Oct 03 2022

Cybersecurity Tops Local IT Priorities in a Shifting Landscape

Recent ransomware attacks create concern for city and county officials.

Cybersecurity has always been a top concern for local IT officials, but recent events have made it an even greater priority for city and county governments.

Respondents to the 2022 State of City and County IT National Survey by CompTIA’s Public Technology Institute earlier this year said that cybersecurity was a top priority, much as they did the year before. This year is the ninth consecutive year that cybersecurity has held the No. 1 spot on the list. In 2022, 97 percent of officials identified cybersecurity as a top priority, up from an already high 88 percent in 2021.

In its survey, PTI cited prominent cyberattacks, particularly ransomware attacks, and global political turmoil as underlying reasons driving increased cybersecurity concerns among local IT officials. PTI also pointed to heightened cybersecurity awareness in a year of several fresh federal grant programs dedicated to state and local cybersecurity funding.

Click the banner below to receive customized content by becoming an Insider.

Ransomware Threatens Local Government Operations

PTI highlighted highly publicized ransomware attacks against energy infrastructure in its survey, but local governments remain very popular ransomware targets. The most common vector for a ransomware attack is email. An unsuspecting employee or contractor clicks on a malicious link and activates malware that seizes the systems to which it gains access.

“While it is relatively unsophisticated as cybercrimes go, these can shut down servers, expose data, paralyze 911 centers and interfere with traffic management systems,” reports Governing. Many cities operate with aging infrastructure, making them even more appealing targets.

EXPLORE: How mission-critical operations centers improve public safety.

The concern this year was so great that the FBI issued a private industry notification to the government facilities sector, warning local governments that ransomware could paralyze their operations.

“Ransomware attacks against local government entities and the subsequent impacts are especially significant due to the public’s dependency on critical utilities, emergency services, educational facilities, and other services overseen by local governments, making them attractive targets for cybercriminals,” notes the FBI notification.

The FBI strongly advises local governments to establish contingency strategies and continuity of operations plans for activation in the face of a ransomware attack.

Federal Grants Offer Some Relief for Local Governments

The federal government soon will publish grant guidance for fresh cybersecurity funding under the Infrastructure Investment and Jobs Act (IIJA). Local governments will receive 80 percent of those funds.

The FBI’s guidance serves as a handy checklist of references for local governments to begin determining where to spend this money. The FBI recommendations include:

  • Update software and operating systems.
  • Establish user training programs, particularly to counter phishing.
  • Set strong password protection on accounts.
  • Require multifactor authentication for services.
  • Back up data to offline storage.
  • Encrypt all backed-up data.

Officials responding to the PTI survey said “data backup, integrity and restoration” was their top specific cybersecurity priority. In 2022, 86 percent of them identified backups as their No. 1 cybersecurity concern, up from 54 percent in 2021. IT modernization and training also made the list of top five cybersecurity-specific priorities.

Government Cybersecurity Faces Procurement Hurdles

Most local government CIOs anticipate increased IT budgets in 2023, thanks in part to those federal grants, StateScoop reports. State and local governments continue to make technology expenditures with funding provided by the 2021 American Rescue Plan. The IIJA is set to provide another $1 billion in cybersecurity funding.

In the PTI survey, 51 percent of respondents shared their expectation that their IT budgets would increase between 1 percent and 4 percent, and another 33 percent said they expect increases of at least 5 percent.

The survey also found that “streamlining procurement processes” was a priority for local IT officials, but they felt they could do little to expedite expenditures with the high degree of routines and compliance requirements occurring in government culture.

DISCOVER: How local governments can elevate DEI principles in procurement.

Some localities enjoyed more rapid IT procurement during the heightened emergency period of the COVID-19 pandemic, and they have continued to explore means to acquire technology faster.

“While the response to COVID allowed for emergency orders to circumvent the usual processes, it remains to be seen if any lessons learned from these emergency periods will point toward permanent efficiencies that could be captured for regular procurement processes,” the PTI survey notes.

Meanwhile, more cities and counties are exploring automated administration processes and cooperative purchasing agreements to speed procurement.

This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.


Rowan Jordan/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.