Only about half of state and local government CIOs polled in a recent survey said they’re prepared for a cyber-attack — even as 28 percent of them reported experiencing a system hacking or attack attempt in the previous year.
While a majority of the 36 state and local government CIOs told the Consero Group’s Government IT survey that they had necessary infrastructure in place, about 42 percent said they found the systems vulnerable to security breaches and cyber threats, and 44 percent said they don’t feel prepared for such attack.
“Insufficiently secure information networks of state and local governments create the potential for major crises ranging from identity theft to inaccessibility of the public to government services,” Consero CEO Paul Mandell said in a media release. “Governments must defend themselves and their constituents against any forms of data-security beaches.”
At the same time that some local and state government CIOs feel overwhelmed by security risks, they are also facing funding constraints, because even as data storage and analysis costs fall every year, the amount of data being captured digitally is increasing, and public finances are still recovering from the Great Recession.
[From Healthcare IT News: The increasingly stark link between data breaches and fraud.]
About 40 percent of those surveyed by Consero said their primary strategic goal was working within annual budget limitations.
The popular image of hackers may be of cyber-criminals breaking into retail or financial companies’ databases to pull credit card and personal identity information for shopping sprees or spite, but there are also concerns about the potential risks from would-be terrorists to disrupting energy systems, for instance, which in many parts of the U.S. are managed locally or at the state level by public utilities.
“Vulnerabilities are present in nearly every aspect of the networks used in modern community energy infrastructure,” according to the Public Technology Institute’s Local Government Energy Assurance Guidelines.
Local and state government agencies working in health and human services may also also find themselves at risk for cyber-attacks, especially as identifying information such as Social Security numbers used in public assistance programs are digitized and increasingly processed online between residents and public agencies.
As Pennsylvania's information security office tells local government CIOs: “The risks associated with exposure to cyber dangers know no geographic or governmental boundaries.”