“Partner with your executive leadership group and ­educate them about cyberattack prevention,” says Jim Hominiuk, Sammamish, Wash., IT Director.

Sep 30 2020

States and Cities Benefit from Centralized Security Solutions and Leadership

Filling the gaps between both management and software can have a tremendous impact on cybersecurity posture for governments.

When the small city of Sammamish, Wash., was hit by a ransomware attack in January 2019, Stephen Schommer, a recently retired public utility IT director, volunteered to help.

“I have done dozens of tabletop exercises but never experienced ransomware firsthand, thank God,” Schommer recalls. After a few days of assessing the situation, Schommer was a little stunned by what he found. Every city server was encrypted and held for ransom, although the city of 65,000 had no intention of paying the cybercriminals. But the city’s 120 employees couldn’t do their work, and there was no IT director in place.

Sammamish had purchased an endpoint malware solution but only deployed it to 20 percent of its endpoints and a few of its servers. The city had an 8-year-old firewall with no advanced threat protection. “I realized there wasn’t any organizational structure to this,” Schommer says.

State and local governments that don’t have an organized approach to endpoint security may suffer from such ransomware attacks. Maggie Brunner, the National Governors Association’s program director for homeland security and public safety, says that there are some real haves and have-nots at the local level, depending on size. The combination of a holistic endpoint security solution and knowledgeable IT personnel on the ground can make or break a cybersecurity response. Cities and states discover that hiring critical leadership in-house or centralizing management across the...

Log in or subscribe to keep reading — you'll also gain access to our full premium content library

Photography by Kevin Cruff