Cybersecurity Policy-Making at the Local Government Level: An Analysis of Threats, Preparedness, and Bureaucratic Roadblocks to Success

Abstract

Abstract Cybersecurity is a serious and complex problem that is escalating at all levels, yet little research has examined the issue at the local government level. This probative study, based on an extensive e-survey of Florida county officials, focuses on: (1) the incidence of cyber attacks – type, source (internal vs. external), and severity (major, minor); (2) perceived threats to agency operations – internally and externally from utility and telecommunications companies, financial institutions, hospitals, and schools; (3) the current status of cybersecurity planning; (4) the urgency of unmet preparedness-related needs; and (5) the degree to which financial, personnel, and organizational roadblocks have deterred the development of comprehensive cybersecurity plans. Controls are made for agency size and type of position held. The study finds that the knowledge or awareness gap between IT professionals and generalist and specialist public administrators is even wider at the local than at the federal (or state) levels. Preparedness lags because of this knowledge gap. There is little sense of urgency, partially because many non-IT officials have little understanding of newer, more dangerous cyber threats and cyber crime.