Las Vegas was hit by a cyber attack on 7 January which followed an earlier attack in New Orleans, with the city declaring a state of emergency on 13 December.
The threat of cyber attacks is growing as cities digitalise their services and use datasets to provide more efficient delivery to citizens. According to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac, governments rank among the most vulnerable sectors for the last five years, alongside healthcare, manufacturing, financial services, and transport.
“Over 3,400 computers had to be re-imaged, 130 sites needed to be serviced and over 400 servers examined,” Kim Walker LaGrue, Chief Information Officer for New Orleans city government, told Cities Today. “To build a new and significantly improved infrastructure will cost over US$7 million. Building a better and stronger city IT and security infrastructure was being planned for, but the attack brought that need to the forefront.”
In 2018 and 2019, Baltimore was hit by ransomware attacks that crashed almost all the city’s servers and froze its emergency 911 call centre. Barracuda, an IT security company, reports that more than 70 percent all reported ransomware attacks in the U.S. target state and local governments with smaller communities being particularly vulnerable: 22 towns were attacked in Texas in 2019.
Lloyds estimates that New York city alone could face over US$2.3 billion losses to its GDP from cyber-related attacks in 2020. European cities are no less exposed and stand to lose US$8.67 billion, according to the Lloyd’s City Risk Index. London (US$1.4 billion), Paris (US$1.1 billion) and Madrid (US$358 million) are the cities expected to incur the biggest losses.
While these figures refer to total GDP losses across the cities, municipal governments are particularly vulnerable to attacks because of the outdated, legacy systems on which they depend and because they lack the specialists needed to fill the cyber security workforce gap. To protect themselves, cities must have a digital security mindset, says the World Economic Forum (WEF) because “the world is in the early stages of a techno-war against city governments and urban infrastructure”.
In Las Vegas and New Orleans, early detection and preparedness limited the malicious activity because the government shut down systems as soon as the intrusion was identified.
LaGrue also counsels city governments to put in place cyber security insurance “because threats and attacks to our networks are the new normal for any modern city”.
Approximately US$3 million of the estimated US$7.2 million which the attack cost New Orleans was covered by insurance.
But governments are also being proactive in fighting cyber criminals. In 2018, the opening of the $100 million Hull McKnight Georgia Cyber Center (GCC) for Innovation and Training in Augusta, Georgia, marked the single-largest investment in a cybersecurity facility by a state government.
“Routine maintenance – similar to a building or a car, networks require regular upkeep and attention to build resilience,” says LaGrue. “Technology evolves daily, and with these attacks it’s not a matter of if they will happen again, but when.”