Cyberattacks on local government entities are increasingly common, costly and difficult to detect and repel. Jurisdictions that fail to adequately protect themselves from cybersecurity risks can face disruptions of critical services, exposure of sensitive data, increased insurance costs and potentially lower bond ratings. It’s a problem that deserves more attention from the public and public officials.

The threats pop up in surprising places.

Last year, Russian hackers attempted to gain entry to the water systems of Lockney, Hale Center and Muleshoe in the Texas Panhandle. The gang tried 37,000 times over four days to penetrate the firewall protecting the remote monitoring system of one town’s water supply. It caused another community’s water tank to overflow. The hackers were tentatively linked to the Russian government.

This month, a 60 Minutes story described a similar intrusion by Chinese hackers into the water system of a small Massachusetts town. Those hackers probably planned to lurk and learn, retired U.S. Air Force Gen. Tim Haugh told correspondent Scott Pelley. Then, if China ever wanted to distract Americans from its actions elsewhere, it could tamper with water systems, he said.

Money is the motive for other attacks. In 2023, a criminal gang hit the North Texas Municipal Water District, which serves Plano, Frisco, Allen and other cities, with a ransomware attack. Dallas County, the Dallas Central Appraisal District, Fort Worth and Dallas have all faced similar cyber extortion. Dallas spent tens of thousands of hours, and millions of dollars, identifying and repairing the damage.

Opinion

Get smart opinions on the topics North Texans care about.

By signing up, you agree to our Terms of Service and Privacy Policy.

Leaders at all levels and sizes of local government need to treat cyber threats as a risk to their entire enterprise. They cannot simply assign the issue to their IT person or department. It has to become embedded in every aspect of operations and planning.

“Cybersecurity is no longer just a budget line item — it’s the top concern for county leaders nationwide,” John Matelski, chief information officer of the National Association of Counties, said in an email.

But even as the problem grows worse, the Trump administration has severely cut the Cybersecurity and Infrastructure Security Agency, which helps industrial, public and civil society organizations strengthen their defenses against hackers. Multiple news stories reported that CISA was targeted because its work included election security and combating disinformation.

Texas, fortunately, has been developing cybersecurity resources for years. The Department of Information Resources offers training, information-sharing, testing and incident response support to state agencies and local governments. Those responsibilities will shift by 2027 to the new Texas Cyber Command, which retired Vice Adm. Timothy James “TJ” White, former head of U.S. Cyber Command, will lead.

The increased resources cannot come soon enough. White noted that as Texas attracts more massive data centers, which need more electricity, cybersecurity risks will only increase. Local governments can’t prevent cyberattacks, but public agencies need to do all they can to thwart them and minimize resulting damage.