Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity

Document

Cited in

Author	Laura Mateczun,Tim Finin,Donald F. Norris,Anupam Joshi
DOI	http://doi.org/10.1111/puar.13028
Date	01 November 2019
Published date	01 November 2019

Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity 895

Abstract: This article examines data from the first-ever nationwide survey of cybersecurity among American local

governments. The data show that these governments are under constant or near-constant cyberattack, yet, on average,

they practice cybersecurity poorly. While nearly half reported experiencing cyberattacks at least daily, one-third said that

they did not know whether they were under attack, and nearly two-thirds said that they did not know whether their

information systems had been breached. Serious barriers to their practice of cybersecurity include a lack of cybersecurity

preparedness within these governments and a lack of adequate funding for it. The authors make recommendations to

local governments to improve their cybersecurity practice and to scholars for additional research into local government

cybersecurity, an area that, to date, has largely been neglected by researchers from the social sciences and computer

science.

Evidence for Practice

• Local governments as a whole do a poor job of managing their cybersecurity.

• Local governments should be aware of and follow the security best practices and recommendations published

by relevant federal government organizations.

• Local governments should conduct regular cybersecurity audits or reviews that include their major

cybersecurity risks as well as their cybersecurity policies and practices.

• Major barriers to improving cybersecurity practices in local governments are low levels of awareness of and

support for cybersecurity and a lack of funding for it; local governments should take action to address these

barriers.

• Cybersecurity threats are constantly evolving, so local governments must track and adapt to the changes.

Donald F. Norris

Laura Mateczun

Anupam Joshi

Tim Finin

University of Maryland, Baltimore County

Cyberattacks at the Grass Roots: American Local

Governments and the Need for High Levels of Cybersecurity

In this article, we examine data from the first-

ever nationwide survey of cybersecurity among

America’s grassroots or local governments.

Cybersecurity among local governments is increasingly

important because, as we show herein, these

governments are under constant or near-constant

attack (see Norris et al. 2018). Among the local

governments that responded to our survey, 28 percent

reported being attacked at least hourly or more

frequently, and 19 percent said they were attacked

at least once a day (for a total of 47 percent of all

respondents). What is troubling, however, is that more

than a quarter (nearly 28 percent) said that they did

not know how frequently they were being attacked.

Local governments “not knowing” this and other basic

cybersecurity information is an issue to which we will

return later in this article.

There are other reasons, as well, to be concerned about

cybersecurity at the grass roots. The first is the sheer

number of American local governments—90,000 units,

of which nearly 39,000 are general purpose

governments, including 3,031 county governments,

19,519 municipal governments, and 16,360 town or

township governments (U.S. Census Bureau 2012).

Except for the smallest of them, these governments

have critical information technology (IT) systems and

cumulatively spend billions of dollars each year to

support those systems. One estimate placed state and

local government spending on IT at more than $60

billion per year (Dixon 2014).

Second, America’s local governments maintain and

store sensitive information, especially personally

identifiable information (PII) such as names, addresses,

driver’s license numbers, credit card numbers, Social

Security numbers, and medical information. Such

information is valuable, and obtaining it is often the

purpose of cyberattacks. In fact, over the past few

years, numerous local governments have reported

that some of the PII they stored was lost through

data breaches or information exfiltration, and, in

some cases, they were threatened with the data being

released or destroyed unless a ransom was paid.

Anupam Joshi is Oros Family Professor

and chair of the Computer Science and

Electrical Engineering Department at the

University of Maryland, Baltimore County

(UMBC). He is also director of UMBC’s

Center for Cybersecurity and a fellow of

the Institute of Electrical and Electronics

Engineers. He earned his undergraduate

degree from IIT Delhi and a PhD from

Purdue University. He has published over

225 technical papers with an h-index of 78

and over 22,750 citations, has been granted

several patents, and has obtained grants

from a variety of federal and industrial

sources.

E-mail: joshi@umbc.edu

Laura Mateczun is a graduate of the

Francis King Carey School of Law, University

of Maryland, and a member of the

Maryland Bar. She is currently a PhD student

in the School of Public Policy, University

of Maryland, Baltimore County, studying

public management. Her research interests

are local government cybersecurity, criminal

justice, and the importance of equity in

policy analysis. She received her bachelor’s

degree in public policy and political science

from St. Mary’s College of Maryland.

E-mail: lam6@umbc.edu

Research Article

Donald F. Norris is Professor Emeritus

in the School of Public Policy, University of

Maryland, Baltimore County. His principal

field of study is public management,

specifically information technology in

governmental organizations, including

electronic government and cybersecurity.

He has published extensively in these

areas, including seven articles in

Public

Administration Review

. He received his

bachelor’s degree in history from the

University of Memphis and master’s and

doctoral degrees in political science from

the University of Virginia.

E-mail: norris@umbc.edu

Public Administration Review,

The American Society for Public Administration.

DOI: 10.1111/puar.13028.

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users