THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
Scot Barker, Chief Innovation Officer at City of BurlingtonScot Barker is a visionary leader serving as the chief innovation officer at the City of Burlington. With a track record of driving transformation and growth, he excels in identifying organizational needs and implementing impactful solutions. His passion for lifelong learning and insatiable curiosity fuels his commitment to building sustainable entities. Scot's strategic mindset and dedication to innovation are instrumental in propelling the City of Burlington towards a future of progress and excellence.
Scot Barker, shares his insights into successful execution, future trends, and leadership strategies, offering invaluable guidance to organizations seeking to optimize their operation and implement robust cybersecurity.
You may think it is weird for a municipal CIO to be writing about cybersecurity on a national level. You may be asking yourself “What does he know about cybersecurity at a national level? He’s not dealing with the same stuff at the city level that I’m dealing with on the national level.” What if I told you that all cybersecurity is local? Whether on a local, state, federal or tribal level, cyber threats all start locally. Nothing in cybersecurity exists solely at one level, or in a vacuum. Everything you are dealing with at the federal level is also happening at the local and state level. A breach may well be a larger issue (especially in terms of dollars) at the federal level, but at that point, it is a matter of scale, not possibility.
What do I mean when I say all cybersecurity is local? According to reports, 91% of all cybersecurity threats start in someone’s email, and 32% of all successful breaches involve some form of phishing. Someone gets an email, is tricked into clicking on a bad link, and the bad guys are off to the races. I assure you, that this is not only happening at the federal level. Those phishing emails are targeted at everyone in government, at every level. The one thing every level of government has in common is people. Because of that and with an eye toward 91% of all cyber threats going through email, it means the overwhelming majority of cyber incidents are local, whether they start at the federal level or not.
“When the national cybersecurity stance can be impacted within hours or even minutes by a situation at a municipal level, even the most common cybersecurity protections can rise to a level of national importance.”
There is no doubt that municipalities are considered soft targets. Lack of funding and lack of expertise often combine to make a city’s cyber security stance less robust than what can likely be found at the federal level. Given that, let’s follow a path that sounds like a movie script, but I fear may be all too common. The city clerk gets fooled by a phishing email and clicks on a link that deposits malware on his machine. From there the malware is unknowingly spread to some network resources and is sent to a contact at the state level via an attachment on a legitimate email. That attachment is opened and again the malware spreads to a few places on the state’s network and is passed along in another legitimate email, to someone at the federal level. That phishing email has now released malware that pretty easily reached federal levels, even after starting locally, at a municipality.
We need to remember cybersecurity is a team sport. We all need to be playing together on the same team. That means a local municipal employee should have the same goal as someone at the state or federal level: keep a clean sheet and don’t pass along cyber threats. How do we do that? How do we make sure the people at the local level are just as vigilant as the people at the federal level? We all need to follow these guidelines, from the local level to the federal level:
● Create, publish and maintain a strong cybersecurity policy.
● Train your employees on cybersecurity best practices. Test them regularly against that information.
● Have – and enforce – a strong password policy at your organization.
● Keep your operating system, software and hardware updated with the latest security patches.
● Remember that cybersecurity has a physical component – lock your computer when you walk away, don’t try to use an unidentified thumb drive and don’t let people piggyback through secure doors as you walk through.
if everyone rigorously followed these five guidelines, all of us – from local municipalities to the federal level – would be in much better shape.
All cybersecurity is local. People are our first and best line of defense. Breaches we experience at the local level can have a significant impact on our national cybersecurity situation. Cyberattacks are not a question of if, but when. Yes, these all seem like well-worn cliches. When the national cybersecurity stance can be impacted within hours or even minutes by a situation at a municipal level, even the most common cybersecurity protections can rise to a level of national importance. Act locally and impact nationally when it comes to strengthening your cybersecurity stance.
Read Also
