Cyber incidents against local government and law enforcement agencies

By Sasha Romanosky, PhD.
In a previous blog, we saw the number of cyber incidents across all sectors of business, based on a sample of 12,000 events over the years 2004-2014. Next, we examine just the subsample of incidents affecting municipal, county, state and federal government agencies. The chart below reflects the various subsectors of governmental organizations victimized by cyber attacks during this time period, which totals just over 1,400 incidents.


As shown, the most commonly affected agencies are Executive and Legislative (which include general forms of local and county government offices), followed by Human Resource offices. The third most common group affected is Justice, Public Order and Safety, which includes courts, correctional facilities, police, and fire departments. Based on publicly available data, these agencies experienced almost 300 incidents over a 10 year time frame, suggesting that they were attacked approximately twice per month.

The kinds of events captured by these data include, for example, denial of service attacks against police computer networks, accidental disclosure of police officer (and sometimes informant) personal information, theft or misuse of computing systems by corrections officers, and other forms of cyber attacks.

It is also interesting to note that of the 1400 events in the dataset, only about 200 (14%) of them concern federal agencies (FBI, FEMA, and various federal court systems), while the rest involve city, state and county agencies.
There is an important caveat to note regarding these data. Because of underreporting that typically occurs with cyber incidents (and, indeed, with crimes, generally), the numbers reflected are likely an underestimate of the true totals. Nevertheless, the data provide a useful insight the phenomena of cyber incidents related to government agencies, and law enforcement, specifically.

In addition to these data, results from one security vendor suggests that state and local government networks (and education networks) are 4 times more likely to be infected with malicious software, relative to private business networks. It also finds a disproportionately high percentage of adware (Kovter and BrowseFox) on government networks and computers.

The relevance of these data to police chiefs and officers, is to show the many kinds of local and state government agencies, including law enforcement, that are being affected by cyber incidents. Further, these incidents are caused not just by malicious criminals operating from remote countries, but are also caused by trusted employees of these agencies. Chiefs can start to address these growing threats by learning more about protecting their networks here on this website.

IACP Conference