Lessons Learned for Local Cybersecurity

Abstract

Cybersecurity is an integral part of digital public governance and aims to ensure the confidentiality, integrity and availability of sensitive citizen-, business-, and government-related data. Given the increasing complexity of cyberthreats, driven by the digital transformation of the public sector and emerging technologies, local governments need robust and resilient cybersecurity strategies. This exploratory study examines the October 2023 cyberattack on Südwestfalen IT (SIT), an IT service provider for over 70 municipalities, cities and districts in Germany. As a result of this ransomware attack, for several months, public services were severely disrupted for over 1.6 million citizens. Against the backdrop of the particular challenges that local governments face in managing their cybersecurity, this study identifies lessons that small and medium-sized municipalities and cities derive from this cyberattack. The paper adopts a multi-method qualitative exploratory research approach, combining key informant interviews and document analysis through reflexive thematic analysis. Key findings highlight the importance of thorough implementation of cybersecurity standards such as network segmentation, tighter monitoring practices and two-factor authentication. To mitigate cluster risks, other key lessons include increased focus on top-down decision-making to enforce non-negotiable cybersecurity standards, given the need for IT service collaboration and the use of economies of scale resulting from the resource constraints of smaller local administrations. Further practical implications include an increased focus on staff training and implementing change management strategies to reduce resistance to reform at various stakeholder levels. This exploratory study of the SIT’s recent cyber incident also serves as an example for small and medium-sized municipalities that are not part of cooperation networks, encouraging them to reconsider their cost-benefit analysis of independent cybersecurity strategies versus collaborative frameworks. Overall, the study offers valuable insights into the implications of cyberattacks for local administrations of small- and medium-sized municipalities. As such, it aims to contribute to developing more equitable and resilient cybersecurity strategies.