Imagine for a moment that you arrive at your office to find that your email is offline. Your phone isn’t working. Just outside there has been a car accident because the traffic lights are no longer synced correctly, but law enforcement and other emergency services are unable to respond to the scene because their networks are down. And to top it all off, you have angry city workers outside your door ready with complaints and questions as to why they’re unable to access their employee portals or pay stubs online! Oh, and did we mention it’s only Monday?
While you might think that the above scenario is unlikely, the truth is that it’s happening right now in cities and towns all around us. Malware, ransomware, spyware; the reality is that any municipality unless prepared and educated, can be susceptible to an attack. Whether it is a village of a few hundred residents to a metropolis with millions, the fact is with the technology at our disposal today, every municipality is fair game to a hacker.
Why target a municipality?
There are several reasons that hackers have been honing in on municipalities over the past several years. Access to a municipality’s database gives hackers free reign over hundreds, thousands and potentially millions of people’s personal information depending on the size of the city or town they live in. Social security numbers, bank information and other personal contact information (i.e., addresses and phone numbers) can all be accessed by one municipality’s database. Breaches at this magnitude are, of course, nerve-wracking to both citizens and municipality decision-makers alike, but can also be devastating to the town or city’s economy if enough damage is done.
A recent and perfect example of this happening was just after Thanksgiving where cyber-criminals successfully hacked into San Francisco Municipal Transportation Agency (SFMTA). It was discovered that malware, more specifically, ransomware had indeed infected the internal computer systems for the public transit agency. Ticket agent’s computers read, “You Hacked, ALL Data Encrypted”, leaving all agents without the ability to administer tickets. The ransom? Hackers demanded that the city pay 100 Bitcoin ($73,000) to get the system back up and running. Other threats included 30 gigabytes of sensitive information would be released if the ransom went unpaid.
While news and social media might focus on the larger attacks like San Francisco, smaller municipalities are just as likely, if not more so than large ones, to be attacked for the sole reason that they have their guard down. Hackers know that smaller municipalities are less likely to have made an investment in cybersecurity and are, therefore, an easier target.
A perfect example of this occurred in August 2011, when “Anonymous,” the online group, hacked 70 law enforcement computers in small, rural towns. The group exposed sensitive information and evidence critical to investigations, defaced websites, gave out tips, personal information, and more. This was all possible because the local governments didn’t have means of protection and the municipality wasn’t equipped with a Chief Information Officer or the like.
If this damage occurred easily in 2011, imagine what damage could be done in 2017 with much more advanced hacking techniques and technology. With attacks on the rise, it is critical for local decision-makers to address these issues and formulate a defensive strategy for municipal IT security.