8.1 Introduction

People are a critical component to cybersecurity, especially for local governments. As discussed in Chapter 2, people are one key element of cybersecurity along with technology, policies, and practices. After all, it is people that utilize technology and enact policies and practices to ensure high levels of local government cybersecurity. However, it is also people who make mistakes, either out of ignorance, negligence, or malice, and who fail to follow cybersecurity policies and procedures. So just who are the people referred to in this chapter? They include the elected officials of a local government as well as top managers, department heads, employees, vendors, contractors, and any and all others who have access to the local government’s IT system. By extension, people also include those who are responsible for attacking local government information systems – including criminals and criminal organizations, although the focus of this chapter is mainly on people as internal actors.

This chapter discusses first, how people are the root of the cybersecurity problem and how they constitute perhaps the major obstacle to achieving high levels of local government cybersecurity. Second, it addresses the ways people are targeted by malicious actors. Third, the chapter covers the ways people can be assets to local government cybersecurity. Finally, it discusses the training and accountability of local government officials and staff. ...