Proceedings of the Annual Conference of the Urban Affairs Association
Cyber-Security at the Grassroots: American State and Local Governments and the Management of Website Security
April 8, 2015
In December 2013, the authors of this paper conducted a focus group of chief information officers or chief security officers (or their equivalents) from five of the largest county governments in Maryland, the City of Baltimore, and the Maryland state government. Our purpose was to learn the cyber-security challenges facing these governments, the measures these governments take to address the challenges, the gaps between the challenges and measures taken by these governments to address them and the barriers they face in addressing the challenges. A principal finding of the focus group was that it is the “soft” side of cyber-security presents the greatest challenges to these governments. That is, these officials argued that the issues of governance, policy, training, and end-user behavior were far more likely to be problematic than the technology itself. They also indicated that one of the most important barriers that they face in addressing cyber-security is money – that is, the lack of cyber-security funding by local governments. In this paper, we will report findings from this focus group session. In particular, we will discuss what these expert practitioners said about the main challenges that they face in keeping their websites safe and preventing the thousands of attacks that they experience each day from penetrating the sites as well as what they do in the event that attacks are successful. We pay special attention to the issues of governance, policy, training, funding, and end-user behavior in terms of how each of these poses considerable challenges to keeping local government websites safe.
InProceedings
Urban Affairs Association