Expert warns Mid-Size County Caucus of rising cybersecurity risks as AI expands

Key Takeaways

County officials were urged to strengthen cybersecurity defenses and carefully manage the use of artificial intelligence during a presentation by Shannon Smith, director, Public Sector services for CAI, at a meeting Feb. 22 of the Mid-Size County Caucus.

Speaking to members of the caucus, Smith discussed how emerging technologies — including generative AI and large-scale data centers — are reshaping both opportunities and risks for local governments. 

Smith, who previously served as CIO chief of staff for King County, Wash., said counties must prepare for increasingly sophisticated cyber threats. Many local governments still rely on aging technology systems, some decades old, which can make them vulnerable to attacks.

“Threat actors look for weak usernames and passwords, outdated systems and employees who might accidentally click a malicious link,” Smith said. “Ransomware gets the headlines, but it often starts with those basic vulnerabilities.”

Artificial intelligence is accelerating those threats, she said. Tools such as ChatGPT, Claude and Gemini allow attackers to automate phishing messages, refine scams and launch thousands of attempts in a short period of time at minimal cost.

“AI allows threat actors to move faster and learn from failed attempts,” Smith said. “They no longer need large teams to run sophisticated cyber operations.”

At the same time, Smith emphasized that AI can also strengthen government operations when used responsibly. She encouraged counties to focus on stronger password protections, multi-factor authentication and improved employee training about data security and AI tools.

Education about how staff use AI systems is particularly important, she said. Employees may unknowingly upload sensitive information into public AI platforms, creating potential data risks for government agencies.

Smith also encouraged regional collaboration between counties, cities, private companies and universities to share cybersecurity information and best practices.

Beyond security, Smith highlighted the rapid growth of AI infrastructure, particularly large “hyperscale” data centers operated by companies such as Amazon and Microsoft. Demand for computing power is driving a surge in new facilities across the United States.

Data centers currently account for about 4% of electricity use in the country and could reach as much as 9–12% by 2030, she said. A single hyperscale facility can consume as much power as 100,000 homes and use millions of gallons of water daily.

While the expansion creates economic opportunities, Smith said counties must balance those benefits with infrastructure and environmental considerations.

She also urged local leaders to engage residents early when adopting AI technologies in public services.

“People want to know how their data is being used and whether a human is still part of the process,” Smith said. “If you start those conversations early, you build trust and learn how your community actually wants to use these tools.”

Smith concluded that while AI and cybersecurity challenges may seem daunting, thoughtful policies and collaboration can help counties adopt the technology responsibly while protecting public data and services.