Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity

Date

2019-02-21

Department

Program

Citation of Original Publication

Norris, D.F., Mateczun, L., Joshi, A. and Finin, T. (2019), Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity. Public Admin Rev, 79: 895-904. https://doi.org/10.1111/puar.13028

Rights

This is the peer reviewed version of the following article: Norris, D.F., Mateczun, L., Joshi, A. and Finin, T. (2019), Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity. Public Admin Rev, 79: 895-904. https://doi.org/10.1111/puar.13028, which has been published in final form at https://doi.org/10.1111/puar.13028. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Use of Self-Archived Versions. This article may not be enhanced, enriched or otherwise transformed into a derivative work, without express permission from Wiley or by statutory rights under applicable legislation. Copyright notices must not be removed, obscured or modified. The article must be linked to Wiley’s version of record on Wiley Online Library and any embedding, framing or otherwise making available the article or pages thereof by third parties from platforms, services and websites other than Wiley Online Library must be prohibited.

Subjects

Abstract

This article examines data from the first-ever nationwide survey of cybersecurity among American local governments. The data show that these governments are under constant or near-constant cyberattack, yet, on average, they practice cybersecurity poorly. While nearly half reported experiencing cyberattacks at least daily, one-third said that they did not know whether they were under attack, and nearly two-thirds said that they did not know whether their information systems had been breached. Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and a lack of adequate funding for it. The authors make recommendations to local governments to improve their cybersecurity practice and to scholars for additional research into local government cybersecurity, an area that, to date, has largely been neglected by researchers from the social sciences and computer science.