Role of Government in Cybersecurity in the urban infrastructure

In 2019, cities and towns around the world experienced more than 1000 cyberattacks a day. These took various forms including malware, multiple lines of denial of services, and ransomware. To date, the vast majority of municipalities have not yet figured out a way to protect themselves. If things continue this way, cities and towns may end up like the case studies in the 2025 article.

Federal Government’s action against Cyber-Attacks

Government passed the law in 1986 called “The Computer Fraud and Abuse Act” and according to the act the number one thing that it criminalizes is that it is crime to access a computer without authorization, also it is crime to exceed the use of computer even if the user has authorized access. For e.g. you work for a company and you are not allowed to access particular info. of the company and if you access it then you are liable for the crime under the same act. The penalty ranges from one to 20 years. The FBI and the DHS enforce these laws.

In 2018, 3 lakhs of cases were reported out of which only 1% were found and punished. CISA plays a key role in cybersecurity in the US. In the US there are 16 societies classified as critical infrastructure for center-specific agencies. CISA created ISAC a Centre for all the 16 societies to provide all information about cybersecurity, threats, and other precautions.

Defensive Cybersecurity Practices

The federal government takes steps to encourage good cybersecurity practices. The best Federal Agency to look after this good practice of cybersecurity is NIST (National Institute for Standards and Technology). NIST is an agency that's actually been around for more than 100 years. The main objective of NIST is to establish technical standards, things like weights, and measures, and distances, and standards for everything from knitting needles to a thread to different kinds of chemical compounds.

NIST is made up of Scientists and Engineers who don’t support any party, person, political party, and not interested in public policy issues. They are  just interested in establishing good engineering and scientific baselines on which the society can depend upon. NIST was to frame the cybersecurity framework from 2014, and this the framework would help any institutions to prepare and be ready whenever there might be any cyber-attack. Basically, they don’t promote any software or hardware for security. They teach the institutions would they improve standards in the cybersecurity

NIST Cybersecurity Framework

This framework consists of five components and they are

Identity: It consists of what needs to be protected, what assets are to be protected from cyber-attack, what software or machines are possible targets of attack, policies for managing risks, training employee to make sure they delete their account after leaving the organization, making sure that right operational policies exist, Risk Assessment, Risk Management, For example, if you're an organization that is dependent on delivering service 24 hours a day, seven days a week, then you're going to want to make sure that your systems are available all the time, that you have backups in place in the event of some kind of an attack.

Protect: make sure who the users are, access control and identity management, make sure the passwords are up to date, makes sure that only authorized people have access, Adequate training, data security practices, hardware backups, data destruction policy, system updating, version updating, keeping track of who is logging as users, using files, an audit of everything

Detect: Detect any malicious activity, attack and identify and shutdown the vulnerability, so that whatever data is lost can be protected easily, and if there is any threat setting backup mechanism on place, and then respond

Respond: fixing the vulnerability and making sure that the attack doesn’t continue

Recover: Most important part of the framework, figure out why the attack happened, find out how these attacks happened, and why? To avoid future attacks,

This framework is not 100% cure-all against all the cyber-attacks, but it helps in resisting some of the attacks and responding in other possible attacks.