Abstract
Cybersecurity is a serious and complex problem that is escalating at all levels, yet little research has examined the issue at the local government level. This probative study, based on an extensive e-survey of Florida county officials, focuses on: (1) the incidence of cyber attacks – type, source (internal vs. external), and severity (major, minor); (2) perceived threats to agency operations – internally and externally from utility and telecommunications companies, financial institutions, hospitals, and schools; (3) the current status of cybersecurity planning; (4) the urgency of unmet preparedness-related needs; and (5) the degree to which financial, personnel, and organizational roadblocks have deterred the development of comprehensive cybersecurity plans. Controls are made for agency size and type of position held. The study finds that the knowledge or awareness gap between IT professionals and generalist and specialist public administrators is even wider at the local than at the federal (or state) levels. Preparedness lags because of this knowledge gap. There is little sense of urgency, partially because many non-IT officials have little understanding of newer, more dangerous cyber threats and cyber crime.
- 1
Response rates to our earlier mail statewide surveys of local government professionals were 21% (2004 survey) and 24% (2007 survey). Those surveys were related to homeland security and emergency management issues.
- 2
Sixty-four percent of the survey respondents are from larger counties with populations >100,000; 29% from counties with populations ranging from 25,000 to 100,000; and 7% from small counties (below 25,000). Comparatively, among Florida’s 67 counties, 51% have populations >100,000; 30% between 25,000 and 100,000; and 19% <25,000. Thus, the survey respondents, like the population overall, are disproportionately located in larger counties.
- 3
Other research has used this same approach (Reddick 2010). The author of a national survey of city managers examining homeland security preparedness argues that this approach is more appropriate when the purpose of the research is to “develop future research themes on homeland security and adaptive management” and to “determine the intensity of responses” (Reddick 2010: p. 89). He also uses crosstabs to control for variations in city size.
- 4
χ2 significant at the 0.05 level.
- 5
χ2 significant at the 0.01 level.
- 6
χ2 significant at the 0.05 level.
- 7
χ2 significant at the 0.01 level.
- 8
χ2 significant at the 0.04 level.
- 9
χ2 significant at the 0.05 level.
- 10
χ2 significant at the 0.05 level.
- 11
χ2 significant at the 0.05 level.
- 12
χ2 significant at the 0.05 level.
- 13
χ2 significant at the 0.05 level.
- 14
In the post 9/11 period, Florida experienced an anthrax death in south Florida, the flight school training of the terrorists who flew into the World Trade Centers, and the arrest of seven men who planned to blow up Chicago’s Sears Tower and the FBI headquarters in Miami.
- 15
The greatest concerns were lack of money, followed by personnel limitations, technology/interoperability (equipment), lack of external cooperation, and lack of clear plan/roles (Reddick 2010: p. 97).
- 16
CSO (2010) included some federal, state, and local officials in their analysis, although most of their survey respondents came from the private sector (IT and security professionals).
References
Agranoff, Robert (2007) Managing Within Collaboration: Adding Value to Public Organizations. Georgetown University Press: Washington, DC.Search in Google Scholar
Caruson, Kiki and Susan A. MacManus (2006) “Mandates and Management Challenges in the Trenches: An Intergovernmental Perspective of Homeland Security,” Public Administration Review, 66:522–536.10.1111/j.1540-6210.2006.00613.xSearch in Google Scholar
Caruson, Kiki and Susan A. MacManus (2011) “Gauging Disaster Vulnerabilities at the Local Level: Divergence and Convergence in an ‘All-Hazards’ System,” Administration and Society, 43:346–371.10.1177/0095399711400049Search in Google Scholar
CDW-G (2009) CDW-G Federal Cybersecurity Report: Danger on the Front Lines. Available at: http://webobjects.cdw.com/webobjects/media/pdf/Newsroom/2009-CDWG-Federal-Cybersecurity-Report-1109.pdf.Search in Google Scholar
Chabinsky, Steven R. (2009). “Statement before the Senate Judiciary Committee Subcommittee on Terrorism and Homeland Security,” November 17.Search in Google Scholar
Cooper, Brian and Maria Philips (2010) Custom Surveys Within Your Budget. Paramount Market Publishing, Inc.: Ithaca, NY.Search in Google Scholar
CSO (Chief Security Officer) Magazine (2010) 2010 Cyber Security Watch Survey. Available at: http://www.csoonline.com/documents/pdfs/2010CyberSecurity Results.pdf.Search in Google Scholar
Deloitte (2010) Cyber Crime: A Clear and Present Danger: Combating the Fastest Growing Cyber Security Threat. Deloitte & Touche Center for Security & Privacy Solutions. Available at: http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/AERS/us_aers_Deloitte%20Cyber%20Crime%20POV%20Jan252010.pdf.Search in Google Scholar
Eysenbach, G. (2004) “Improving the Quality of Web Surveys: The Checklist for Reporting Results of Internet E-Surveys,” Journal of Medical Internet Resources, 6:34.10.2196/jmir.6.3.e34Search in Google Scholar
Gohring, Nancy (2011) “Cybercrime Getting Easier to Commit, Federal Agents Say,” PCWorld. Available at: http://www.pcworld.com/article/241388/cybercrime_getting_easier_to_commit_federal_agents_say.html.Search in Google Scholar
Hayes, James K. and Charles K. Ebinger (2011) “The Private Sector and the Role of Risk and Responsibility in Securing the Nation’s Infrastructure,” Journal of Homeland Security and Emergency Management, 8(1).10.2202/1547-7355.1597Search in Google Scholar
Hewlett-Packard Development Company (2010) Secure Your Network: 2010 Top Cyber Security Risks Report. Available at: http://dvlabs.tippingpoint.com/img/FullYear2010%20Risk%20Report.pdf.Search in Google Scholar
Hoover, J. Nicholas (2009) “Government IT Confronts Security Treats Daily,” InformationWeek, November 12. Available at: http://www.informationweek.com/government/security/government-it-confronts-security-threats/221601320.Search in Google Scholar
Janairo, Edward (2002) “States Fight Against Cyber-Terrorism,” State Government News, (March). Available at: http://www.csg.org/knowledgecenter/docs/sgn0203StatesFightCyber-Terrorism.pdf.Search in Google Scholar
Kemp, Roger L. (ed.)(2010) Homeland Security: Best Practices For Local Governments, 2nd edition. ICMA Press: Washington, DC.Search in Google Scholar
Lawson, Sean (2011) “Working Paper: Beyond Cyber-Doom: Cyberattack Scenarios and the Evidence of History. Mercatus Center, George Mason University.” Available at: http://mercatus.org/sites/default/files/publication/beyond-cyber-doom-cyber-attack-scenarios-evidence-history.pdf.Search in Google Scholar
Lohrmann, Dan (2010) “5 Reasons Cybersecurity Should Be a Top Priority,” Governing, Available at: http://www.governing.com/five-reasons-why-cybersecurity-should-be-prioirty-public-officials.html.Search in Google Scholar
MacManus, Susan A. and Kiki Caruson (2011) “Research Note: Emergency Management: Gauging the Extensiveness and Quality of Public and Private Sector Collaboration at the Local Level,” Urban Affairs Review, 47:280–299.10.1177/1078087410362050Search in Google Scholar
Page, Doug (2005) “Cyber Insecurity,” Homeland1.com. Available at: http://www.homeland1.com/homeland-security-products/cyber-security/articles/397559-cyber-insecurity/.Search in Google Scholar
Ponemon, Larry (2009) Cyber Security Mega Trends: Study of IT Leaders in the U.S. Federal Government. Ponemon Institute: Traverse City, Michigan.Search in Google Scholar
Prieto, Daniel B. and Steven Bucci (2010) “Meeting the Cybersecurity Challenge: Empowering Stakeholders and Ensuring Coordination.” PRIETO AND BUCCI U.S. Federal White Paper. Available at: https://www-304.Prieto and Bucci.com/easyaccess3/fileserve?contentid=192188.Search in Google Scholar
PRNewswire (2011) “Cybersecurity Challenges, Opportunities Explored at CompTTA Breakaway 2000.” Available at: www.prnewswire.com/news-releases/cybersecurity-challenges-opportunities-explored.Search in Google Scholar
Reddick, Christopher G. (2010) “Homeland Security Preparedness and City Governments,” In: (Roger L. Kemp. ed.) Homeland Security: Best Practices For Local Governments, 2nd edition. ICMA Press: Washington, DC, pp. 85–102.Search in Google Scholar
Spizziri, Martha (2000) “E-surveys: Consider This Before You Start.” American Society of Business Publication Editors (ASBPE). Available at: http://www.asbpe.org/archives/2000/07esurveys.htm.Search in Google Scholar
U.S. Department of Homeland Security (2009) “Supplemental Resource: Cyber Security Guidance, Homeland Security Grant Program, Fiscal Year 2010.” Available at: http://www.fema.gov/pdf/government/grant/2010/fy10_hsgp_cyber.pdf.Search in Google Scholar
U.S. Government Accountability Office (GAO) (2005) “Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems.” Available at: http://www.gao.gov/new.items/d05231.pdf.Search in Google Scholar
Worthen, Ben. (2010) “Most People Don’t Understand Cyber Threats, Says Former DHS Chief,” Digits: Technology News and Insights, The Wall Street Journal. Available at: http://blogs.wsj.com/digits/2010/03/03/most-people-don%E2%80%99t-understand-cyber-threats-says-former-dhs-chief.Search in Google Scholar
Wybourne, Martin N, Martha F. Austin and Charles C. Palmer (2009) “National Cyber Security: Research and Development Challenges Related to Economics, Physical Infrastructure and Human Behavior; A Report to the Chairman and Ranking Member of the U.S. Senate Committee on Homeland Security and Government Affairs,” I3P:Institute for Information Infrastructure Protection, Hanover, N.H: College, Available at: http://www.thei3p.org.Search in Google Scholar
©2012 Walter de Gruyter GmbH & Co. KG, Berlin/Boston
