How do local government cyber vulnerabilities affect efforts at building national cyber resilience? A new study entitled "Measuring the Integrated Cyber Attack Surface Across US County Government Networks," conducted by a team of researchers at the Center for Governance of Technology and Systems (GoTech) sheds much needed light on this critical question.
Using a novel empirical approach, the research team led by Dr. Charles Harry, director of GoTech and research professor at the School of Public Policy, and Dr. Ido Sivan-Sevilla, GoTech affiliate and assistant professor at the UMD's iSchool, conducted an extensive data collection effort, examining more than 26,000 internet-facing devices across 3,108 county governments. The goal was to illuminate the variations in the size and severity of the attack surface across local governments in the United States and, for the first time, holistically assess the potential implications on the nation's cyber resilience.
“Policymakers at all levels of government are deeply interested in utilizing risk based approaches to cybersecurity which require a larger lens when viewing technical vulnerabilities in critical systems” said Harry. “This work contextualizes individual attack vectors in a holistic view allowing officials to prioritize resources in the most efficient manner possible.”
The geographical analysis of these vulnerabilities offers intriguing insights. Variation spans not only across counties but also states and Federal Emergency Management Agency (FEMA) regions. Particularly striking is the linear relationship between accessible IP addresses and open ports available for potential exploitation, indicating a proxy between the two. Urban and suburban hubs emerge as hotspots of cyber insecurity, with larger populations and greater digital demand amplifying risks.
By aggregating the results to the state and national levels, the researchers could grasp the bigger picture: local government insecurity could reverberate across county lines, amplifying its impact on the nation's overall cyber resilience. The interconnectedness of digital infrastructure demands a more holistic approach to cybersecurity, taking into account the ripple effects of vulnerabilities in one region on the broader security landscape.
These findings raise critical concerns for policymakers who grapple with directing scarce resources to where they are most needed. The approach offers a comprehensive view of integrated attack surfaces across different geographical levels, helping policymakers understand where vulnerabilities lie and where investments in cybersecurity resilience are most needed. By categorizing counties based on their vulnerability to specific types of known attacks, the research also highlights the varying risks posed in different regions.