoS) on Amazon Web Services, cyber criminals have capability to reach the world’s largest companies and critical U.S. infrastructure. The reality is that cybersecurity breaches are happening to governments throughout the world every day and protecting government assets should be a top priority for federal, state and local leaders alike.

With the goal of providing an understanding of cybersecurity threats, the New York State Association of Counties (NYSAC), the NYS Conference of Mayors, and the Association of Towns of New York State have partnered with the University at Albany’s Center for Technology in Government (CTG UAlbany) to publish a “Cybersecurity Primer for Local Government Leaders.”

The report is designed to to help build general awareness of cyber risk management and encourage local government officials to continue to take action in their community’s cyber preparedness.

“Every day we are seeing cyber criminals launch more brazen, sophisticated and destructive attacks on local governments,” said NYSAC President Marte Sauerbrey, the Chairwoman of the Tioga County Legislature. “The Cyber Security Primer is another tool in the toolbox for local leaders that will provide practical information which will help them strengthen their defenses and respond decisively in the event of an attack.”

“After two years of being on the front lines of the COVID-19 pandemic, the last thing local governments need is to face a cybersecurity breach that brings down their computer systems or holds data ransom,” said NYSAC Executive Director Stephen Acquario. “When cyber criminals target local governments, it can literally put lives at risk. We designed to this resource to give local leaders the tools they need to both prevent and respond to cyber-attacks if, and when, they occur.”

In short, the Primer is designed to provide an understanding of needs to identify, protect, detect, respond to and recover from security breaches. It presents a set of actions that local governments can start taking to increase their ability to manage cyber risks.

“Local government leaders are responsible for protecting their government assets, yet most would say they are not cyber savvy. This Primer sets forth basic information about cybersecurity from leading expert organizations while remembering that the local government leaders have numerous and varied responsibilities so it quickly hones in on what they need to know and what they can do right now,” said Meghan Cook, program director at CTG UAlbany and Advisor, NYS Local Government Information Technology Directors Association (NYSLGITDA).

“This Primer is specifically written for local government leaders who are working to ensure that critical government operations and services are protected from a cyberattack,” said J. Ramon Gil-Garcia, Director of the Center for Technology in Government and associate professor of public administration and policy at the Rockefeller College of Public Affairs and Policy. “With cybersecurity as a University at Albany signature strength coupled with CTG UAlbany’s mission to build capability among government leaders, this Primer sets forth a combination of current practice research along with actionable guidance for county leaders.”

The Primer details the types of threats facing local governments, including real-world examples of attacks launched against counties in New York. It then provides top preparedness action steps for local governments to combat those threats.

The highlighted action steps include:

Using the NIST Framework to facilitate executive level discussions about local governments’ cyber preparedness

Developing a draft cyber incident response plan within six months

Conducting a cyber event tabletop exercise

In addition to action steps, the primer highlights steps to take if a cyber attack has potentially occurred, as well as resources available to local governments to strengthen cyber preparedness.

“Building and sustaining cyber capacity is critical but many lack the resources and money to tackle this moving target,” said Robert P. Griffin, dean, College of Emergency Preparedness, Homeland Security and Cybersecurity (CEHC). “At CEHC, we focus on educating the next generation of professionals to address evolving cyber issues here and around the globe. A primer such as this from the experts at CTG Albany, becomes an invaluable tool for local government leaders and others to utilize.”