5.1 Introduction

This chapter discusses the nature of cyberattacks that local governments contend with on an almost daily basis. It uses data from several sources, including from the first-ever nationwide survey of cybersecurity among American’s grassroots or local governments to address cyberattacks against these governments (Norris et al., 2019). Included also are data from a more recent survey conducted by Hatcher et al. in 2018, a survey of a small group of CISOs of mainly large cities by one of the authors in 2020 (Norris, 2021), and findings from the professional literature where relevant.

Governments of all types and sizes, and increasingly local governments, are under constant or nearly constant attack (e.g., Norris et al., 2018, 2019). This should not be surprising because, among other things, more than half of the cyberattacks against organizations in the United States are against small- and medium-size businesses. Additionally, like such businesses, local governments often lack the funds and skills to combat such attacks.

This chapter begins by briefly discussing the methodology employed to conduct the 2016 survey from which the data in the chapter are derived. Then it examines the data from that survey concerning attacks and attackers against local government information assets, local government cybersecurity preparedness, and the barriers to achieving high levels of cybersecurity in them. The chapter then concludes by ...