https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Smart Cities & Technology


GOVERNMENT TECHNOLOGY/Locking down on computer security

GOVERNMENT TECHNOLOGY/Locking down on computer security

Gaithersburg, Md., learned the importance of managing a comprehensive security program following two significant computer security breaches in June. Those
  • Written by Barry Smith
  • 1st October 2001

Gaithersburg, Md., learned the importance of managing a comprehensive security program following two significant computer security breaches in June. Those incidents made clear what computer security experts have been saying for years: Everyone is a potential target for a security violation. More importantly, the incidents taught the city that security must never be an afterthought.

The security violations began when a hacker guessed an employee’s e-mail password and sent off-color messages to city employees. If the hacker had not sent the e-mails, the city likely would not have known its computer security had been compromised. Unfortunately, an infrequently communicated password policy combined with an inability to automate e-mail password changes made the city susceptible to that type of attack.

Immediately, city technology staff reiterated the e-mail policy at staff meetings and via e-mail. Those measures heightened awareness for all city staff about how each employee plays a role in securing the city’s computer environment. In turn, technology staff received feedback and support for implementing enhanced security measures in other areas of the city.

Soon after the e-mail password problem was solved, a worm used a well-known security hole to hit one of the city’s Internet-connected servers. Fortunately, the worm only defaced an internal Web site before moving on. The IT department used two third-party consultants to help secure the compromised server and other Web servers and to enhance internal procedures regarding patches to servers.

Gaithersburg learned quickly why many experts refer to securing information systems as an exercise in risk management. Because it is impossible (if not impractical) to completely secure information systems, local governments must assess the potential for loss for each of the components of their information systems and develop a plan to minimize the risks for loss.

IT departments can determine each of their systems’ or databases’ risks by predicting the operational effect of unavailable or compromised systems. That inventory is best accomplished through a series of frank, open discussions with city or county management and possibly elected officials. With risk rated for each system, IT staff are equipped to establish appropriate user access and security measures.

Technology staff then must commit to implementing and managing a security program. Commonly recurring tasks in a security program include educating users, monitoring the effectiveness of the security program, identifying and reviewing new security risks, and constantly adapting the security policies and procedures to meet the needs of the city or county infrastructure.

A few good things resulted from Gaithersburg’s computer security violations. First, city management became much more aware of the risks associated with deploying and managing technology projects. That led to more involved discussions about rolling out future online services, such as registration for Parks and Recreation activities. Now, security and risk management is discussed by all of the city’s computer users and not only by technology staff.

Second, city management learned of the growing depth and breadth of security issues facing technology staff. Finally, the IT staff was able to demonstrate its value to the city by responding to security problems quickly and capably.

There are potential online security holes in any organization. Once a local government calculates the risk related to its particular situation, it can assign resources and develop an effective, practical security program.

The author is IT director for Gaithersburg, Md.

Tags: Smart Cities & Technology

Most Recent


  • $52B semiconductor investment intended to rejuvenate American manufacturing
    Three decades ago, American manufacturing dominated the semiconductor industry, producing about 40 percent of the global supply annually. But over time, companies shipped business overseas looking to cut costs, and today, the nation produces only 10 percent of all semiconductors. It’s something the Biden Administration is trying to change through CHIPS and Science Act. “There […]
  • Chattanooga, Tenn.
    Capitalizing on hybrid work, these 10 cities are ready to take advantage
    Hybrid work is an accelerating trend that’s becoming the norm as attitudes rapidly change. And amid this nationwide shift to work-from-home setups, local governments are moving quickly to capitalize on the emerging opportunities that come with a workforce that’s not physically tied to any particular office building. For administrators seeking to entice remote workers to […]
  • Cybercrime is on the rise, and water treatment plants are particularly vulnerable
    With most town water treatment plants serving less than 50,000 people, they’re facing a problem: budgetary constraints preventing administrators from investing in their digital defenses, making them prime targets for cybercriminals. “It’s definitely becoming a trend—possibly because ransomware has become a thing now where people can make money. Water plants do matter to the general […]
  • Traffic signal technology tapped to reduce congestion in Portland's metro area
    A 2020 survey of traffic congestion in cities around the globe ranked Portland, Ore., as the 14th worst metro area in the nation and 115th worst in the world. That year, commuters lost 27 hours stuck in traffic. The latest push to reduce that commute time by TriMet, the region’s mass transit service, will bring […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • What “smart city” means for 2021: How digital twins, AI and other innovations drive smart transformation
  • 10 reasons why local governments should outsource all IT: Post pandemic view
  • MS-ISAC members get free access to Deloitte’s Cyber Detect and Respond Portal to help respond to cyber threats
  • North Texas alliance partners with Marketplace.city on smart government solutions

White papers


Modern American Perspectives on Law Enforcement

14th July 2022

Reimagine the Employee Experience

12th July 2022

How to Assemble a Rockstar Website Redesign Steering Committee

7th June 2022
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

$52B semiconductor investment intended to rejuvenate American manufacturing dlvr.it/SWPqHQ

10th August 2022
AmerCityCounty

How capital improvement project prioritization helps secure infrastructure funding dlvr.it/SWLQB7

9th August 2022
AmerCityCounty

Climate bill lauded; predicted to reduce nation’s carbon foot print by 40% within decade dlvr.it/SWHGQL

8th August 2022
AmerCityCounty

Partnership launches no-cost wastewater monitoring service for local governments dlvr.it/SW7N74

5th August 2022
AmerCityCounty

Investing in America’s onsite wastewater treatment systems for equity and sustainability dlvr.it/SW4Mb9

4th August 2022
AmerCityCounty

With passage of PACT Act, veterans service officers are preparing for an influx in applicants dlvr.it/SW4KTg

4th August 2022
AmerCityCounty

The 5 Procurement Superpowers Shaping the Future of Public Procurement dlvr.it/SW4DqT

4th August 2022
AmerCityCounty

This exclusive whitepaper presents the most recent nationwide data that give an unbiased view of how residents real… twitter.com/i/web/status/1…

3rd August 2022

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X