The federal government set aside $1 billion to help cities and counties improve their cybersecurity, but rural communities worry they will be left out and end up more susceptible to ransomware and other attacks.
The funding comes from the new infrastructure law, with $250 million specifically allocated for rural areas. The funds are distributed to states over the next four years and will begin going out later this year.
But rural community leaders say they lack the resources and expertise to come up with a comprehensive cybersecurity plan and to pursue the grants.
“It’s just me and two other people who work for me,” said Scott Avery, the city administrator in Houston, Missouri, population 2,500. “Getting and administering any grant is a lot of work.”
In 2021, more than 150 cities, counties and school districts fell victim to cyberattacks, according to cybersecurity company Emsisoft.
That led to disruptions in services, including delayed renewal of driver's licenses and residents not being able to pay their tax bills. The attacks shut down systems for weeks in some cases, and it took months to get back to normal.
The need for security upgrades may be more pressing in rural areas than in urban areas.
Last fall, Missouri State Auditor Nicole Galloway released a report highlighting security flaws in several small, rural cities, counties and courthouses.
Galloway cited specific cases of network passwords going unchanged for years, simple passwords routinely shared with outside users and former employees accessing government computers.
BJ Tanksley, Missouri’s director of broadband development, said the regional and state agencies like his need to help.
“When we think about this kind of program, you can tap into statewide networks of people who do this, like the libraries and the other types of associations that have footprints all over the state,” he said.
Tanksley said the knowledge is out there, but regional and state agencies will have to make it a priority to help rural communities protect their digital assets. But they can only do so much.
“I don’t know that we are going to connect them with cybersecurity systems,” he said, “but we can connect them to the education of what kinds of systems are usable and try to get them to that point.”
The companies that sell internet service in rural areas might also help.
Mike Romano, vice president of NTCA-The Rural Broadband Association, said he is working with his members — largely rural telephone cooperatives that also provide broadband service — on the problem.
“We’re aimed at helping small, rural broadband providers manage risk and do whatever is possible to protect their networks from intrusion,” he said. “You’re never bulletproof, but you take all the necessary steps to do as best you can.”
Follow Jonathan on Twitter: @JonathanAhl