A quick scan of the significant cyber incidents of 2021 could give the impression that cyber security in the government sector is only a concern for the federal government, due to references to federal agencies or because cyber attacks seemingly only originate overseas. Yet this would be misleading—Barracuda Networks research indicates that 44% of global ransomware attacks in 2020 targeted municipalities. Public sector cyber security is very much a concern for state and local governments, with experts describing them as "under siege."
Why state and local governments are targeted
A 2020 International City/County Management Association (ICMA) report on local government cyber security identified five key reasons these governments are targeted:
- Number of local governments: There are 90,075 different local governments in the US, making it harder to produce and implement a unified public sector cyber security strategy.
- Holders of sensitive information: Local and state governments store considerable amounts of sensitive personal information, such as names, addresses, driver's license numbers, credit card numbers, Social Security numbers and medical information. In addition, they store contractual, billing and financial information of the governments themselves. Obtaining personal information is a particular priority for cyber criminals using ransomware.
- Inadequate cyber security: The ICMA report found that local government systems usually aren't well defended, particularly in relation to federal government systems. The Institute for Security and Technology's report on combating ransomware recommends addressing this imbalance in cyber security in the government sector.
- Financial constraints: According to the global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), which surveyed over 500 cybersecurity professionals, it was reported by organizations that, “More than three-quarters said it was extremely or somewhat difficult to recruit and hire security professionals, but 38% said their organisation doesn't offer competitive compensation, while 29% said their HR department doesn't understand the skills needed for cybersecurity and 25% said that job postings at their organisation tended to be unrealistic.”
- Use of Internet of Things (IoT) technology: Local governments have adopted many of the benefits of IoT and smart cities technology by deploying internet-connected devices to provide, monitor or manage services such as traffic lights, water meter reading, security cameras and solid waste collection. While these services benefit citizens, they also introduce new vulnerabilities and risks for local governments.
Examples of cyber security attacks in the government sector
According to the Verizon 2021 Data Breach Investigations Report (DBIR), the public sector had the second most attacks after the entertainment industry. The 15th anniversary edition of the DBIR is available May 24th, 2022, sign up here.
Notably, the report treats education and healthcare as different sectors, some of which are also government operated. Examples of recent state and local public sector cyber security attacks include:
- Some state and local government networks were compromised prior to U.S. Election Day in 2020.
- At least 2,323 local governments, schools and healthcare providers were affected by ransomware in 2021.
- The Baltimore County Public Schools system was shut down by a ransomware attack that hit all its network systems, prompting two days of class cancellations for 115,000 students.
- Police and fire department systems were offline following cyber attacks across the country, including in Massachusetts, California and Washington, D.C.
- In Virginia, a ransomware attack shut down some of the Hampton Roads Sanitation District's business information systems.
Common public sector cyber security attack methods
According to the 2021 DBIR, social engineering is the most common attack method in relation to cyber security in the government sector. In the 2021 DBIR, over 69% of breaches were due to social engineering, with phishing emails the most prominent vector. The report found that the public sector is particularly vulnerable to attackers who can craft a credible phishing email. Public sector attackers were overwhelmingly interested in obtaining credentials, with 80% of incidents attempting to steal logins and passwords that would further the attacker's presence in the intended victim's network and systems.
After phishing, miscellaneous errors placed a distant second as a cause of public sector cyber security incidents. Those errors consisted of misconfiguration and misdelivered emails and paper documents. Other critical threats to cyber security in the government sector include state-sponsored cyber attacks and improper internal usage of systems.
For the latest statistics and findings, download the 2022 DBIR here.
The challenge of false positives
According to a 2021 Fastly report, about 45% of cyber security alerts are false positives. This can create an issue for public safety, as it's difficult to determine the difference between malicious and benign behavior. These alerts could also prompt false alarms, such as the cyber equivalent of the Hawaii missile alert, when in reality they may simply be a system or human failure.
Here are some tips on how to mitigate the number of false positives when it comes to cyber security in the government sector:
- Review each alert rule with as many eyes as possible, preferably security experts.
- Silently test rules whenever possible.
- Adapt alerts to handle special situations where abnormal traffic is expected.
- Modify alerts when false positives arise.
- Be as specific as possible with alerts, minimizing "any/any" type rules.
- Automate incident detection and response with artificial intelligence (AI).
- Be proactive with threat hunting as opposed to relying on known signatures.
How automated solutions can help public sector cyber security
Systems that automatically determine baseline network activity and detect anomalous behavior in a public sector agency may be able to identify a leak in the system before it becomes a crisis. Hackers can exploit weak points in a network to steal valuable information, even if the attacker isn't located on the same physical network.
Learn more about Verizon's comprehensive approach to cyber security in the government sector.
The author of this content is a paid contributor for Verizon.