The highest purpose of any government is to ensure the safety, security, and well-being of its citizens. From providing day-to-day services like business licenses, utilities, emergency services, and processing tax payments, to ensuring an effective response to weather events, disasters, or (hopefully) one-off existential events like the COVID-19 pandemic, local governments truly are at the center of it all. So the old adage that “all politics is local” certainly rings true.

The innovations and conveniences of internet technologies, along with the evolving expectations of a networked society and workplace since the 1990s, has led to a reliance on information technology in nearly every facet of modern life. These tools and platforms have permeated our society, including how local governments operate internally and provide external services to their communities. Yet hardly a day goes by without news reports about how local governments were victimized, if not crippled, by cyberattacks launched by criminals or international adversaries. Therefore, ensuring the ability of government to function and deliver services to its citizens in an available, secure, and trusted manner is more important than ever. In other words, regardless of whether you’re an elected leader, senior manager, or rank-and-file employee within local government, the importance of implementing and maintaining strong cybersecurity measures and practices within your purview cannot be overstated.

But providing effective cybersecurity isn’t an easy task for any type of organization, and local governments, as political creatures, have unique attributes that can make this process even more challenging. Cybersecurity and Local Government is intended to help these often beleaguered local government officials enhance, or in some cases, establish, the necessary measures to protect their information systems and preserve their ability to continue delivering services to their communities.

To accomplish this, we begin by discussing the need for cybersecurity and why it’s a particularly important concern for local governments. While ongoing news headlines about cities held hostage by ransomware are easy to point at to illustrate the severity of this issue and need for strong local government cybersecurity, as researchers we are required to base analysis upon data and other reputable evidence. Thus, much of Cybersecurity and Local Government centers around the findings of two separate nationwide surveys (conducted in 2016 and 2020) of local government IT and cybersecurity leaders. This deep-dive into America’s grassroots provided a useful and realistic understanding of America’s local government cybersecurity – or lack thereof – upon which we could then base recommendations on. Sadly, in several ways, it’s not a pretty picture.

After confirming the tenuous state of local government cybersecurity in the US, the logical follow-on question is: what can be done to improve things? We answer that by offering multiple recommendations based on current and time-proven industry best practices for local government officials to consider implementing. In doing so, we emphasize that from budgets, staffing, and political considerations to policies, procedures, and training, local government cybersecurity is a complex and nuanced issue and one that technology alone can’t remedy. Indeed, we devote an entire chapter presenting people as the root of most cybersecurity problems.

While much of the book tends to be retrospective and focuses on things from the past, we conclude Cybersecurity and Local Government by looking into the future. What are the trends in technology most likely to present cybersecurity concerns for networked organizations like local governments? How will the threat landscape change? And of course, how can local governments adapt their cybersecurity thinking to reflect shifts in society due to COVID-19, such as remote work and providing expanded online citizen services? While we certainly don’t claim to have all the answers – or indeed know all the questions – we are convinced that Cybersecurity and Local Government provides local government readers a solid resource to consult when they are looking to establish or enhance their respective cybersecurity programs.

Twenty years after the internet revolutionized the world, it’s unfortunate that any modern organization – and especially local governments – still needs to be advised about implementing effective cybersecurity. While cybersecurity professionals may find this a distressing reality, upon closer reflection, this itself may be a useful lesson in cybersecurity for everyone: no matter how fast the world moves, or how complex the issues at hand, the protection of information and information resources is a necessary enabler of modern society. This is especially true for local governments and their ability to provide trusted services to their local communities.

- Don, Laura, and Rick