NACo members zero in on cybersecurity, tech safety

Every county needs a plan for cyber threats, no matter the level of risk

Cybersecurity has become a topic of national and international consequence in recent months, but local governments are also affected by online hackers. County leaders recently discussed readiness to respond to such attacks and how to update their systems at the 2017 NACo Legislative Conference.

Ninety percent of all data that exists today has been generated since 2010, and most of that data is not properly secured, said conference speaker Bill Wright, director of government affairs and senior counsel at Symantec. The public sector is especially at risk for cybercrime, as government sites are ranked fourth among reported cyber-attacks in the past year, he said.

“You cannot expect perfection. As a county official, you have to say ‘When we get hit’ not ‘If we get hit,’” said Steve Hurst, director of safety and security strategies at AT&T. “Figure out the steps you will take so you can go immediately into a data-disaster recovery plan the second there is a breach,” he added.

Hurst, along with Rita Reynolds, CIO of the County Commissioners Association of Pennsylvania, helped county leaders create a plan to work through likely cyber threats. Reynolds emphasized that no matter your perceived level of risk, every county should have a plan ready to go. If your local government is unsure how to create a plan, most states have templates for a county to follow.

• Before doing anything else, county leaders should determine which department has the most valuable data and prioritize its protection, the experts advised. While every department will argue its data is most important, determine what is most necessary to protect the safety of your citizens.
• Hiring a third party to perform a risk assessment of your county’s tech systems and data can help you do the difficult work of prioritizing needs, Hurst and Reynolds advised.
• Local officials should also keep an eye on the growing dominance of crypto-ransomware. Symantec’s Thomas MacLellan encouraged counties to pay closer attention to cybersecurity on devices that are a part of the “Internet of Things,” such as high-tech refrigerators, toasters or even self-driving cars.  “I look at cybersecurity as infrastructure at this point,” MacLellan said. “It’s no different than a road, it’s no different than a school, and it’s going to cost money. We’re going to have to get over that.”

“Ransomware has evolved from an annoyance to a serious threat,” Wright added. “If you see something that says ‘Click here to watch Justin Bieber get punched in the face’ you can’t do it. Tempting as it is, even for a guy like me, you just can’t click it.”

While counties can work to shield themselves from hacking, local government can’t completely shield their constituents from attacks. In his speech to NACo members during the opening general session, Virginia Sen. Mark Warner, vice chairman of the Senate Intelligence Committee, warned county officials to be wary of the media influence Russian hackers could have on their districts.

“If you searched for “hacking in the election,” you wouldn’t get Fox News or NBC or CNN; you would literally get — for the first five stories — Russian propaganda...You’d get stories about Hillary Clinton being sick,” Warner said. “If we don’t get our arms around it, it’s only going to get worse.”

The rapid spread of information can be very useful, but disastrous when used incorrectly.

Jake Williams, manager of strategic initiatives at StateScoop, explained that it has become too easy to spread misinformation or “fake news,” on social media, and counties would be wise to monitor information circulating online about their communities.

Many counties don’t focus enough on their social media presence or do not have a large enough budget to monitor all social media channels. Of the 85 percent of local governments that use social media platforms to connect with their constituents, 55 percent do not track or monitor their social media interactions, according to Public Technology Institute. Not only does monitoring social media channels help stop the spread of “fake news,” but it also helps county officials keep a pulse on the needs of their residents.

In the past year, many communities have grappled with the growing shared economy and the technological and regulatory challenges that come with it. Oftentimes, these “shared economy” services, such as Airbnb, Uber and EatWith draw in new users with a simple registration process, which is often far easier than registering a new business with the government, said Tim Woodberry, director of government affairs at Accela.

Woodberry said that “things like EatWith straddle the line between friends getting together and an unlicensed restaurant.” While each county handles the issue differently, he suggested that simplifying the government licensing process would improve local compliance rates.