In only a few years, cybersecurity has developed from a concept that sounded like science fiction to one of the federal government’s major concerns. Look on the priority lists of any high-level federal leader from President Obama down, and you will find cybersecurity listed as number one (number five at the lowest).
This level of interest has also made cybersecurity big business. Nearly all the big federal integrator firms have a new cyber business unit, center or collaborative organization. The only people who do not worry about protecting our digital infrastructure and the digital functions that are now essential to all our critical infrastructure sectors are either intellectually blind or delusional.
The threats are real, they are pervasive, they are persistent and they are sophisticated. The overarching nature of the issue – affecting nearly every aspect of our highly networked lives – makes it the ultimate strategic issue for Washington. That said, how do the leaders of our municipalities look at this issue?
While cyber is a strategic issue for Washington’s leaders, for the embattled leaders of our cities, cyber is local and very tactical. This does not mean that it is less important. Just as those being shot at know that no conflict is “low intensity,” our urban leaders understand that the threats they face are no less significant than those the federal government is trying to tackle. And frankly, the effects at the local level will be among the first felt in a cyber incident.
Our city leaders, particularly law enforcement and first responders, are highly dependent on digital infrastructure. The many deficiencies uncovered during the responses to 9/11 and Hurricane Katrina (communications incompatibility, no real reach back from the field to centralized assets, inability to tap into higher level governmental and civilian capabilities, to name a few) have been addressed by systems that all ride on the digital backbone of the Internet. What is more, cities now use all of the twenty-first century’s wonderful capabilities to increase service to their communities. Data management, criminal intelligence analysis and property management are all assets through which cities serve the people.
What worries the local leaders? Cybercrime is a huge concern. The money, identities and intellectual property of local citizens and businesses are constantly at risk. Bad guys of all sorts are capable of hiding in plain sight, communicating, giving orders and recruiting, both for common criminal activities and for potential terrorism. They use and exploit the multitude of fast, relatively anonymous communications (text, Twitter, etc) to achieve their malicious ends.
Beyond these relatively pedestrian issues, local leaders worry about having their communications monitored (which is very easy) or disrupted (harder but still achievable). One big city police official told me his biggest concern was a terrorist group hacking their dispatch system and rerouting assets away from real emergencies and perhaps into ambushes. It would only have to happen once and the complete trust that responders have in voices coming from HQ would be gravely undermined. Likewise, the trust citizens have in the 911 system could be crippled with devastating results.
The leaders of municipalities ride much closer to their constituents than do the leaders in Washington. They feel the threat in a much more visceral way. They think less in terms of massive systems and infrastructure sectors than in lives, businesses and neighborhoods. It is highly likely that physical attacks (bomb vests, snipers and vehicle-borne IEDs) will be accompanied by cyber enablement. This could be the kind of hacks mentioned above, or could even be crude EMP devices that cripple all electronics in a blast radius.
High visibility, high impact events could be preceded by smaller attacks on electronic distribution facilities or local Internet hubs to tie up city-level cyber capabilities. All these actions would obviate the improvements we have proudly displayed (rightfully so, by the way) since earlier tragedies. The public fear and loss of governmental credibility associated with these types of attacks would be huge and crippling to any city in our nation.
Admittedly, our federal leaders also worry about these things, but for them it has a level of abstraction and separation that makes their concerns pale when compared to the “in your face” responsibilities of city leadership. More needs to be done to help our local leaders with cybersecurity. This includes the city, county (and their equivalents) and state levels. The guidance, direction, funding, exercises and cooperation for all types of cybersecurity activities must increase and soon. Cybersecurity is as much a local issue as a national one, and we must recognize it as such if we are to overcome it.