Reflecting on a persistent wave of cyberattacks against local governments, David Graham, the chief innovation officer of Carlsbad, California, said Monday at an international conference of technology officials that cities need to be more active in educating their residents about cybersecurity risk and resilience.
“We need to begin that conversation with those [in our communities] who are not technical and talk about what that base level of trust is and how that plays into protecting their privacy,” Graham said on a panel at the Smart City Expo World Congress in Barcelona, Spain.
Part of doing that, Graham said, means being honest about cities’ internal cybersecurity challenges, particularly in light of large-scale ransomware attacks against cities like Baltimore and Atlanta.
“If we can’t have that conversation and be honest about the fact that we will be breached, then frankly, we’re going to see the same sorts of disasters and explosion of trust that happens [in an attack] and that we’ve seen in a number of our cities in the U.S. when a major cyber event happens,” he said.
Clayton Banks, the chief executive of Silicon Harlem, a New York City technology incubator, said that those conversations need to start with digital literacy, particularly in areas where connectivity issues can inhibit widespread technological knowledge.
“They can’t get to these things if they don’t have some level of digital literacy,” Banks said. “It’s great to talk about this really hot topic of cybersecurity, but with my perspective working within a community, to be able to understand what’s happening inside out has been very beneficial to how we can deploy these types of services to make it sustainable.”
Marijn Fraanje, CIO of the Hague, Netherlands, said educating residents about cyberhygiene is a one key step cities can take toward increasing both participation with digital government and accessibility.
“If you want people to participate, they need to know how to handle the digital world,” Fraanje said. “You need to give them the tools as well. I think a lot of municipalities still don’t realize the way that we are working now is basically set in the last century.”
But Fraanje also said government still thinks too small and needs to work more often with the private sector to address the actual online threats their populations face.
“We don’t have knowledge ourselves to solve our own problems,” Fraanje said. “We need more companies to [help] solve them.”
Simon Hunt, an executive vice president of cybersecurity product innovation at Mastercard, said the lack of foundational knowledge among users is concerning. One way to combat that, he said, is for cities to build trust with businesses and residents to help ward off cyber threats.
“It’s much more likely that a business will talk to their city than that they’ll talk to a private vendor, or Mastercard for that matter,” he said. “In partnership with cities and mayors, we need to bring that education and help uplift them.”
Fraanje said the Hauge recruits local computer-science students to help small businesses to protect themselves online.
Cybersecurity collaborations with academia are familiar ground in the United States, including in places like Los Angeles, where students have won national Cyber Patriot competitions for two years running. The city also operates the LA Cyber Lab, which has built apps that help small businesses detect internet threats.
“We really think cybersecurity is part of a whole smart-city ecosystem,” said Jeanne Holm, Los Angeles’ deputy CIO. “[But] 50 percent of some of our communities are not online at home, and we really [need] to make sure that everybody in the community is connected.”
Editor’s Note: The travel expenses for StateScoop to provide news coverage of the Smart City Expo World Congress in Barcelona, Spain, were paid for by Mastercard.