Abstract
In this paper, we examine cybersecurity challenges faced by America’s local, governments, including: the extent of cyberattacks; problems faced in preventing attacks from being successful; barriers to providing high levels of cybersecurity management; and actions that local governments believe should be taken to improve cybersecurity practice. Our research method consisted of a focus group of information technology (IT) and cybersecurity officials from one American state. Our findings indicate that cyberattacks are constant and can number in the tens of thousands or more per day. While our participants noted that while they were not perfect at it, they felt that they had cybersecurity technology under good control. Their biggest challenge is human – that is, end-users who make mistakes or engage in misconduct. Local governments face several barriers in providing high levels of cybersecurity, including: insufficient funding and staffing; problems of governance; and insufficient or under-enforced cybersecurity policies. Participants suggested several ways to improve local government cybersecurity, including: vulnerability assessment, scanning and testing, cybersecurity insurance, improving end-user authentication and authorization, end-user training and control, control over the use of external devices, and improved governance methods, among others. We conclude by making suggestions for further research into local government cybersecurity.
References
Ablon, Lillian, Martin C. Libricki, and Andrea A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Santa Monica, CA: Rand Corporation. Accessed January 11, 2015 at: http://www.rand.org/pubs/research_reports/RR610.html.10.7249/RR610Search in Google Scholar
Almarabeh, T., and A. AbuAli. 2010. “A General Framework for E-Government: Definition Maturity Challenges, Opportunities, and Success.” European Journal of Scientific Research 39 (1): 29–42.Search in Google Scholar
Blinder, Alan, and Nicole Perlroth. 2018. A Cyberattack Hobbles Atlanta, and Security Experts Shudder. New York, NY: New York Times. Accessed on March 27, 2018.Search in Google Scholar
Caruson, K., S. A. MacManus, and B. D. McPhee. 2012a. “Cybersecurity Policy-Making at the Local Government Level: An Analysis of Threats, Preparedness, and Bureaucratic Roadblocks to Success.” Homeland Security & Emergency Management 9 (2): 1–22.10.1515/jhsem-2012-0003Search in Google Scholar
Caruson, K., S. A. MacManus, and B. D. McPhee. 2012b. “Cybersecurity at the Local Government Level: Balancing Demands for Transparency and Privacy Rights.” Journal of Urban Affairs 35 (4): 451–470.10.1111/j.1467-9906.2012.00640.xSearch in Google Scholar
Center for Digital Government. 2014. Advanced Cyber Threats in State and Local Government. Folsom, CA. Accessed September 23, 2016 at: http://www.nascio.org/events/sponsors/vrc/Advanced%20Cyber%20Threats%20in%20State%20and%20%20Local%20Government.pdf.Search in Google Scholar
Center for Strategic and International Studies. 2014. Net Losses: Estimating the Global Cost of Cybercrime. A report prepared for the Center by McAfee. Accessed September 21, 2014 at: http://csis.org/files/attachments/140609_rp_economic_impact_cybercrime_report.pdf.Search in Google Scholar
Coursey, David, and Donald F. Norris. 2008. “Models of e-Government: Are they Correct? An Empirical Assessment.” Public Administration Review 68 (3): 523–536.10.1111/j.1540-6210.2008.00888.xSearch in Google Scholar
Cyr, Jennifer. 2016. “The Pitfalls and Promise of Focus Groups as a Data Collection Method.” Sociological Methods and Research 45 (2): 231–259.10.1177/0049124115570065Search in Google Scholar
Deloitte and National Association of State Chief Information Officers. 2010. State Governments at Risk: A Call to Secure Citizen Data and Inspire Public Trust. Lexington, KY: Authors. Accessed April 9, 2018 at: https://www.nascio.org/Portals/0/Publications/Documents/Deloitte-NASCIOCybersecurityStudy2010.PDF.Search in Google Scholar
Deloitte and National Association of State Chief Information Officers. 2012. 2012 Deloitte-NASCIO Cybersecurity Study State governments at risk: a call for collaboration and compliance. Accessed September 23, 2016 at: http://www.nascio.org/Portals/0/Publications/Documents/Deloitte-NASCIOCybersecurityStudy2012.pdf.Search in Google Scholar
Deloitte and National Association of State Chief Information Officers. 2014. 2014 Deloitte-NASCIO Cybersecurity Study – State Governments at Risk: Time to Move Forward. Lexington, KY: Authors. Accessed September 23, 2016 at: http://www2.deloitte.com/content/dam/Deloitte/us/Documents/public-sector/us-state-nascio-cybersecuritysurvey_102714.pdf.Search in Google Scholar
Deloitte and National Association of State Chief Information Officers. 2016. 2016 Deloitte-NASCIO Cybersecurity Study State governments at risk: Turning strategy and awareness into progress. Accessed September 23, 2016 at: http://dupress.deloitte.com/content/dam/dup-us-en/articles/3470_2016-Deloitte-NASCIO-cybersecurity-study/2016-Deloitte-NASCIO-Cybersecurity-Study.pdf.Search in Google Scholar
Dixon, Chris. 2014. Deltek: State. Local government IT Spending Increase is an Opportunity for Contractors. Washington Post, August 24, 2014. Accessed May 3, 2016 at: https://www.washingtonpost.com/business/capitalbusiness/deltek-state-local-government-it-spending-increase-is-an-opportunity-for-contractors/2014/08/22/4f6f0834-288d-11e4-8593-da634b334390_story.html.Search in Google Scholar
Finklea, Kristin, and Catherine A. Theohary. 2015. Cybercrime: Conceptual Issues for Congress and U. S. Law Enforcement. Washington DC: Congressional Research Service. Accessed Fevruary 11, 2015 at: fas.org/sgp/crs/misc/R42547.pdf.Search in Google Scholar
Gil-Garcia, J. R., and T. A. Pardo. 2005. “E-government Success Factors: Mapping Practical Tools to Theoretical Foundations.” Government Information Quarterly 22 (2): 187–216.10.1016/j.giq.2005.02.001Search in Google Scholar
Groff, J., and P. Weinberg. 2010. SQL: The Complete Reference. 3rd ed. New York: McGraw-Hill.Search in Google Scholar
Gudkova, D., M. Vergelis, N. Demidova, and T. Scherbakova. 2016. Spam and Phishing in Q1 of 2016. Securelist. Accessed October 18, 2016 at: https://securelist.com/analysis/quarterly-spam-reports/74682/spam-and-phishing-in-q1-2016/.Search in Google Scholar
Halchin, L. E. 2004. “Electronic Government: Government Capability and Terrorist Resource.” Government Information Quarterly 21 (4): 406–419.10.1016/j.giq.2004.08.002Search in Google Scholar
IBM Center for The Business of Government. 2010. Cybersecurity Management in the States: The Emerging Role of Chief Informtion Security Officers. Washington, DC: Goodyear, M., Goerdel, H. T., S. Portillo, and L. Williams. Accessed September 23, 2016 at: http://www.businessofgovernment.org/sites/default/files/CybersecurityManagement_0.pdf.Search in Google Scholar
Kidd, P. S., and M. B. Parshall. 2000. “Getting the Focus and the Group: Enhancing Analytical Rigor in Focus group Research.” Qualitative Health Research 10 (3): 293–308.10.1177/104973200129118453Search in Google Scholar
Lambrinoudakis, C., S. Gritzalis, F. Dridi, and G. Pernul. 2003. “Security Requirements for e-government Services: a Methodological Approach for Developing a Common PKI-Based security Policy.” Computer Communications 26 (16): 1873–1883.10.1016/S0140-3664(03)00082-3Search in Google Scholar
Liamputtong, Pranee. 2011. Focus Group Methodology. Los Angeles: Sage Publications.Search in Google Scholar
Malashenko, E., C. Villarreal, and J. D. Erickson. 2012. Cybersecurity and the Evolving Role of State Regulations: How it Impacts the California Public Utilities Commission Grid Planning and Reliability Policy Paper. Accessed October 18, 2016 at: http://www.cpuc.ca.gov/WorkArea/DownloadAsset.aspx?id=3314.Search in Google Scholar
Morgan, David L. 1996. “Focus Groups.” Annual review of Psychology 22 (1): 129–152.10.1146/annurev.soc.22.1.129Search in Google Scholar
Norris, Donald F., and Kenneth L. Kraemer. 1996. “Mainframe and PC Computing in American Cities: Myths and Realities.” Public Administration Review 56 (6): 568–576.10.2307/977255Search in Google Scholar
Norris, D. F., and C. G. Reddick. 2013. “Local E-Government in the United States: Transformation or Incremental Change?” Public Administration Review 73 (1): 165–175.10.1111/j.1540-6210.2012.02647.xSearch in Google Scholar
Norris, D. F., L. Mateczun, A. Joshi, and T. Finin. 2017. Cybersecurity Challenges to American Local Governments: Results of a National Survey. A paper presented at the 17th Conference on Digital Government. June 13–14, 2017. Lisbon, Portugal and printed in the conference proceedings.Search in Google Scholar
Perez, T. J. 2014. “Municipal E-Government Security: Insights from a Study of Orange County, California.” Lecture presented at 47th Hawaii International Conference on System Science, Waikoloa, HI. Accessed September 23, 2016 at: http://ieeexplore.ieee.org/document/7070085/.10.1109/HICSS.2014.253Search in Google Scholar
Ponemon Institute. 2015a. 2015 Cost of Cyber Crime Study: Global. Accessed August 30, 2016 at: http://www.ponemon.org/library/2015-cost-of-cyber-crime-united-states.Search in Google Scholar
Ponemon Institute. 2015b. State of Cybersecurity in Local, State & Federal Government. Accessed August 30, 2016 at: http://www.ponemon.org/library/the-state-of-cybersecurity-in-local-state-and-federal-government.Search in Google Scholar
Privacy Rights Clearing House. Data Breaches. 2016. Retrieved September 23, 2016, from https://www.privacyrights.org/data-breaches?title=&breach_type%5B%5D=285&breach_type%5B%5D=268&breach_type%5B%5D=267&breach_type%5B%5D=264&breach_type%5B%5D=265&breach_type%5B%5D=266&breach_type%5B%5D=269&breach_type%5B%5D=270&org_type%5B%5D=257&taxonomy_vocabulary_11_tid%5B%5D=2257&taxonomy_vocabulary_11_tid%5B%5D=2122&taxonomy_vocabulary_11_tid%5B%5D=1473&taxonomy_vocabulary_11_tid%5B%5D=1153&taxonomy_vocabulary_11_tid%5B%5D=513&taxonomy_vocabulary_11_tid%5B%5D=306.Search in Google Scholar
Rector, Kevin. 2018. Baltimore 911 Dispatch System Hacked, Investigation Underway, Officials Confirm. Baltimore, MD: Baltimore Sun. Accessed on March 27, 2018.Search in Google Scholar
Stewart, D. W., P. N. Shamdasani, and D. W. Rook. 2007. Focus Groups: Theory and Practice. 2nd ed. Thousand Oaks, CA, Sage Publications.10.4135/9781412991841Search in Google Scholar
Stone-Gross, B., M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. 2009. “Your Botnet is my Botnet: Analysis of a Botnet Takeover.” In Proceedings of the 16th ACM Conference on Computer and Communications Security. November 9–13, 2009. Chicago, IL.10.1145/1653662.1653738Search in Google Scholar
U.S., Census Bureau. 2012. 2012 Census of Governments. Accessed February 8, 2015 at: http://www.census.gov/govs/cog/.Search in Google Scholar
U.S. Department of Homeland Security. 2016. Whitepaper: Cyber Liability Insurance Overview. Sponsored by the State, Local, Tribal and Territorial Coordinating Council. Accessed on June 2, 2018. https://thecepp.org/uploads/3/5/5/1/35514945/slttgcc_-_cyber_liability_insurance_2016_06_17_final.pdf.Search in Google Scholar
U.S., Federal Bureau of Investigation. 2014. GameOver Zeus Botnet Disrupted. Accessed February 13, 2015 at: http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted.Search in Google Scholar
U.S., Navy. 2012. Navy Cyber Power 2020. Accessed September 23, 2016 at: http://www.public.navy.mil/fccc10f/Strategies/Navy_Cyber_Power_2020.pdf.Search in Google Scholar
Verizon. 2013. 2013 Data Breach Investigations Report. Author. Accessed January 21, 2014 at: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf.Search in Google Scholar
Vicsek, Lilla. 2010. “Issues in the Anaslysis of Focus Groups: Generalisability, Quantifiability, Treatment of Context and Quotations.” The Qualitative Report 15 (1): 122–141.Search in Google Scholar
Zhao, J. J., and S. Y. Zhao. 2010. “Opportunities and Threats: A Security Assessment of State e-Government Websites.” Government Information Quarterly 27 (1): 49–56.10.1016/j.giq.2009.07.004Search in Google Scholar
©2018 Walter de Gruyter GmbH, Berlin/Boston
