Rutgers study finds local governments use outdated technology


govdimitri
Photo by Dimitri Rodriguez |

A study by Mark Pfeiffer in the Bloustein Local Government Research Center found that many local New Jersey government agencies used outdated or aging computer infrastructure, putting them at risk to cyberattack.


While technology is advancing and growing more popular, local governments are struggling to keep up — and as a result, they open themselves to technological risks such as data breaching and website attacks.

But local government agencies and other organizations can become technologically proficient to understand and manage their technology risks, according to the Bloustein Local Government Research Center.

As stated by the center, there are six interrelated categories of risk: cyber security, legal, operational, financial, "reputational" and societal.

Marc Pfeiffer, assistant director and senior policy fellow at the center, spoke about the risks local government agencies face. Pfeiffer also authored the research study about managing technology risks through technical proficiency.

“Cybersecurity risk includes data breach/theft and disclosure of personally identifiable information, data loss/corruption, network breach, cyber-extortion and website/social media attack,” Pfeiffer said.

Legal risks include third-party liability for denial of services, discrimination, litigation costs, public records disclosure liability, police system failures and employee misuse. Operational risks include loss of capacity to manage work, compromised physical security of technology, electrical system failures, contractor failures and failed backup systems, he said.

Financial risk include cost of cyber insurance, responses to breaches (time and money), procurement delays and change from capital to operating expenses, and reputational risk means loss of public trust, media risk, social media, political responses and bond rating agency evaluation," Pfeiffer said.

Technological proficiency is one way to overcome these risks, he said.

“Technical proficiency involves engaging in four activities," Pfeiffer said. "The first is governance — making sure the people in charge of the organization are aware of technology risk and make the senior management decisions on how to manage the risks."

Having a technology plan is the second element, he said.

A plan ensures that the agency will thoughtfully determine what technology services are being provided, set priorities for them and manage risks and budgets for technology needs, he said.

The third element is to make sure that employees that access technology services are aware of cyber risks and have been trained to identify them and know how to respond to them, such as avoiding suspicious emails, he said. 

The research study includes "cyber hygiene" as a training program to ensure technical proficiency, according to Rutgers Today.

“Cyber hygiene training teaches employees to identify potentially damaging emails and learning about recognizing 'social engineering,' where people send emails or make phone calls to convince users to take insecure actions," Pfeiffer said.

As the public demand for technology use increases, more information is being stored in these computer systems under the security of the government. To ensure the safety of personal information the staff is required to be technically competent, he said. 

Daniel Becht, executive director of the Jersey City Municipal Authority, said he is unable to mention specific operational risks due to homeland security. 

"But we utilize the greatest, latest technology necessary to protect the water source for its citizens”, he said. 

The municipal authorities are in touch with Homeland Security on a state level and federal level, and the system is upgraded on a daily basis as needed, he said.

Ali Maher, director of the Center for Advanced Infrastructure and Transportation, said there are technical risks that government sectors face.

“The challenges facing transportation agencies in ensuring cybersecurity are indeed real, and there are several nationwide research initiatives for improving cybersecurity of transportation infrastructure systems and its impact on resilience of our transportation systems," Maher said.

These risks can be handled through constant improvement of physical systems, technical developments and upgrades, continuous education and training of workforce involved and identification of interdependencies between systems and addressing their impacts, he said.

The training program for the workforce at the Center for Advanced Infrastructure and Transportation is centered under the Local Technical Assistance Program, Maher said. All three organizations offer hundreds of opportunities for working professionals to stay up to date on current practices and further their education.

“The Local Technical Assistance Program and the Tribal Technical Assistance Program are composed of a network of centers — one in every state, Puerto Rico and regional centers serving tribal governments,” Maher said.

The Local Technical Assistance Program and the Tribal Technical Assistance Program help local agencies improve their roads and bridges by supplying them with a variety of training programs, an information clearinghouse, new and existing technology updates, personalized technical assistance and newsletters, he said.

“The Local Technical Assistance Program and the Tribal Technical Assistance Program are able to provide local road departments with workforce development services, resources to enhance safety and security, solutions to environmental, congestion, capacity and other issues and technical publications, as well as training videos and materials,” Maher said.


Chinmoyi Bhushan

Comments powered by Disqus

Please note All comments are eligible for publication in The Daily Targum.