The impact of an unplanned IT disruption involving the corruption or loss of data or other computer resources could significantly curtail an organization’s operations. Proactively anticipating and planning for IT disruptions prepares personnel for the actions they must take if this happens.

Years ago, Industrial Control Systems (ICS) were considered low-risk because they were isolated from networks and the Internet but interconnectivity with the outside world is now a reality. There are many steps municipalities can take to improve their ICS cybersecurity and better protect the health and safety of their residents.

This report provides a number of ideas and explains efforts undertaken by various municipal officials or identified through audits conducted by OSC that are applicable to most local governments, and that address costs that are under local control.

Audits conducted by OSC have shown that some types of weaknesses are persistently prevalent in local government and school district IT systems, regardless of the complexity or size of the system. This guide provides information for local leaders on some of the more common cybersecurity attacks and what can be done to help prevent a breach in the future.