As city governments continue to grow more technology-centric, they need to embrace universal cybersecurity education to reduce the risk of breaches and attacks, a group of technology leaders said during an online event Tuesday.
“If anyone breaks on the security chain, you’re vulnerable,” Jeanne Holm, Los Angeles’ deputy mayor for budget and innovation, said during an online conference hosted by Bloomberg CityLab.
Holm said that within Los Angeles City Hall, staff are subjected to “a lot” of internal phishing, to test city employees’ ability to detect and avoid malicious links. Those who click through, she said, are whisked to a security refresher.
“We should have computer science for all,” she said. “We should have cybersecurity education for everyone.”
Cities, like all other organizations, face an array of cyberthreats, said Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency. Krebs, who is now advising the software firm SolarWinds on its recovery from a breach allegedly carried out by Russian agents, said cities face three major online threats: criminal activity, largely in the form of ransomware; an increasing digital divide, which he said creates a “gap between the haves and have-nots to facilitate the digital transformation at the local level”; and the rise of disinformation, which he attributed to a breakdown in trust in government and media, especially local sources that’ve shrunken due to economic conditions.
“We are seeing an erosion of confidence at the national and local level frankly because local news reporting is evaporating,” said Krebs, who was fired from CISA last November for refuting former President Donald Trump’s false claims about the 2020 election.
But some cities, Krebs said, have made strides by being creative with their resources, especially those offered by the federal government. He singled out Los Angeles Mayor Eric Garcetti for using part of the grant money the city received from the Federal Emergency Management Agency to set up the LA CyberLab, a nonprofit organization that provides cybersecurity assistance to local businesses.
Krebs praised newer federal programs aimed at helping state and local cyber efforts, including a state cybersecurity coordinator program included in the recent defense authorization plan, and the DOTGOV Act included in last December’s government spending and pandemic relief package. He also credited the Department of Homeland Security’s decision last week to increase the percentage of FEMA grants required to be spent on cybersecurity.
But the smart-city trend poses other challenges to local governments, especially when it comes to all the data collection that undergirds those programs.
“One of biggest challenges is we’re going to be taking in tremendous amounts of data,” said Greg Morrisett, the dean of Cornell University’s Cornell Tech campus in New York City. “All the buildings and bridges are going to be wired. Doing something intelligent with that data that cities need to get in front of is a big opportunity but big challenge. That data is a big target.”
Holm said that within the Los Angeles city government, officials are developing a code of ethics to show Angelenos how smart-city technologies collect and use their data, including privacy considerations.
“I have a dog, and the city of Los Angeles knows that because I have a license,” Holm said. “But I don’t necessarily need the LAPD to know that.”
Krebs concurred.
“Cyber and privacy protections are a team sport,” he said. “The leaders that embrace that mentality are the ones that ultimately run successful organizations that can survive and thrive when you have a bad day.”