Cybersecurity and America’s Governments

The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.

By Roger Kemp
August 15, 2017

Cyber security deals with computer security and the protection of both an organization’s computer hardware and software systems. “Cybersecurity” describes a dynamic and evolving effort to protect an organization’s hardware and software from things called viruses, bugs, worms, eavesdropping, spoofing, phishing, clickjacking, social engineering, etc. As this field has evolved, and computer systems and their software have become more sophisticated, these virus vehicles have been combined to create the new common title of cybersecurity. This term also deals with the protection of the information on an organization’s computer system. Computer hackers can steal sensitive and confidential information, such as names and addresses, credit card information and medical information, stored on an organization’s computers.

Computers have evolved in recent years. While every organization has a central mainframe computer, every work station now has a desktop computer, and each employee typically has a laptop computer, as well as a hand-held computer (smart phone or tablet). Computer hardware, over the years, has become smaller, more sophisticated, less expensive and more user-friendly. Software, on the other hand, has become available in more fields, is more sophisticated, more user-friendly and the training of employees to operate computer applications provided by newly acquired software is now a common practice in all government organizations, regardless of their size.

Cyber risk is a major threat to all government organizations, including cities and counties, states, as well as our federal government. There is a high risk in many organizations that do not have the resources to have an information technology department, or the like. The process of recouping losses after a computer hack is burdensome and costly, with a lot of resulting litigation, so cyber risk needs to be property addressed in all public organization, for their employees, as well as the public that they serve, to protect from such expenses.

Increasingly, data breaches and cyber extortion practices are taking place daily, and protecting public computers and their data is of primary importance. Local, state and federal government organizations need to take control and focus on such important matters as:

• Understanding what you have on your computer systems that need protection;
• Encrypting data and devices, which is the first line of defense on any cyber-security plan;
• Establishing and implementing the best cybersecurity practices by putting in place cyber-security protocols and procedures for all employees in the organization to follow; and
• Obtaining and periodically reviewing cyber-insurance policies to be sure your organization is protected by having adequate insurance coverage.

Whatever new hardware and software is acquired by a government organization, its managers need to be sure they are educating all of their employees on the specifics and providing regular scheduled system updates. The majority of data breaches happen by accident or mistake, with the employees being one of the greatest causes of such breaches. Most attacks are phishing attacks and take place when employees click on links or attachments. It is essential to educate everyone in your organization on their computer hardware and software, and to enact appropriate protocols to add an extra layer of protection for the computer hardware and software systems used in your organization.

The constant threat of a cyber attack is the most important problem for our local, state and federal governments, who generally do not know how often they are attacked, or what kinds of attacks are taking place on their organization’s computer hardware and software systems. This data suggests that, on the average, local governments in the United States are not doing the kind of job necessary to achieve high levels of cybersecurity on their organization’s computer hardware and software systems.

Previously, data processing was primarily done in the Finance Department and the Department of Public Works, which usually has an Engineering Division. Over time, more and more departments got computers and programs. Eventually, some larger governments formed computer related management departments. The names of these new departments have evolved, and some government managers called the services they provide to user departments by different names. The title of this department has evolved in recent years, and some of the more common titles of this evolving department are highlighted below for the reader’s information:

• Information and Communications Technology (ICT) Department,
• Information and Telecommunications (IT) Department,
• Information Resources Management (IRS) Department,
• Information Systems (IS) Department,
• Information Technology (IT) Department,
• Management Information Services (MIS) Department, and
• No doubt that other departmental titles will evolve in future years.

The term cybersecurity is dynamic and evolving, and its implementation, or lack thereof, impacts all levels of government organizations. Our nation’s professional membership organizations should be congratulated for their state-of-art efforts to bring forth the latest best practices in the dynamic and evolving field of cybersecurity for government public officials throughout our nation. These best practices will benefit their organizations, its employees, as well as the public they serve.

---

Author: Roger L. Kemp, MPA, MBA, PhD, a career City Manager, has worked in the largest cities with the council-manager form of government in California (Oakland), New Jersey (Clifton), and Connecticut (Meriden). He is presently a Professional in Residence, Department of Public Management, University of New Haven; and a Distinguished Adjunct Professor, Executive MPA Program, Golden Gate University. Roger is also a long-time ASPA member. He can be reached via e-mail ([email protected]).

(No Ratings Yet)
Loading...