Once again, a major US city has been hit with a ransomware attack that has affected critical city services. On May 7th, the City of Baltimore fell victim to the same affliction as twenty other municipalities this year. A recent article in Vox details the events, however nothing in the scheme is very surprising.
Municipal governments face a daunting task: provide quality services to citizens and, at the same time, be stewards of the revenue they receive. Oftentimes glaring issues, such as lack of cybersecurity controls and risk management, are missed because there are other critical matters that must be attended to or the leadership in municipalities have not been aware of the severe implications that result when these key areas are overlooked.
The federal government has many focused programs on cybersecurity, however this focus can be attributed to their role in protecting our national assets, interests, and borders. As the problems get more local, physical infrastructure and service quality matters more to local leaders as citizens, rightfully so, expect them to. To that end, there are no sweeping federal regulations requiring all the various political subdivisions to comply with standard cybersecurity controls, business continuity plans, disaster recovery plans, or other related systems to help recover from these incidents.
It is imperative that political leaders and municipal mangers take heed of the recent history of ransomware attacks, data breaches, and infrastructure attacks and incorporate sound cybersecurity practices as part of their budgets and business. While the issues as of late have been more annoying than serious, it is a matter of time before one of these incidents leads to loss of life or long-term damage to critical infrastructure.