https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources
    • Back
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Subscribe to GovPro
    • Manage GovPro Subscription
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
acc.com

Smart Cities & Technology


Commentary

From mobile devices to software: The top threats to local governments’ information security (with related video)

From mobile devices to software: The top threats to local governments’ information security (with related video)

IT security expert Jerry Irvine discusses the biggest computer-based security risks facing U.S. cities and local governments today.
  • Written by mikekeat
  • 18th September 2013

Editors’s note: Here are the views of Jerry Irvine, an expert on IT security in government. GPN posed a variety of questions to Irvine, including the following.

GPN: What is the biggest computer-based security risk facing America’s cities and local governments today?

Jerry Irvine: Mobile Devices are the biggest computer-based information security risk to government agencies today. Being able to remotely access your servers has so many benefits for agencies, but these benefits come with increased risks, like being hacked due to a lost tablet. Also, basic legacy security applications, like antivirus and malware protection, do not even exist for the majority of mobile devices that are currently in use, and common security practices such as acceptable use policies and password protection are ignored by the average users.

GPN: How can a local government respond to the growing demand for bring your own device (BYOD) policies?

JI: To minimize the potential for loss, agencies need to develop BYOD policies defining requirements access to their internal computer systems such as e-mail. The policy should include the ability for the organization to install a Mobile Device Management solution, or MDM, that will allow the city to monitor location and usage of the device, as well as to delete or wipe the device in case of loss, theft or termination of employment. Some MDM solutions also provide malicious application detection and removal, as well as encryption within the device to reduce the potential for data to be stolen. While MDM solutions for the most part are still in their infancy, they can provide a basic level of security and control and should be implemented.

GPN: What are the biggest software risks?

JI: E-mail and text are the biggest software risk. Scammers, spammers, phishers, and smishers are constantly baiting us with realistically designed requests for personally identifiable information in order to steal our identity, intellectual property or assets. Viruses and malicious applications are sent by both e-mail and texts more than any other means of transmission, infecting our systems and compromising our data.

Protection from e-mail and text-based threats, as with all security risks, begins with end-user training. Users must learn not to click on, open or allow unprotected preview pane access to e-mails and texts.  Simply viewing an e-mail can infect a device, capture data, and or transmit information to unauthorized users. Additionally, organizations need to implement network-based antivirus, anti-spam and antimalware devices.

These devices can be configured to scan 100 percent of all email going in and out of the network. Some solutions today can also be configured to scan organization-based texts. Finally, enterprise-level antivirus (also known as end point security) solutions need to be implemented, maintained and monitored. Only through a layered approach can these risks be minimized at all.     

GPN: What are some other risks that may not be considered?

JI: Legacy management control devices — Many cities and local government facilities maintain their own water and power plants. These facilities, just like manufacturing companies, require programmable logic controllers and Supervisor Control and Data Acquisition Devices to manage, support and control the workings of the utility facilities. These low-end computer devices were designed to enable internal access and control to allow for ease of management as well as reporting on the machinery within the facilities.

Over the years, the devices have remained extremely low tech, due in some part to keeping costs down, but also to keep system overhead and requirements to a minimal. As a result, these devices have little malware protection and few security features that might protect them from malicious use. In the past, this lack of protection was not a real issue because the devices were segmented from external network or public access.

That is not always the case today. Many cities and local government organizations have connected these devices to internal networks that have Internet access as well as access to other critical internal systems and applications. This connectivity provides malicious users with access directly to these unsecured devices, increasing the risk of denial of service, damage to equipment, power and water outages, etc.  Additionally, because these devices have minimal security features, they may be compromised to gain access to other internal mission critical solutions.

To mitigate the risk, networks containing these devices should be segmented and secured from access from other internal networks and systems as well as from the Internet. If remote access is required, secure Virtual Private Network (VPN) access should be configured and limited only to authorized personnel.

GPN: Thank you, Jerry Irvine.

Jerry Irvine is CIO of Prescient Solutions. The company is a Chicago-based IT outsourcer that provides CIO-level advisory support and on-site IT services to small, mid-sized and global organizations and government entities. The company has been in business for more than 15 years. Jerry Irvine is also a member of the National Cyber Security Task Partnership. The Washington-based organization is a public-private partnership that was established to develop shared strategies and programs to secure and enhance America’s information infrastructure.

In the video, CIO Jerry Irvine talks about Prescient Shared Services, a cloud-based IT services model. Irvine also talks about Prescient being selected as a finalist in the 2013 American Technology Awards competition.

Tags: Smart Cities & Technology Commentary

Related


  • Person working on laptop computer
    Embracing digital within local government in 2021
    While COVID-19 has brought on a litany of challenges, it has also shown government leaders the need to employ the right digital solutions for their constituents
  • Biden Administration – Projected 25x greater Investment in smart cities
    This is one in a series of primers from the Smart Cities Council about how your community can ‘bounce back’ from your current situation during the Biden Administration. In this article we recommend that – It is ‘smart,’ to read what happened with the Obama Administration to understand the Biden Administration. It is ‘smart,’ to […]
  • Breaking barriers in local government tech innovation
    Work from home. Digital services. Remote access. Until recently, these weren’t terms commonly associated with local government. But then everything changed, and quickly. The coronavirus pandemic shut down public buildings and offices, and everyone, including government workers and citizens, were forced to adapt and embrace new ways of working. The shift wasn’t always easy. But it […]
  • Despite budget squeeze, state and local governments must shore up cyber posture
    State and local agencies will have to be creative if they are to rise to the challenge of providing the level of digital service citizens deserve while staying within available budgets

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Public safety transitioning to LTE-based solutions, but PTT timetable still unclear, speakers say
  • How virtual reality simulators are changing law enforcement training
  • How 2020 accelerated government reliance on new sources of economic data analytics
  • In challenging year, working with public safety to move FirstNet forward

White papers


How a unified HR system helps one public safety organization manage crews, payroll, and more in a single platform

7th January 2021

Your Roadmap to COVID-19 Funding

18th December 2020

The One Where Everyone Wins: A Mutually Beneficial Contracting Method

10th December 2020
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

The latest episode The Young Leaders Podcast focuses on Cyril Jefferson. Cyril is the youngest African American to… twitter.com/i/web/status/1…

27th October 2020
AmerCityCounty

Hillsboro, Oregon is pioneering a new #renewableenergy generation technology through a partnership with… twitter.com/i/web/status/1…

27th October 2020
AmerCityCounty

The impact of the #COVID19 pandemic on #telework was swift and profound. Now, the big question is whether – and to… twitter.com/i/web/status/1…

26th October 2020
AmerCityCounty

Get ready for the can't-miss webinar on how to kickstart your efficiency improvement plan with Luke Anderson of… twitter.com/i/web/status/1…

26th October 2020
AmerCityCounty

Among all states headed into the 2020 general election, which ones have voting populations that are the most demogr… twitter.com/i/web/status/1…

26th October 2020
AmerCityCounty

We want to hear from you! Share your thoughts in our readership survey to help us shape future content so that we c… twitter.com/i/web/status/1…

23rd October 2020
AmerCityCounty

See how cities different approaches to distribute masks in their communities >> spr.ly/6010GAPLa

23rd October 2020
AmerCityCounty

While #facialrecognition is a powerful tool that can improve law enforcement efficiency, that doesn’t necessarily t… twitter.com/i/web/status/1…

23rd October 2020

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X