More IT Security for Municipalities: Automated Support for IT Managers

Digitization is challenging municipalities across the country. Automated attacks on cities and municipalities are increasingly successful. The consequences are serious, and administrations and their services are sometimes incapacitated or severely restricted for weeks or months. It is well known that authorities and public institutions are particularly vulnerable. Traditional administrative structures, decentralized services, numerous outdated systems and software applications, and the shortage of skilled workers all contribute to the critical situation.

Many IT managers work at the limit and are still challenged to increase the IT security of entire municipalities on the basis of manageable budgets. With IT security monitoring, LocateRisk helps municipal IT teams monitor and minimize the external IT attack surface. The analyses accelerate the security process, help with budget discussions and serve as proof of successfully implemented protective measures.

Digitization of Municipalities

By 2026, the market for smart cities in Germany will grow by more than 17 percent per year. Almost every area of urban life is to be digitized in the medium term in order to make life more pleasant for all citizens and to provide urban planning with tools for better decision-making. Automation and networking in transport infrastructure, mobility, healthcare and energy supply are associated with the exchange of enormous amounts of data and the management of countless, often incompatible or outdated interfaces of IoT and OT (operational technology). If networked cities lack adequate security, they are extremely vulnerable to cyberattacks. It is therefore essential for urban planners to work with engineers and IT architects to implement new security concepts.

Online Access Law and IT Security 

By the end of 2022, the German federal and state governments are required by the Online Access Act (OZG) to offer their administrative services electronically as well. Benefits such as parental allowance, unemployment benefit, short-time working allowance, insolvency benefit, pension payments, orphan's pension, BAföG and much more are all to be able to be applied for online. The associated increase in personal data and portal links places high demands on IT security. The BSI has drawn up a framework security concept for this, which, among other things, prescribes penetration tests every three years for systems that have interfaces to the Internet. In view of automated attacks and the constantly changing threat situation, this is far too little. The result of a single test is already outdated the next minute. Experts therefore recommend regular IT security monitoring at least once a month to keep an eye on the security situation and keep it under control.

IT Security of Major Cities in Germany

Despite recognizable progress, there is still room for improvement
Our analysis of 81 major cities revealed that, despite recognizable progress (GDPR compliance), there is still plenty of room for improvement in terms of IT security. Data collection was done by collecting and processing information from publicly available sources. 

The Results 

Protected Mail Dispatch
62 percent of the major cities checked sent email partially unprotected (without an SPF record), making it easier for attackers to launch spam and phishing attacks through mail forgery.

Accessibility of the System Interfaces
The fact that not all database systems belonging to the company were adequately protected against cyber attacks was revealed by 51 percent. Unsecured systems that can be accessed from outside make it easier for hackers to gain access to sensitive data.

Data Transmission Security
98 percent allowed data transmission using outdated transport encryption, which encourages data theft.

Obsolete Applications
At least one application with a potential security vulnerability of high criticality was found in 56 percent. Applications with missing security updates are a welcome gateway for attackers.

GDPR Compliance
37 percent of major cities used tracking cookies without user permission. In these cases, warnings and fines can threaten.

 

Gain Insight into Your Administration's External IT Attack Surface

IT managers do their best to ensure the IT security of their systems. But how can the current status of IT security performance be continuously proven? With LocateRisk's IT security analysis, it's quick and easy. See for yourself: Interested organizations can receive a security assessment of their IT landscape including a 30-minute insight into the detailed analysis free of charge at: Tel. 06151 6290246 or e-mail to: em@LocateRisk.com

Case Study Municipalities, Cities & Communities

Read now: Efficient Monitoring of an Municipal IT Landscape 

 

---