Modernizing municipal IT infrastructure: A vital defense against cyber threats
This summer, Flint, Mich., became the latest in a growing list of U.S. municipalities to fall victim to a ransomware attack. This incident, which took city services offline for weeks, is a stark reminder of the vulnerabilities many local governments face in an increasingly hostile cyber landscape. The attack on Flint underscores the urgent need for municipalities across the country to modernize their IT infrastructure to defend against sophisticated cyber threats. My last company, Nexient, was based in Ann Arbor, Mich., so when the news broke about this, it really caught my attention.
The Flint ransomware attack
On August 14, 2024, Flint city officials discovered that a ransomware attack had compromised their IT systems. The attackers encrypted critical data, rendering many of the city’s essential services inoperable. This included the city’s online payment systems for water and sewer services, internal communication networks and other administrative functions crucial to day-to-day operations.
The impact on Flint’s residents was immediate. Unable to access online payment portals, many were left in the dark about how to manage their utility bills. City employees struggled to carry out their responsibilities without access to essential data and systems. The attack caused operational chaos and raised concerns about the potential exposure of sensitive personal information.
Challenges in recovery
Flint’s recovery process was slow. City officials, working alongside cybersecurity experts and law enforcement, were able to restore some services by the end of August, but the road to full recovery was long. The city had to rebuild much of its IT infrastructure from the ground up, installing next-generation firewalls and implementing enhanced security protocols to prevent a recurrence of such an attack.
The cost of recovery, both in terms of financial resources and public trust, was substantial. Flint’s experience highlights the significant challenges municipalities face in recovering from a major cyber incident, particularly when their IT infrastructure is outdated and ill-equipped to handle modern cyber threats.
Why do municipalities hesitate?
Despite the clear and present dangers posed by outdated systems, many municipalities resist modernizing their IT infrastructure for several reasons:
Cost concerns
- Initial investment: Upgrading IT infrastructure, especially for municipalities operating under tight budgets, requires a significant upfront investment. Decision-makers might be hesitant to allocate large sums of money toward modernization projects when immediate returns on investment (ROI) are difficult to quantify.
- Ongoing costs: The long-term costs associated with maintenance, updates and training for new systems can be daunting. Municipal leaders may worry about the sustainability of these expenses, particularly if funding is an issue.
Complexity and risk
- System integration: Municipal IT systems are usually a hodgepodge of different technologies and platforms accumulated over many years. Integrating new systems with existing ones is a complex, risky process that might disrupt services if not managed carefully.
- Operational disruption: The fear of disrupting essential services during the transition to new systems is a major concern. Leaders might prefer to stick with “tried and true” legacy systems rather than risk potential outages or issues during the upgrade process.
Cultural and organizational resistance
- Change aversion: Like any large organization, municipalities can be resistant to change. Employees may be comfortable with the existing systems and processes, and the prospect of learning new technologies is unappealing.
- Lack of expertise: The specialized knowledge required to implement and manage modern IT systems is often lacking in municipal governments. This makes the idea of upgrading seem unnerving. Leaders may worry about whether their staff can handle the transition.
Perceived Security in legacy systems
- Familiarity: Decision-makers might believe that the older systems, which have been reliable for years, are more secure simply because they are familiar with them. The “if it isn’t broken, don’t fix it” mentality can be strong, particularly in organizations that have not yet experienced a major cyber incident.
- Misconception of risk: There’s a common misconception that legacy systems, because they are older, might not be as attractive targets for cybercriminals. The opposite is true. Outdated systems usually have well-known vulnerabilities that are easier for attackers to exploit.
The path forward to modernizing IT with Gen AI
While the resistance to upgrading legacy systems is understandable, it’s crucial for municipalities to recognize that the risks of maintaining outdated technology far outweigh the short-term challenges of modernization. The good news is that there are strategies to overcome these barriers, and Gen AI is one of the most powerful tools available to build a resilient, modern IT infrastructure:
Cost-effective solutions
- Gen AI for automation: Gen AI agents (aka digital co-workers) can automate routine maintenance tasks, such as system monitoring, data backups and performance optimizations. This reduces the need for large IT teams while minimizing operational disruptions. Its ability to predict issues before they escalate also helps avoid costly downtimes.
- Intelligent resource allocation: Gen AI agents can analyze data across IT systems to optimize resource usage, allowing municipalities to manage their budgets more efficiently and allocate resources where they are most needed.
Incremental upgrades with AI support
- Instead of overhauling systems all at once, Gen AI can facilitate a phased approach by providing adaptive support during transitions. For instance, AI-driven platforms can identify which components of a legacy system are most critical to upgrade first, reducing risks associated with modernization.
Building internal expertise
- AI-assisted training programs: Gen AI agents can also provide personalized training modules to upskill municipal employees on managing modern IT infrastructure, powered by native natural language processing capabilities. AI-enabled simulations and on-the-job learning tools can accelerate knowledge transfer and support ongoing professional development.
- Collaborative partnerships with AI insights: Partnering with experts while utilizing AI insights into best practices can help municipalities navigate complexities efficiently. These AI-driven collaborations lead to better decision-making and smoother transitions in IT modernization efforts.
Emphasizing security benefits
- Risk mitigation: Emphasizing the security risks associated with legacy systems can help shift the mindset of decision-makers. Understanding that outdated systems are often the weakest link in cybersecurity can motivate leaders to prioritize modernization efforts.
- Success stories: Sharing success stories from other municipalities that have successfully upgraded their systems can serve as powerful examples. Demonstrating the tangible benefits of modernization—such as improved security, efficiency, and service delivery—can help overcome resistance. GenAI is particularly powerful at summarizing large sets of content, making it easier to consume key learnings and best practices.
Conclusion
The recent wave of cyberattacks targeting municipalities should serve as a wake-up call for local governments across the country. The reliance on legacy systems is no longer sustainable in an era where both cyber threats and technological advancements are becoming increasingly sophisticated. Traditional AI and Gen AI provide a transformative opportunity to modernize IT infrastructure and to future-proof it against evolving challenges.
Modernization is not just about adopting new technologies; it’s about building resilient systems that can adapt to changes, reduce costs, and ensure the long-term security and efficiency of public services. With Gen AI agents’ abilities to automate routine tasks, enhance resource management and provide tailored training, municipalities can overcome the barriers to modernization more effectively. By embracing AI and automation, local governments can build IT systems that are secure, scalable and equipped to serve their communities for years to come.
Andy Lin is the CEO of Provoke Solutions, a global leader in IT modernization and cybersecurity services. With nearly 30 years of experience in the technology and consulting sectors, Lin has driven exponential growth at multiple firms, including Nexient and Appirio. His strategic leadership at Provoke Solutions focuses on leveraging cutting-edge technologies like AI and automation to enhance client outcomes.