“The range of American targets is so wide and deep that it is almost impossible to understand all of the vulnerabilities. And because most of those targets don’t belong to the government — banks, power grids, shipping systems, hospitals and internet-linked security cameras, cars and appliances — confusion reigns over who is responsible for defending them and who will decide when to strike back.”
The U.S. Department of Homeland Security (DHS) has categorized as critical infrastructure 16 sectors that represent outsized risks.
DHS’s categories are broad — from agriculture to commercial facilities — and exact plans are sector-specific (for example, the latest memo, from 2015, on financial services.)
The one common thread, though, is that all critical infrastructure sectors are vitally important to cities.
According to Sanger’s excellent reporting, the United States federal government, with all its resources, is not significantly deterring state and non-state hackers from attacking important assets.
Indeed, hackers are so brazen that they are now attacking the super-spy agencies that developed many of the cyber tools.
If NSA, the developer of the world’s most powerful cyber tools with billion-dollar budgets, cannot protect itself, how will cities compete?
Some are trying. New York City has rolled out programs and resources for cybersecurity. So has London.
But smaller cities often lack resources and expertise to prevent and manage attacks.
These cities — like Newark — are dealing with increasing threats and flat-lined budgets. Since cyber activity is invisible, these threats become a lower priority than, say, acute real-time challenges like transportation.
Between budget constraints and lack of expertise, cities are fighting a losing battle against increasingly sophisticated, decentralized attackers.
From subways to traffic lights, citizens will remain at considerable risk until cities take the lead on cybersecurity.