Log in Subscribe

Defending the Town Hall - Securing Local Governments Against Cybercrime

Posted

Indiana’s local municipalities provide countless essential services for Hoosier citizens, which could make them an attractive target for cybercriminals looking to steal information and wreak havoc. It’s a vulnerability the state is taking very seriously. Over the last few months, new partnerships have been formed between state technology officials and foremost experts from two major universities that have come together to aid local town hall officials in digital defense.

 

Battle Plans

The effort happening lately is all about finding gaps, being prepared, and educating local officials on cyber self-defense. Indiana’s Office of Technology (IOT) partnered with Purdue University and Indiana University (IU) in a never-before-seen agreement to perform cybersecurity assessments for local governments all across the state.

Staff and students from Purdue’s cyberTAP and IU’s Center for Applied Cybersecurity Research (CACR) are going to be analyzing the cybersecurity situation within local entities. After this review, the experts will be providing a blueprint for how things can further be improved and secured.

Both Purdue and IU are top-tier universities in cybersecurity research – among the nation’s leading institutions. All of the groups involved in this collaboration agree that Hoosier communities need to be protected because a cyberattack can be incredibly disruptive for a town and its residents.

In one real life example from the Town of Salem, NH from 2020, attackers accessed the town’s internal systems and downloaded data from certain servers. For an entire week, computer systems were down. Residents couldn’t pay tax, water, or sewer bills. Police and fire department computers were down, and town employees couldn’t conduct budgeting. It took almost a month before everything was back to normal.

 


A Nightmarish Real-World Example

Salem, New Hampshire – 2020

  • Ransomeware attack took down the town’s entire computer network.
  • Residents couldn’t pay taxes, water, or sewer bills.
  • Police, fire, and EMS computers went offline.
  • Town workers couldn’t plan budgets or process vehicle registrations.
  • Systems were down for a week, disrupted for a month.
  • It only takes one person clicking on a link to shut down the system.

Source: Pew, Jan. 2022

 


Not Just a Local Threat

Cyberattacks that affect local governments can also ascend to higher-level departments throughout the state. Most local municipalities have systems that are intertwined with state systems, which makes the defense of local government all the more necessary.

“Local governments collaborate with the state in various ways, and the computer systems are intertwined. A vulnerability on either side leaves the other at risk. We have invested heavily in protecting state systems, and now this is an opportunity for local government to see definitive steps toward improvement for its systems,” said IOT CIO Tracy Barnes. “This project is a first-of-its-kind partnership and is a tremendous benefit to local government and the state as a whole.”

Leaders from each of the two universities also expressed enthusiasm about the new program and expressed why it’s vitally important to shore up defenses.

“Local governments are an increasingly valuable target for sophisticated adversaries, but they often lack the resources and funding to maintain cyber and information security,” said Mat Trampski, executive director of the Purdue Technical Assistance Program and cyberTAP. “That puts the private data we entrust to them at risk, and this program is designed specifically to help safeguard those data and services.”

“Cybersecurity has implications for all Hoosiers, and it’s about more than technology,” said Craig Jackson, program director for IU’s CACR. “This initiative is about both economic security and physical safety for everyone who relies directly or downstream on local government information and operational technology.”

 

What Happens Next?

The new partnership agreement has provided funding to both universities so they can develop a cybersecurity approach specific to local governments. This strategy is going to incorporate evaluations from several leading national sources, like the National Institute of Standards and Technology, the National Science Foundation’s Center of Excellence, and the Center for Internet Security.

A combined team consisting of roughly 10 professionals with a range of subject matter expertise and skills will lead the effort. Students from the two university programs will also have opportunities to participate.

IOT expects the universities will complete more than 342 assessments over the next four years. That’s a great many municipalities and local departments that will become better protected as the project moves forward. All of which will culminate in a safer, stronger Indiana that remains open and operational for all of its citizens.

 


Local government entities that wish to learn more about the cybersecurity assessments can sign up for details about the program here.