This article appeared in the February 2019 issue of the Georgia's Cities newspaper.
A
different form of infrastructure is taking over headlines, budget items and local government officials’ attention. Referred to as “IT Infrastructure” or the composite hardware, software, network resources and services required for the operation of an entity’s technology environment, municipalities have been diligently working to strengthen theirs and safeguard against cybercrimes.
Georgia’s Cities caught up with three IT leaders from across Georgia: East Point IT Director
Farhad Islam, Albany Chief Information Officer
Steven Carter and
Brett Lavender, Macon-Bibb County chief information officer uncover technology trends and tips to improve cybersecurity.
How has technology improved your city’s physical infrastructure and operations?
FI: Over the last few years, in East Point we’ve invested in Advanced Metering Infrastructure (AMI), Supervisory Control and Data Acquisition (SCADA), and Geographic Information System (GIS) to automate functionalities and increase visibility to critical services such as supplying water and power to our citizens and clients alike.
SC: Albany has undergone a digital transformation that includes software such as Novus Agenda, PowerDMS, Laserfiche, Office 365 and SeamlessDocs to change the way information is handled and where it is stored. We’ve implemented a cloud-computing strategy that can reduce cost by reducing required data center resources as well as free up staff for other projects. We’ve also invested in virtualization initiatives, which has provided a huge reduction in the amount of physical server infrastructure required to run the business applications of the city. These improvements contributed to the consolidation of dozens of physical servers, reducing cooling requirements, power consumption and licensing costs all while improving performance.
What are some of the greatest cybersecurity dangers for cities?
BL: I think the foremost cybersecurity danger for cities is Malware. I encourage cities to research the Top 10 malware in December 2018 that were published by the Multi-State Information Sharing and Analysis Center (MS-ISAC). Another significant cybersecurity danger for cities is phishing (social engineering) attacks. Phishing attacks attempt to trick an employee into giving away sensitive data, account credentials, passwords and credit card numbers. The most common form of this attack comes as an email mimicking the identity of one of your vendors, IT administrators or someone who has a lot of authority in the city.
FI: Cybersecurity is an on-going concern, especially for cities similar to us that host critical “high-value” infrastructures such as water and power systems. Cybersecurity threats are getting even more complicated because the attacks are now morphing into a volatile cocktail form where attackers are utilizing and combining Artificial Intelligence (AI) with social engineering to penetrate into an organization’s IT infrastructure.
What best practices can cities implement to protect their IT Infrastructure?
BL: There are several best practices cities can implement to protect their IT Infrastructure including establish a Cyber Security Awareness Program, because a trained employee is less likely to fall for phishing schemes than one who doesn’t know basic cybersecurity protocols. A city can also establish citywide policies to include (but not limited to) acceptable use, password, mobile device use, vulnerability assessment and web filtering policies. I’d also recommend a city to become a Multi-State Information Sharing and Analysis Center (MS-ISAC) member for free and utilize many of their valuable services.
SC: Cities should invest in a multilayered security strategy that protects organization data and resources such as firewalls and antivirus. Cities should conduct security training as well as simulate attacks. Whether through malice or negligence, humans are the easiest target in any computer system. We mitigate that risk by both granting everyone the lowest level of access they need to do their jobs and by educating them on how to identify forms of malicious attempts to access our network. In addition to prevention, incident response and disaster recovery strategies must be in place to restore data in the event of data loss, corruption or hardware failure.
What are some technology trends and/or tools that cities should look out for?
FI: City governments are focusing on Smart City solutions that will enhance quality of life and render efficient and effective services. Cities are beginning to utilize AI with the desire to deploy autonomous vehicles (AV) and unmanned aerial vehicles for transportation and public safety purposes. Cities are also envisioning technology as a means for economic development to develop areas with 5G and small cell connections to lure entrepreneurs to start up new technology ventures.
SC: Cities should be on the lookout for automation and big data. While some see these technologies as disruptive, they can be force multipliers. These technologies can reduce manual processes and speed data collection. When paired with analytics software, these technologies can cut down on repetitive manual tasks and free staff up to make better data-driven decisions.