47th Annual Conference of the Urban Affairs Association
Cyber-Security at the Grassroots: Findings from a Nationwide Survey of Local Government CyberSecurity
April 19, 2017
During 2016, we conducted the first-ever nationwide survey of chief information officers (CIOs) or chief security officers (CISOs) or their equivalents in all US cities and counties with populations of 250,000 and greater on the subject of local government cybersecurity in order to learn the cybersecurity challenges facing these governments, the measures these governments take to address the challenges, the gaps between the challenges and measures taken by these governments to address them and the barriers they face in addressing the challenges. This is an extension of research that we presented at the 2015 UAA conference (Norris, Joshi, and Finin, 2015), a principal finding of which was that it is the “soft” side of local government cyber-security presents the greatest challenges to these governments. That is, end-user behavior (e.g., clicking on attachments or opening URLs that contain malware) was more problematic than the technology itself to the maintenance of high levels of local government cybersecurity. That research also found that one of the most important barriers that local governments face in addressing cyber-security is the lack of adequate cybersecurity funding. In this paper, we will report findings from our nationwide survey of CIOs and CISOs. In particular, we will discuss these practitioner experts' responses about the principal challenges that they face in keeping their websites safe and preventing the thousands of attacks that they experience each day from penetrating the sites, as well as what they do in the event that attacks are successful. We pay special attention to the issues of governance, policy, training, funding, and end-user behavior in terms of how each of these poses considerable challenges to keeping local government websites safe. Our findings should be valuable to both local governments themselves and to scholars who study cybersecurity in complex organizations, public and private.
InProceedings
Urban Affairs Association