Widgetized Section

Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone

Digital Governance, Pt. I: Cybersecurity

The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.

By Troy Chavez
September 29, 2025

The world is going nuclear with artificial intelligence (AI) and chip manufacturing. A digital world isn’t just on the cusp, it’s here.

Exciting or frightening depending on the headlines or sci-fi movies one grew up watching.

Digital governance wears the same mystique yet without the fanfare. Government efficiency — shorter wait lines at the DMV because of AI customer tracking or auto renewals based on existing records — is boring without Tom Cruise from Minority Report. However, who’s to say crime fighting won’t have an element of prediction and future telling?

Technology, AI, chips and computers have launched us to the moon, connected us to people around the world and help students “write” brilliant essays. Maybe that last one isn’t necessarily a plus, but imagine telling someone in the 90s you typed into a computer your essay prompt and it spit out a perfectly worded version.

Sadly, we will have to prepare for the downsides more than the upsides: security threats, cyber attacks and town budgets held at ransom in exchange for Bitcoin.

And governments are generally slow to adopt or adapt to new technologies.

Case Study: Baltimore v. Iranian Hackers

In Baltimore, May 7, 2019, a suspicious encryption crippling systems all over city hall was detected by the city’s IT team.

The next day, public services came to a halt. The city could not send emails, process utility payments and their ability to sort out tax filings was compromised.

The department of public works tried to calm nerves. Via Twitter, they said, “We’re not ignoring you. Email service is down. Techs are working on the problem now.”

Although Lester Davis, a spokesman for the mayor, said, “Critical city services remain operational,” the Baltimore Brew reported that “By early afternoon, the majority of Internet servers were shut down as thousands of city employees were told to unplug their computers – and some departments dismissed their employees early.”

Attackers demanded $76,000 in Bitcoin, drawing in the FBI and federal investigators. A criminal fiasco bringing city hall to a standstill.

This methodical approach left services crippled but kept the ransoms out of the hackers’ hands. They stood on principle and refused to pay. That defiance would cost the city $18 million in recovery efforts.

By September, the city got control of their services and righted the ship.

The perpetrator, later discovered May 2025, was found to be an Iranian national. The AP News reported:

Sina Gholinejad, 37, pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud, according to a U.S. Department of Justice news release.

Alongside unidentified coconspirators, the same report wrote, “Attack recipients included city governments of Greenville, North Carolina in April 2019 and of Baltimore a month later.” Further, “Corporations and other entities were targeted.”

Digital threats are ramping up — ransomware victim counts more than doubled year on year in early 2025, reflecting a 213% surge compared to Q1 2024, according to Optiv’s Global Threat Intelligence Center.

What can we do as public administrators?

Truthfully, public administrators can only tackle so much pertaining to national security and cyber threats. But they don’t have to sit around for threats to permeate like a tower burning from its base.

Without policy sway, it’s incredibly difficult to enforce installations of new and effective software, artificial intelligence systems to monitor threats or any grand scale initiative aimed at thwarting cyber espionage and attacks.

Lipsky (1980) called them “street-level bureaucrats” — implementers, not policymakers.

Even in IT departments, they are mitigators, not shapers of the organization despite experiencing and managing threats firsthand.

Tuya et al. (2020) wrote on local government IT departments and their struggle to strategically adapt in their article, The leading role of the government CIO at the local level: Strategic opportunities and challenges. “IT departments at the local level have very limited influence in their jurisdictional governmental strategies and they often do not have the appropriate organizational structure, trained staff or budget.”

While published in 2020, this sentiment hasn’t really changed, although it is being addressed via funded task forces and formed committees in varying government entities across the U.S.

State Appointees v. Street Bureaucrats

In an interview I conducted December 7, 2023, the former Secretary and State CIO for the NC Department of Information of Technology stated many threats headed their way and how closely they worked alongside the governor. Former Governor Roy Cooper signed an executive order establishing a cybersecurity task force that Weaver led.

“It was the first time we ever received recurring funding for our state cybersecurity mission,” Weaver said. “That made for a comprehensive approach to how we responded to cyber incidents that were occurring at all levels of government here in the state of North Carolina. Extremely successful program.”

Now, Weaver was a secretary appointed by the governor and had authority most administrators lack.

On the lower levels, administrators must focus on the job at hand. They are operational managers. They can create “work arounds,” enforce current laws pertaining to the issue and make crisis level decisions.

An example of this derives from our case study above. To keep services moving, Baltimore pivoted to paper-based transactions while digital security was being resolved.

Street Bureaucratic Strategies for Self-Cybersecurity Defense

  • Monitor phishing attempts

  • Question suspicious emails, phone calls and text messages

  • Avoid clicking unknown links or attachments

  • Create strong, unique passwords

  • Encrypt sensitive emails and files

  • Back up files regularly

  • Lock screens and secure devices

  • Report incidents quickly

And keep abreast of global, national and local developments. Information is everything. An administrator must handle anything within their expertise swiftly, lawfully and precisely.

AuthorTroy Chavez, M.P.A. is a PhD candidate at Liberty University with a masters in public administration and works in government doing community relations. He can be reached at [email protected].

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

Your email address will not be published. Required fields are marked *