106 local US governments experienced ransomware attacks in 2022, marking an increase from the 77 attacks recorded in the previous year. As cities become more digitally connected, they also become more vulnerable to cyberattacks, which can have significant and dangerous consequences for the physical aspects of cities and local governments. These attacks, known as hybrid attacks, typically start in the digital realm but can evolve to target physical infrastructure. Without a proper plan of preparation and response, cities will continue to face these continuous and evolving cyber threats.
While it may be impossible to prevent these types of attacks entirely, cities can take strategic measures to ensure they are resilient and able to recover from such incidents. It is crucial for officials to identify points of weakness within their systems, recognize potential threats, and develop comprehensive communication plans both internally and externally.
Identifying points of weakness is the first step in developing a preparation plan. For many governments, their greatest vulnerability lies in communication and human error. Governments have the responsibility of communicating with the public and various departments, but this also becomes an opportunity for bad actors to infiltrate networks. Any message sent by a government can be targeted for potential phishing schemes, and information received from citizens can contain malware aimed at infiltrating government systems. While technological measures can be taken to block threats, the human element cannot be entirely accounted for. Phishing schemes, in particular, are a significant driver of ransomware attacks, and even employees who have received security training are not immune to falling victim to them. If city officials inadvertently introduce malware into their systems, bad actors can gain access to critical infrastructure.
Once points of entry and weakness have been identified, cities can gain a better understanding of where threat levels are highest. There are typically two high-level threats that cities must be prepared for: attacks on physical infrastructure and attempts to discredit a city’s reputation or erode the trust of its citizens. Cities have numerous responsibilities that rely on technology and digital connectivity, such as maintaining essential services like water supply and emergency services. These functions are susceptible to cyberattacks and can be severely impacted if an attack is successfully executed. Alongside these physical threats, attacks can also be targeted towards damaging a city’s reputation. Ransomware attacks can appear to be targeted campaigns aimed at discrediting a city, which can ultimately affect its ability to generate revenue and sustain its vitality.
To prepare and mitigate the impact of ransomware attacks, there are several strategies that cities should employ. Educating citizens and employees on recognizing legitimate messages and phishing attempts is crucial, as not everyone is digitally proficient. Additionally, cities should have public-facing communication strategies in place to promptly address an attack and assure the public of their response. Having a Chief Information Officer (CIO) as a critical point person is also essential. The CIO is responsible for leading the digital response and containing the cyber threat, ensuring that response protocols are established and that departments work together effectively. Finally, conducting digital tabletop exercises can help officials simulate and prepare for different attack scenarios and identify potential paths that a cyberattack might take, which could impact critical services.
It’s important for cities to understand that it’s not a matter of “if” but “when” a ransomware attack will occur. The belief that all threats can be completely prevented is unrealistic. Instead, cities should focus on how to respond effectively to such attacks. As cities become more digitally connected, cyber threats will continue to grow, and the stakes will become higher in terms of physical and reputational consequences. By understanding how attacks may occur, recognizing potential threats, and regularly testing and updating preparedness and response plans, cities can enhance their defense against cyberattacks in this new world.