Sep 18, 2019

How cities can guard against ransomware attacks

Illustration: Aïda Amer/Axios

More than 50 cities have fallen prey to ransomware attacks in 2019 so far, with the average paying $36,295 in ransom. As a result, cities are beginning to explore new cybersecurity options. 

The big picture: As cities move more of their services online and collect more data on their communities and residents, small- to mid-sized municipalities with underfunded IT departments are particularly vulnerable to ransomware attacks and associated costs. 

By the numbers: The International City/County Management Association found that roughly 30% of local governments don't know how often their systems are attacked.

  • Of those that could, an alarming 60% said they were being attacked on a daily — if not hourly — basis. 

What's happening: When a city is attacked, critical services such as tax management and permit approval can be halted as city officials decide whether to pay a ransom or rebuild a system.

  • Paying ransom can quickly restore operations, but nearly 60% of citizens object to such action.
  • Rebuilding a system, meanwhile, is typically more expensive and can take months. 
    • Baltimore chose not to pay a ransom and has instead spent over $5.3 million in restoration costs. City officials have estimated that a complete recovery will cost over $18 million total, including lost revenue.

What's needed: Residents largely do not want municipal funds paid out to hackers, so if cities are going to rebuild, their new systems should have built-in defenses.

  • A cybersecurity policy gaining traction among municipalities is Zero Trust, which operates on the assumption that anything inside or outside of a corporate network including data, devices, systems and users is a security risk.
  • How it works: In a Zero Trust system, administrators use technologies including end-to-end encryption, multifactor authentication, identity access management and analytics to control access.

What to watch: The U.S. government is starting to invest in Zero Trust pilot programs, including a recently announced project with the Defense Information Systems Agency and U.S. Cyber Command. 

Alan Duric is the co-founder and CTO/COO of Wire, a secure collaboration platform.

Go deeper

Cities aren't ready for the AI revolution

Globally, no city is even close to being prepared for the challenges brought by AI and automation. Of those ranking highest in terms of readiness, nearly 70% are outside the U.S., according to a report by Oliver Wyman.

Why it matters: Cities are ground zero for the 4th industrial revolution. 68% of the world's population will live in cities by 2050, per UN estimates. During the same period, AI is expected to upend most aspects of how those people live and work.

Go deeperArrowSep 30, 2019

$250M for election security is a fraction of what's needed

Illustration: Aïda Amer/Axios

Last week, Senate Majority Leader Mitch McConnell offered his support for a $250 million election security fund. By experts' estimates, that's only around 10% of what states will need between now and 2024 in order to protect elections from security threats.

The big picture: The County Commissioners Association of Pennsylvania says it will cost $125 million to replace unsecure voting machines in its state alone, meaning half the new funds could be spent on one small aspect of election security in just one state.

Go deeperArrowSep 26, 2019

Golden age of local leaders

Illustration: Sarah Grillo/Axios

While approval ratings of Congress are at all time lows, people in both parties still largely trust their local and state elected officials.

The big picture: Congressional gridlock and partisan divisions in Washington will likely deepen leading into the 2020 presidential election. But at the city level, officials are able to move quickly to address their communities' problems, from housing zoning to climate change to gun control.

Go deeperArrowOct 2, 2019