March 28, 2018
After the City of Atlanta’s computers were held for ransom in a cyberattack last month, many city governments are wondering if they face a similar risk of essentially being held hostage by profit-seeking hackers.
Sensitive law enforcement files and important financial records on Atlanta’s city computers were encrypted by hackers who demanded a payment of $51,000 worth of Bitcoin in exchange for a digital key that would unlock the files and allow the city to return to normal operations.
In an interesting Citylab interview, Cesar Cerrudo, the founder of a cybersecurity initiative called Securing Smart Cities, makes a great point about why cities are so unprepared for cyberattacks:
When a city plans to acquire new technology, they do a lot of functionality testing. They will test if the technology is strong, if it can scale, but they do almost no security testing. So they acquire one technology and deploy without making sure that it’s secure enough so that it won’t be hacked. And that’s a big problem, because that means that every day you do that with different technologies you are creating more possibilities for an attack.
Cerrudo also talks about how easy it is to be hacked when your devices are not kept up to date, which may have been the case in Atlanta.
If accurate, what this information says is that Atlanta’s systems are not up to date on security fixes. This is not uncommon, because sometimes it’s very difficult for large organizations to keep all the systems up to date. Yet it’s a common practice. Cities in general approach cybersecurity like private companies do. But at the government level, you have fewer resources and also fewer skilled people, which makes things more difficult.
These two steps alone — applying software security updates as soon as possible and testing new technologies for security vulnerabilities — could make an enormous difference in protecting cities against malicious cyberattacks. But many city managers and department heads are only vaguely aware of their security vulnerabilities, and thus do not have any clear strategy to ensure that important precautions are not forgotten.
As cities begin to implement more and more smart technologies, they need to also develop and formalize a comprehensive strategy that addresses everything from security to interoperability to equity to privacy to public engagement. Creating a smart city strategic plan is an excellent way to ensure that these issues have been considered, that responsibility for critical tasks is clearly assigned, and that performance is regularly measured and evaluated.
Learn more about the work Madaffer Enterprises does to help cities develop comprehensive smart city strategic plans.