In 2022, 106 local US governments experienced ransomware attacks, an increase from 77 in 2021. Cities continue to be targets of cyberattacks as they become more digitally connected, and these attacks can have far-reaching, dangerous consequences for the physical aspects of cities and local governments. These are known as hybrid attacks, which start digitally and evolve to attack physical infrastructure, and they are going to be a continuous problem for cities without a plan of preparation and response.
While these attacks cannot be prevented, cities can strategically prepare to ensure communities are resilient and able to recover. In order to do so, it’s necessary for officials to identify points of weakness, recognize potential threats, and develop strategic communication plans both internally and externally.
Finding Points of Weakness
The first step in developing a preparation plan is identifying where a city’s systems are weakest, and most often for governments, their greatest area of weakness comes from communication and human error.
Communication with the public and different departments is the duty of governments, but it’s also a prime opportunity for bad actors to infiltrate their networks. Any message a public affairs office puts out can be targeted, and those offices must also have the ability to receive information back from citizens. In practice, this means that any message sent from the government can be manipulated for potential phishing schemes, and that information that governments receive back from “citizens” can contain malware to infiltrate their systems.
While governments can work to block threats technologically, they cannot plan for the human element that contributes to attacks. Phishing schemes are the No. 1 driver of ransomware attacks, and though government employees may have security training, no one is perfect. These phishing expeditions often are received by the city’s principal authorizing officials (PAOs), like the mayor’s office, public works, or police department. If these employees inadvertently introduce malware into their offices’ systems, bad actors can gain access to a city’s most critical infrastructure.
Threats Cities Face
Once points of entry and areas of weakness are identified, cities can better understand where threat levels are highest. Typically, there are two high-level threats that a city must address and prepare for: attacks on the physical infrastructure and attempts to discredit a city’s reputation or its citizens’ trust.
Cities have a multitude of responsibilities, like keeping the lights on, keeping water flowing, keeping EMS staffed and operating, and these functions rely on technology and digital connection to keep themselves running. In essence, every department is its own tech company that is not only susceptible to cyberattacks but can be crippled if an attack is managed properly. Government officials must always have these threats top of mind when planning for attacks, as one seemingly isolated cyber incident can have the power to physically shut down needed resources.
Once an attack hits a city, it is difficult for officials to regain the trust of the public. This cannot be seen as simply a byproduct of an attack — reputational impact is often a central goal of bad actors. Ransomware attacks can look like targeted campaigns to discredit a city, which in turn impacts the city’s ability to generate revenue with a potential loss in residents and tourists, which are all critical for sustaining a city’s viability.
How to Prepare and Mitigate the Impact of Digital Attacks
There are several strategies cities can (and should) utilize to prepare for and mitigate the impact of a ransomware attack:
Key Takeaways
When evaluating ransomware attacks, cities need to take the approach of “not if, but when.” The idea that officials can protect a city’s infrastructure against all threats is unrealistic. Understanding that a cyberattack will happen at some point helps to set the mental framework of how best to respond.
Cyber threats will only continue to grow in cities as they become more digitally connected, and there are serious physical and reputational consequences at stake if precautions aren’t taken. Knowing how an attack might occur, understanding the potential threats and scenarios of impact, and regularly testing and updating your preparedness and response plans are the best lines of defense in the new world of cyberattacks.