Next Article in Journal
Federated Learning-Based Prediction of Energy Consumption from Blockchain-Based Black Box Data for Electric Vehicles
Next Article in Special Issue
Research on Power Cyber-Physical Cross-Domain Attack Paths Based on Graph Knowledge
Previous Article in Journal
A Novel Dual-Component Radar-Signal Modulation Recognition Method Based on CNN-ST
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 14
Issue 13
10.3390/app14135501
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Local Government Cybersecurity Landscape: A Systematic Review and Conceptual Framework

by
Sk Tahsin Hossain
1,
Tan Yigitcanlar
1,*,
Kien Nguyen
2 and
Yue Xu
3
1
City 4.0 Lab, School of Architecture and Built Environment, Faculty of Engineering, Queensland University of Technology, 2 George Street, Brisbane, QLD 4000, Australia
2
School of Electrical Engineering and Robotics, Faculty of Engineering, Queensland University of Technology, 2 George Street, Brisbane, QLD 4000, Australia
3
School of Computer Science, Faculty of Science, Queensland University of Technology, 2 George Street, Brisbane, QLD 4000, Australia
*
Author to whom correspondence should be addressed.
Appl. Sci. 2024, 14(13), 5501; https://doi.org/10.3390/app14135501
Submission received: 28 May 2024 / Revised: 20 June 2024 / Accepted: 22 June 2024 / Published: 25 June 2024
(This article belongs to the Special Issue Advanced Cybersecurity Applications: Solutions to Counteract Cyber Threats)
Browse Figures
Versions Notes

Abstract

:
Local governments face critical challenges in the era of digital transformation, balancing the responsibility of safeguarding resident information and administrative documents while maintaining data integrity and public trust. These responsibilities become even more critical as they transition into smart cities adopting advanced technological innovations to revolutionize governance, enhance service delivery, and foster sustainable and resilient urban environments. Technological advancements like Internet-of-Things devices and artificial intelligence-driven approaches can provide better services to residents, but they also expose local governments to cyberthreats. There has been, nonetheless, very little study on cybersecurity issues from the local government perspective, and information on the multifaceted nature of cybersecurity in local government settings is scattered and fragmented, highlighting the need for a conceptual understanding and adequate action. Against this backdrop, this study aims to identify key components of cybersecurity in a local governmental context through a systematic literature review. This review further extends to the development of a conceptual framework providing a comprehensive understanding of the local government’s cybersecurity landscape. This study makes a significant contribution to the academic and professional domains of cybersecurity issues and policies within the local governmental context, offering valuable insights to local decision-makers, practitioners, and academics. This study also helps identify vulnerabilities, enabling stakeholders to recognize shortcomings in their cybersecurity and implement effective countermeasures to safeguard confidential information and documents. Thus, the findings inform local government policy to become more cybersecurity-aware and prepared.

1. Introduction and Background

The role of local governments has evolved significantly in the digital transformation age, with the digitalization of public services, data management, and inter-departmental communication [1,2,3]. This transformation has made local governments more efficient and responsive to constituents’ needs, in many cases with the adoption of artificial intelligence (AI) solutions [4,5]. However, this transformation also poses challenges, particularly in cybersecurity, given these governments’ possession of vast amounts of sensitive data, which cybercriminals often perceive as attractive resources [6,7,8]. While central governments and national agencies often receive substantial attention in cybersecurity dialogues, local governments stand uniquely vulnerable due to a limited budget, a lack of cybersecurity infrastructure and expert workforce, the absence of regulatory compliance, and a lack of prioritization by the concerned authorities [9,10].
The frequency and intensity of cyber-attacks on local governments have significantly increased in recent years [7,8,11,12,13]. One of the earlier scholarly publications in this research field by Caruson et al. [14] indicated that local governments experience cyber-attacks constantly, and only a fraction of them are prepared. Norris et al. [15] conducted a nationwide survey in the USA, revealing that 28% of local governments experienced cyber-attacks hourly or more frequently, with 19% reporting at least one attack per day. The failure to address the cybersecurity concerns of local governments may result in significant consequences, such as the unauthorized disclosure of sensitive information and documents [16], damaging the government’s reputation [17], causing high costs for fixing security breaches [12], and hindering the ability to effectively address routine and emergency service needs [18].
Despite the growing threat landscape in local governments, there is an enormous gap of knowledge in terms of the specific challenges and solutions, attack types and techniques, tools, and available frameworks and standards for local governments in cybersecurity-related matters [6,8,10]. This lack of academic research is also evident in the multiple articles reviewed in this study. For instance, Norris, Mateczun, and Forno [6] indicated that they found only three articles in the publication period from 2000 to mid-2021 that specifically addressed cybersecurity in local governments. Chodakowska et al. [19] mentioned in their study that “despite the recognized need to implement cybersecurity strategies and legal norms, so far there has been little research verifying the adopted solutions in practice or analyzing actual examples of cybercrime in public entities, especially at the local government level”.
Most existing articles adopt a descriptive stance, focusing on the significance and landscape of cyberthreats without providing theoretical frameworks or empirically based strategies to understand cybersecurity issues [6]. This intellectual gap not only reflects a noticeable deficiency in knowledge among officials and decision-makers in local governments, but it also suggests a broader systemic disregard for integrating and prioritizing cybersecurity in local governments, necessitating further research in this domain.
Considering the context described above, this paper seeks to identify the key components of cybersecurity and subsequently develop a conceptual framework to understand the cybersecurity landscape within the local governmental context by addressing the following research questions:
  • How is the cybersecurity landscape characterized within the local governmental context?
  • What are the key components essential for a comprehensive understanding of cybersecurity in the local governmental context?
This study used a systematic literature review to identify relevant articles in the cybersecurity–local government research fields. It then conducted a comprehensive analysis, followed by a discussion and a conclusion. This paper is organized as follows: Section 1 and Section 2 of this study establish an outline by offering a concise explanation of cybersecurity and its importance, as well as identifying a current gap in knowledge; Section 3 outlines the methodological procedures employed in this study; Section 4 presents the findings derived from the systematic literature review; Section 5 comprises the discussion; and Section 6 contains the conclusion of this study.

2. Background to the Cybersecurity Concept

Cybersecurity is a crucial strategy for organizations to protect networks, computers, programs, and data from attacks, damage, or unauthorized access [12]. The National Institute of Standards and Technology (NIST) in the USA defined cybersecurity as “the process of protecting information by preventing, detecting, and responding to attacks” [20]. Meanwhile, the International Organization for Standardization (ISO) defined cybersecurity as the “safeguarding of society, people, organizations and nations from cyber risks” [21]. Cyber risk is the effect of uncertainty on cybersecurity objectives [22]. The NIST provides an elaborative definition of cyber risk. Indeed, according to NIST Special Publication (SP) 800–160, cyber risk is “the risk of depending on cyber resources (i.e., the risk of depending on a system or system elements that exist in or intermittently have a presence in cyberspace)” [23].
Cybersecurity is frequently confused with the term information security [24,25]. However, despite their interconnectedness, these two have distinct meanings. Information security is the “preservation of confidentiality, integrity and availability of information” [22]. In this definition, confidentiality is the property of information that is not disclosed to unauthorized individuals, while integrity is the property of accuracy and completeness, and availability is the property of being accessible and usable on demand [4,22,26,27]. Cybersecurity, on the other hand, is a subset of information security and concerns the management of information security risks that arise when data are stored, transmitted, and processed in digital formats within computer systems, storage devices, and interconnected networks [21,24]. According to the ISO, cybersecurity also includes Internet security, network security, and web security, as shown in Figure 1.
The Internet is a global system of interconnected digital networks that connects billions of servers, computers, and other hardware devices. Internet security is the protection of Internet-related service organizations and users. The World Wide Web, also known as the web, is a platform for sharing information on the Internet, consisting of billions of digital documents accessible through a web browser. Web security is the protection of information on the World Wide Web and web services. Network security involves designing, implementing, operating, and improving networks, as well as identifying and addressing security risks within and between organizations and users.
Network security encompasses various types of networks within an organization, including local area networks, wide area networks, personal area networks, and wireless networks, including routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices. Cybersecurity also entails protecting Internet-connected systems from potential attacks, including the cloud, hardware or endpoint, and software or applications [21]. Based on the insights from the ISO definitions and scholarly publications, we identified seven critical domains of cybersecurity for organizations, especially local governments. These domains are Internet security, web security, network security, data security, endpoint security, application security, and cloud security. We structured our research and discussion to cover all these cybersecurity domains, which encompass a comprehensive range of cybersecurity aspects.

3. Research Design

This study employs a systematic literature review approach, following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) protocol. This methodological approach is consistent with the methods used by [28,29,30,31,32]. The PRISMA protocol is a three-stage research process: planning, conducting a review, and reporting and dissemination. The planning phase sets the research aims, questions, and inclusion and exclusion criteria, while conducting the review phase involves identifying and reviewing relevant articles, and the reporting and dissemination stage analyzes and synthesizes the findings and reports them.
As per the PRISMA protocol’s initial stage, we framed our research aim and questions, as stated in the Introduction and Background, to obtain insights into the cybersecurity landscape of local governments. To set the scope and central focus of this study in the local governments and cybersecurity domain, we chose ‘cybersecurity,’ ‘cyber-attacks,’ ‘local government,’ ‘local council,’ ‘municipality’, and ‘smart city’ as the keywords. We selected other keywords, excluding ‘smart city,’ in accordance with this study’s aim and research question. In recent years, many local governments around the world have embraced the smart city concept. Tech-giant International Business Machines (IBM) Corporation first put forward the smart city slogan in 2009 [33]. A smart city does not have any specific or universal definition, but the concept usually refers to an ecosystem that combines current and emerging technologies such as AI, sensors, the Internet of Things (IoT), robotics, web 3.0 technologies, digital twins, and smart grids to offer better and more seamless services to the citizen as well as increase the efficiency of the service providers [2,34,35,36,37]. In summary, Yigitcanlar et al. [38] defined the smart city as the convergence of technology and the city. Local governments’ shift toward smart city initiatives exacerbates cybersecurity risks as it adds complexity to data management and interconnected systems [7,33,39,40]. Therefore, we included ‘smart city’ as a keyword in our study to signify the growing role of local governments in digitally integrated urban spaces. After finalizing the keywords, we set the primary inclusion and exclusion criteria, as illustrated in Table 1, to research relevant articles complying with the PRISMA protocol. We further discussed the inclusion and exclusion criteria in the following section.
In the review phase (second stage) of the PRISMA protocol, we initially categorized the chosen keywords into terms related to cybersecurity and terms related to local governments. We performed this categorization to conduct a ‘keyword search,’ which aimed to select the articles most relevant to our research. We also included supplementary terms like ‘information security’ and ‘data security’ to broaden our search and find the relevant scholarly literature. Subsequently, we developed the following search query to identify relevant articles: ((“cybersecurity” OR “cyberthreat” OR “cyber risk” OR “information security” OR “data security”) AND (“smart city” OR “local government” OR “municipality” OR “council”)). Figure 2 shows a screenshot of this study’s ‘keyword search’ process following the PRISMA protocol. We executed the search within titles, abstracts, and keywords in mid-July 2023 in the following databases: Scopus, Taylor and Francis Online, IEEE Xplore, Wiley Online Library, Sage, ScienceDirect, Proquest, Directory of Open Access Journals, and the Queensland University of Technology (QUT) Library Collection. We opted for a multi-database strategy because of the limited availability of scholarly publications, as indicated in numerous studies. Therefore, we expanded our search for scholarly articles to include university (QUT) library collections in addition to public databases.
We did not set a publication year filter to identify a trend in the research interest in this field. Initially, 3861 articles appeared in the search across all databases. However, to ensure high-quality sources and increase academic acceptance, we executed the primary inclusion and exclusion criteria as described in Table 1. In this study, we only considered academic journal articles that underwent a peer review, were published in English, and were available online in full text. We excluded books, chapters, reports, editorials, conference proceedings, and publications that did not meet the primary inclusion criteria listed in Table 1 from our search results. The number of selected articles was substantially reduced to 642. This exclusion was important to maintain a focus on peer-reviewed journal articles, which typically offer a more rigorous and detailed examination. We suspected that some articles might have appeared in multiple databases. Therefore, we eliminated duplicates (n = 154), resulting in a reduction in the total number of articles to 488. All these articles were ‘eye-balled’ for consistency and accuracy [41,42] with the research keywords and category formulation criteria presented in Table 2. Following this preliminary screening, 365 articles were eliminated, leaving 123 articles eligible for a second screening.
We re-evaluated these articles based on the secondary inclusion and exclusion criteria, as described in Table 1. As per the secondary inclusion criteria, we refined our selection to articles that addressed cybersecurity issues involving local governments, regardless of whether they mentioned smart cities. We also included articles that discussed cybersecurity in the context of smart cities, regardless of whether they indicated a central or local governmental role. In contrast, the secondary exclusion criteria eliminated articles that focused on subjects outside of the areas specified in the secondary inclusion criteria. The execution of primary and secondary inclusion and exclusion criteria is a common practice in the PRISMA protocol adopted by many researchers [29,30,41,42,43,44]. This approach played a crucial role in our study by eliminating the irrelevant literature and focusing on the most relevant articles that provided valuable information about the cybersecurity landscape in local governments. After applying the secondary inclusion and exclusion criteria, we finally identified 53 articles that matched our research aim and question, which were then systematically reviewed and analyzed in this study. Figure 3 illustrates the aforementioned steps for article search and selection as a step-by-step guide.
The third stage (reporting and dissemination) of the PRISMA protocol involved investigating the selected articles (n = 53) using a descriptive technique instead of a statistical analysis. This screening procedure aimed to systematically assess the selected articles based on predetermined criteria in order to prepare a conceptual framework for the local government’s cybersecurity landscape. We followed a three-step process to develop this framework: first, we selected a foundation for the framework; second, we identified cybersecurity components for local governments, including the types of attacks and attackers, important data types, barriers, solutions, and assessment tools; and finally, we categorized these components and designed the framework. During the construction of this systematic literature review paper, additional publications on the subject were incorporated to provide further evidence and improve the review’s overall structure. In total, this paper cites 132 references, including both the selected and additional literature.

4. Analysis and Results

4.1. General Observations

The academic focus on cybersecurity in local governments began in 2012, as found in this review (Figure 4), coinciding with a rapid technological renaissance and the evolution of the ‘smart city’ concept [45]. Local governments actively embraced these technologies to enhance operational effectiveness, improve public services, and foster a meaningful engagement with residents [46,47]. As they transformed into smart cities, their cyber risk profile escalated in complexity and scale [7]. The academic contribution to cybersecurity in 2012 predicted an increase in scholarly interest thereafter. However, the academic literature did not extensively investigate this topic until 2018.
Since 2018, there has been a surge in scholarly research on cybersecurity issues, possibly linked to the growing adoption of smart city initiatives by cities around the world. Out of the 53 reviewed articles, 49 were published after 2018, with 18 in the last year and a half alone. However, there is a skewed focus on the technological aspects of cybersecurity solutions in smart cities, often overlooking non-technical aspects such as knowledge and awareness gaps, deficiencies in policy and implementation, and an appropriate understanding of the cybersecurity landscape from a local governmental perspective. To comprehensively understand and address these multifaceted cybersecurity issues, a local governmental viewpoint requires a balanced approach and a proper understanding of their landscape.
Out of the 53 articles examined, 28 did not provide a comprehensive discussion of a specific country’s setting, instead offering a generic overview of a topic (Figure 5). For instance, Ahmadi-Assalemi, Al-Khateeb, Epiphaniou, and Maple [35] reviewed cyber incident response and resilience in smart cities; Bokhari and Myeong [48] examined the impacts of AI on smart city cybersecurity and e-governance; Efe and Isik [49] analyzed the perception of Industry 4.0 transformation and its implications for cybersecurity; Kim, Istabraq Mohammed, Ramachandran, Kim, Zia, and Almorjan [37] presented the outcome of a comprehensive literature review on smart cities’ cyber forensics and cybersecurity; Ma [50] provided a technical overview on cybersecurity technologies in smart cities; Siddiqui et al. [51] investigated the security architecture of smart cities in contract-based mechanisms; and Verhulsdonck et al. [52] analyzed the existing literature on cybersecurity, playable cities, and smart cities.
The USA has the highest number of contributions to the field of cybersecurity and local government, accounting for 11 articles, including the first-ever contribution in this research field, where Caruson, MacManus, and McPhee [14] presented survey results on the cybersecurity status of local governments in Florida. MacManus et al. [53] also published a portion of the same survey. Among the remaining articles published in the USA context, Wolff and Lehr [9] discussed mitigating the economic impacts of cyber-attacks; Norris, Mateczun, Joshi, and Finin [11] presented findings from a focus-group discussion on cybersecurity issues in Maryland; Norris, Mateczun, Joshi, and Finin [7] and Norris, Mateczun, Joshi, and Finin [15] featured a survey from the first-ever national survey on cybersecurity issues of local governments in the US; Hatcher, Meares, and Heslen [10] featured a comprehensive survey on cybersecurity in local governments; Norris and Mateczun [8] presented the findings of a key informant survey on cybersecurity issues, followed by a comparative analysis between those results and the first-ever nationwide survey in the US; Preis and Susskind [54] discussed the importance of cybersecurity; and Frandell and Feeney [18] discussed managerial perceptions and cyber incidents.
Australia, Indonesia, and Poland have contributed similarly to this domain, each with three articles. Among the three studies in Australia, Ibrahim et al. [55] evaluated the cybersecurity posture of a local government in Western Australia; Ali et al. [56] discussed cloud service information security requirements in Queensland; and Neupane et al. [57] explored stakeholder trust in smart city technology adoption. In the three articles which featured findings from Indonesia, Alam and Ibrahim [58] discussed cybersecurity’s importance in smart city infrastructure; Madjid, Legionosuko, and Samudro [26] examined Bogor’s information security strategy; and Sensuse, Putro, Rachmawati, and Sunindyo [27] explored cybersecurity objectives and technology for the new capital city in Indonesia.
Among the three articles which featured findings from Poland, Karpiuk [59] discussed the position of local governments in their nation’s cybersecurity system; Chałubińska-Jentkiewicz [4] examined the ICT network as a public task for local governments; and Chodakowska, Kańduła, and Przybylska [19] presented the findings of a survey on the cybersecurity issues of local governments. Two articles in the Taiwanese context examined the information security process and policy [60,61]. We also discovered one article each in Georgian, Indian, and Saudi Arabian contexts. Napetvaridze and Chochia [62] reviewed cybersecurity policy and law history in Georgia; Ahmad et al. [63] discussed smart cities and their cyber–physical systems in India; and Alhalafi and Veeraraghavan [64] examined the challenges in implementing cybersecurity measures in Saudi smart cities.

4.2. Data Landscape within Local Governments

Regardless of their size and geographical setting, local governments store and manage a wide array of data, influencing policy execution, decision-making, and community engagement. This review identified 20 different types of data that local governments typically store and manage. Figure 6 presents the data that local governments typically store and manage.
Depending on their functionality, we can classify these data into four broad categories: (a) individual-centric data focus predominantly on data that belong to residents, including personal information [7,11,53], financial information [13,65], medical records [35,66], education records [19], and utility usage data [11,67]; (b) public safety and governance data refer to the data that are crucial for governmental operations and public welfare, such as surveillance and monitoring data, public safety data, election and voter information, vendor and procurement data, and employee and contractor data; (c) infrastructure and utility data are those that provide insights for traffic and public transportation patterns, infrastructure management, utility consumption, property records, waste management, and IoT device data; and (d) community and environment data refer to data such as recreation and public events, chats with residents and between residents and local governments officials, public feedback and suggestions sent through an online medium, environmental data such as pollution data, air quality data, weather data, water quality data, and other environmental monitoring and historical data.

4.3. Types and Techniques of Cyber-Attacks in Local Governments

Local governments are frequently targeted for cyber-attacks [6,68]. The types and techniques of attacks are diverse and continuously evolving. A comprehensive understanding of common attack types and techniques can help practitioners and researchers develop effective defensive measures and a more targeted approach to policymaking to safeguard critical data and digital infrastructure in local government. Therefore, we made an attempt to list all the types and techniques of cyber-attacks addressed by the existing literature in this field.
Caruson, MacManus, and McPhee [14] initially contributed to the local government cybersecurity research field by investigating cybersecurity issues in 67 counties in Florida, USA. Their study marked viruses and worms as the most common types of attack, followed by phishing, bots, spyware, and Domain Name Systems (DNS). The first nationwide survey in the USA on local governments’ cybersecurity by Norris, Mateczun, Joshi, and Finin [15] highlighted ransomware as the most prominent form of cyber-attack. In a different study by Norris, Mateczun, and Forno [6] on 11 cities and three counties in the USA revealed that 85.5% of the cyber-attack had been caused by phishing or spear phishing, followed by zero-day target attacks, brute force attacks, Denial of Service (DoS), Distributed Denial of Service (DDoS), and man-in-the-middle. Hatcher, Meares, and Heslen [10] conducted a study on the cybersecurity practices and policies of local governments in the USA, and they mentioned ransomware, phishing, and DNS attacks as the most common types and techniques of cyber-attacks on local governments. An assessment of the cybersecurity posture of a cloud infrastructure in a local government in Australia by Ali et al. [69] revealed IP spoofing, man-in-the-middle, malicious insiders, and DoS as common types and techniques of cyber-attacks. We compiled a few common cyber-attack events on local governments from the reviewed literature in Table 3 to further investigate the various types and techniques of cyber-attacks targeting local governments.
This review identified a total of 30 types and techniques of cyber-attacks that pose significant threats to local governments’ cybersecurity. Malware attacks, including ransomware, spyware, and adware, pose a significant threat to local governments, disrupting operations and compromising sensitive information confidentiality and integrity [14,36,50]. Code Injection Attacks, such as SQL Injection, Malvertizing, and Cross-Site Scripting (XSS), are a significant threat to web-based services and applications, exploiting software vulnerabilities to execute malicious code, leading to data breaches and unauthorized system access [35,62,76]. Spoofing methods like IP, ARP, and DNS trick and redirect communication networks, which lowers trust and could lead to data theft and unauthorized access to network resources [56,65,67,77]. DoS and DDoS attacks disrupt local government operations by overwhelming systems with traffic, incapacitating essential digital services, and causing significant operational disruptions [9,36,78].
Social engineering is a common technique of identity-driven attack that tricks people to bypass the regular security procedures of the local government or any other organization. Identity-driven attacks also include phishing, spear phishing, and whaling, which exploit human factors and authentication processes, often leading to unauthorized access and information theft [8,79,80]. Insider threats, both malicious and negligent, are a significant challenge due to attackers’ access to systems and knowledge of internal processes, causing significant damage and data loss [7,15,80]. Other sophisticated attack techniques, such as zero-day attacks, repudiation, tampering, spamming, and, particularly, Advanced Persistent Threat (APT), underscore the evolving and persistent nature of cyber risks [25,51,67,74]. APTs, characterized by their stealth and persistence, pose a continuous threat to the security of sensitive government data. Table 4 provides a comprehensive list of the cyber-attack types and techniques that are frequently cited in the existing literature concerning cybersecurity in local governments.

4.4. Purpose of Cyber-Attacks

Our systematic review identified various motivations that drive cyber-attacks on local governments. One major incentive behind these attacks is the possibility of unlawfully obtaining information about residents and employees, such as personal details or credit/debit card details. When accessed, such information becomes an asset to trade for financial gain in the digital marketplace and on the dark web. Ransomware is another method employed by cybercriminals to profit by holding crucial administrative data and infrastructure of local governments hostage until a ransom is paid, typically in the form of digital currencies [49].
Apart from financial causes, cyber-attacks against local governments are often driven by political motives such as espionage and hacktivism. Espionage, often orchestrated by state-sponsored actors, aims to extract sensitive information for strategic or political gain [67]. Hacktivism, driven by ideological factors, leads certain cyber-attackers to target local governments to voice political or societal grievances [7,8]. Given the close-knit relationship between local governments and their constituents, such attacks can amplify the hackers’ messages, creating significant community unrest. Personal vendettas add another layer to the threat landscape [7,15]. Discontented individuals, perhaps former employees or those who feel wronged by local governance decisions, might resort to cyber-attacks as instruments of revenge or retribution. Their intimate familiarity with the inner workings of the local government can potentially exacerbate the damage caused.
Many groups or individuals simply hack local government systems to cause mischief or out of curiosity, show their hacking skills, and for community recognition, often resulting in service disruptions and data breaches [7,15]. We have also found the mention of terror attacks as one of the purposes of cyber-attacks, which seek to create a sense of fear, disrupt essential services, or erode public trust in systems of governance [7]. Regardless of the purposes or motivations, cyber-attacks not only affect local governments financially but also stain their reputation and public trust. Therefore, gaining insight into these diverse motivations is crucial for local governments to strengthen their defenses and proactively anticipate potential threats.

4.5. Type of Attackers

The reviewed articles provided insights into the types of cyber-attackers targeting local governments. In total, we found the mention of attackers in 13 articles among the 53 we reviewed [6,7,11,15,35,36,37,50,53,65,80,82,85]. Based on the discussion provided in the reviewed articles, the common types of cyber-attackers can be divided into four categories: external actors (organizations), external actors (individuals), state actors, and malicious insiders.
External actors (organizations) refer to the organized groups such as terrorist cyber groups, hacktivist groups, and mercenary or “for-hire” hackers targeting systems for financial gain or political motives, often with sophisticated tools and tactics, driven by specific agendas or missions [7,8,35,36,50,65]. External actors (individuals) engage in cyber-attacks driven by individual motivations, which encompass an array of factors such as financial incentives, curiosity, the showcasing of skills, or anger. Examples of such attackers include hackers, criminals, political activists, young people, and spammers [7,8,11,15,36,37,50,53,65,82].
State actors such as cyber militias and patriotic hackers backed by national governments engage in cyber espionage, cyber warfare, and other strategic operations, targeting critical infrastructure, government data, and other nations’ strategic assets [7,8]. A particularly insidious threat to local governments comes from within—malicious insiders. These individuals may be associates, contractors, or current or former employees. The motivations of malicious insiders, which may include financial incentives, personal grievances, or ideological biases, pose significant challenges for local governments [7,36,65,80,85]. Their intimate knowledge of and access to sensitive information and critical systems make their attacks potentially devastating.

4.6. Barriers and Recommended Solutions for Local Governments

Local governments face numerous barriers to maintaining strong cybersecurity measures. In fact, this systematic review identified a total of 16 barriers to cybersecurity for local governments. The lack of sufficient funds is the most significant barrier, as mentioned in several articles [4,7,8,11,15,19,53,61,84]. Other key barriers include the absence of cybersecurity policies and regulations, inadequate training provisions [61], and a lack of expertise [11,58]. The lack of collaboration among departments and partnerships with external entities is also a major barrier to ensuring effective cybersecurity in local governments [58]. Figure 7 presents the barriers identified in this systematic review. For better comprehension, we categorized the barriers into four broader groups: (a) resource and infrastructure challenges; (b) technical and operational challenges; (c) policy and regulatory challenges; and (d) accountability and behavioral challenges.
To counter the barriers or challenges, we identified a total of 23 recommendations during our systematic review. Most of the articles emphasized the need for more financial resources to develop appropriate strategies and implement them. These included recruiting skilled personnel, adopting advanced technologies, and ensuring system monitoring and updates [7,10,14,80]. Other recommendations included establishing well-defined cybersecurity policies, standards, and educational initiatives, as well as expanding technical proficiencies through AI [7,15,53,80,82]. Some of the reviewed articles also emphasized the importance of human factors in cybersecurity, such as enhancing the knowledge of government personnel [7,49], conducting background checks [14], and ensuring comprehensive training and accountability for Information Technology (IT) infrastructure users [15,53]. Hatcher, Meares, and Heslen [10] and Demertzi, Demertzis, and Demertzis [13] recommended strategic alliances with businesses and research institutions to understand and reduce cyberthreats in local governments. Figure 7 lists all the recommended solutions along with the barriers. The barriers and recommended solutions are further discussed in the Discussion Section (Section 5.2.4) of this paper.

4.7. Cybersecurity Tools

Cybersecurity tools are software and hardware designed to safeguard electronic records, networks, and systems from cyberthreats. After recognizing the paramount importance of cybersecurity for local governments, an array of tools can be used to fortify their digital infrastructure. This study identified 20 such tools mentioned throughout the selected literature. Table 5 presents these tools along with a description. Fundamental tools such as antivirus software are crucial in protecting against various malware, viruses, worms, and Trojans [14,64]. Their effectiveness relies on regular updates to combat evolving cyberthreats. Anti-phishing tools detect and neutralize phishing attempts, particularly in emails, by scrutinizing incoming communications for signs of phishing [13]. Virtual Private Networks (VPNs) establish secure and encrypted connections over potentially insecure networks, ensuring data security in transit [65,77]. Multifactor authentication (MFA) and biometric authentication methods add layers of verification to prevent unauthorized access [25,50].
Web gateways control and monitor Internet traffic, providing a barrier against web-based threats [63,81]. Email security solutions filter out malicious content and guard against email infiltration [15]. Web/network vulnerability scanning tools proactively identify potential security weaknesses, enabling their timely remediation [10,77]. Secure Sockets Layer (SSL) certificates ensure data integrity and confidentiality in digital interactions [7,65]. Network security includes network firewalls, network security monitoring tools, packet sniffers, intrusion detection and prevention systems (IDPS), router security, encryption tools, data loss prevention (DLP) systems, backup solutions, and data masking techniques [9,14,33,67,85]. Web Application Firewalls (WAF) filter and monitor HTTP traffic to and from web applications [25,50]. Software for penetration testing imitates cyber-attacks to find holes in security [35,79], and Security Information and Event Management (SIEM) systems improve the overall security by monitoring, finding, and responding to security incidents [55,82].

4.8. Assessment Frameworks and Standards

This review did not find any cybersecurity assessment framework developed solely considering the context of local governments. However, the NIST cybersecurity framework was frequently referenced in number of reviewed papers as a common tool to assess cybersecurity at the organizational level. Specifically designed to assist organizations in effectively managing and mitigating cybersecurity threats, the NIST cybersecurity framework offers a comprehensive set of standards. The framework has gained recognition because of its adaptability, making it a crucial tool for organizations of different sizes and sectors. The review has also found a few other frameworks/standards such as NIST SP 800-53, ISA 62443-2-1:2009, ISA 62443-3-3:2013, ISO/IEC 27001:2013, and Control Objectives for Information and Related Technologies (COBIT5) [10,12,13,25,36,55,61]. Details of these frameworks/standards are described in Table 6.

5. Findings and Discussion

5.1. The Need and Foundation: Cybersecurity Conceptual Framework from Local Government Perspective

Information on the cybersecurity issues of local governments is fragmented and scattered, leaving a significant gap in understanding the threat landscape. For example, we found a total of 30 types and techniques of potential cyber-attacks scattered in 43 articles and 20 cybersecurity tools in 31 articles. However, none of the articles in this research domain provided a comprehensive list or discussion of all the potential cyber-attack types and techniques. This fragmented insight into local governments’ cybersecurity hinders the ability of responsible officials and elected members to formulate and deploy robust defensive strategies to safeguard the confidential information of residents and employees and maintain organizational integrity. Additionally, this fragmented information landscape may cause the removal of critical details. Decision-makers may remain aware of widely discussed matters but oblivious to less popular but important ones. This limited viewpoint can unintentionally neglect key vulnerabilities, leaving local governments exposed. However, a cohesive conceptual framework can help identify challenges and deploy countermeasures, compiling attack types and techniques, potential attackers, tools, frameworks, and standards [86,87]. Therefore, we created a conceptual framework, illustrated in Figure 8, with the goal of providing officials, decision-makers, and researchers in this field with a holistic view of local governments’ cybersecurity aspects.
To develop the framework, we employed a comprehensive methodology, grounded in the established definitions and principles of cybersecurity set forth by the ISO and in the findings from our systematic review. The heart of the framework lies in its delineation of seven key cybersecurity domains, as mentioned previously under the Cybersecurity Concept Sub-section above, each addressing a vital component of local governments’ digital defense. These domains include Internet security, web security, network security, data security, endpoint security, application security, and cloud security. A pivotal aspect of our framework is its incorporation of the CIA Triad and its extension to the CIA-AAA concept. The CIA Triad, consisting of confidentiality, integrity, and availability, is a fundamental principle in cybersecurity. Confidentiality ensures that information is not shared with unauthorized individuals, while integrity ensures accuracy and completeness, and availability ensures accessibility and usability on demand.
Multiple researchers indicated an expansion of the CIA Triad to include three additional principles: authentication, authorization, and accountability/auditing [88,89,90]. This model combines authentication to ensure legitimate access, authorization to grant appropriate access rights, and accounting to track system activities for breach detection and compliance. The CIA-AAA model plays a crucial role in local government cybersecurity. Local governments, which are responsible for managing sensitive data and providing critical services, must implement a comprehensive security strategy that encompasses the seven core domains of cybersecurity. Ensuring the confidentiality, availability, and integrity of government data, in addition to implementing rigorous authentication, authorization, and accounting protocols, is a critical aspect of data security. To safeguard online interactions and government websites, robust authentication and authorization mechanisms are integral to Internet and web security. In a similar vein, the model’s emphasis on authorized access and continuous monitoring confers advantages for network and endpoint security. To protect against threats and vulnerabilities, application and cloud security employ a complete range of CIA-AAA principles.
Our approach to local government cybersecurity involves a multi-layered structure that maps cyberthreats and defenses. We positioned the types and techniques of cyber-attacks at the center of the framework, connecting them to the corresponding cybersecurity domains directly above them. This strategic placement is not merely structural but indicative of the direct link between the identified cyberthreats and the targeted cybersecurity domains. The principles of the CIA-AAA concept encapsulate these core domains, highlighting their universal application and importance across all facets of cybersecurity. The framework’s upper segment focuses on practical and technical cybersecurity assessment frameworks and tools, providing local governments with the necessary resources to evaluate, monitor, and improve their cybersecurity posture. The lower section of the framework focuses on the non-technical and administrative aspects of cybersecurity, including the types of attackers, their motivations, challenges specific to local governments, and recommended solutions. This approach not only equips local governments with technical tools to defend against cyberthreats but also addresses the broader context in which these threats occur and prepares them with strategies to mitigate them at multiple levels. This framework could be a good starting point for the key authorities and decision-makers in local governments to understand the cybersecurity big picture. We also note that, while local governments are undertaking cybersecurity measures, they also need to consider responsible innovation and technology principles, as outlined in a study by [91].

5.2. The Framework: Key Components and Limitations in the Existing Literature

5.2.1. Types and Techniques of Cyber-Attacks

Internet security is primarily breached by cyber-attacks including spyware, adware, keyloggers, and ransomware [14,76,81]. These types of cyber-attacks can grant attackers unauthorized control over the online activities of local governments, compromising users’ privacy and data integrity and disrupting system functionality. Malvertizing, phishing, DoS, and DDoS attacks can compromise network security [9,62,84], while SQL injection and XSS target local governments’ websites and web-based applications [62,76]. Network security faces threats including IP spoofing, ARP spoofing, and DNS spoofing. Ransomware, which encrypts access to vital data, spyware, and keyloggers, which collect sensitive information, have a severe impact on data security [11,14,36]. Trojans and rootkits facilitate unauthorized access to data, while phishing techniques target data theft [12,56]. Zero-day exploits, repudiation, and tampering pose risks to data accuracy and trustworthiness [51,67,74]. Cloud storage security entails safeguarding data and services stored in the cloud against threats, including ransomware, Advanced Persistent Threats (APTs), and the dangers posed by malicious and negligent insiders [78,79].
While the existing literature provides insightful discussions on many types and techniques of cyber-attacks, it notably overlooks emerging threats, which could be vital for local governments. Emerging threats in Internet security include deepfake technology and AI-powered social engineering attacks, which can lead to misinformation or the manipulation of public opinion [92,93]. In web security, newer threats such as API attacks [94] and crypto-jacking that target web-based applications are often overlooked [95,96]. Network security faces evolving risks, such as Zero-Trust Network Architecture violations and IoT-based attacks, which can lead to widespread disruptions or data breaches [12]. For data security, quantum computing attacks and advanced ransomware tactics targeting backups and disaster recovery strategies are very critical [97,98].
Endpoint security, especially in the context of smart cities, must contend with the proliferation of IoT devices, including threats from unsecured devices and sophisticated mobile malware targeting government officials’ devices [99]. The incorporation of AI and machine learning into applications creates new opportunities for AI-driven threats in applications frequently utilized by local governments [16]. Cloud security in local governments, especially in smart cities, faces unique challenges, such as increased risks in shared and multi-tenant cloud environments and threats targeting cloud-based IoT platforms and big data analytics [100,101]. The ever-evolving digital landscape, marked by advanced technologies and interconnected systems, introduces new vulnerabilities and attack surfaces [9,13,37]. Local governments must stay abreast of current threats and proactively anticipate future challenges to effectively protect their cyber ecosystems.

5.2.2. Common Cybersecurity Tools

This systematic review of cybersecurity for local governments reveals a variety of tools designed to enhance specific aspects of cybersecurity. These Internet security tools include antivirus software, anti-phishing tools, VPNs, MFAs, web gateways, and email security solutions [63,64,78]. Web security tools include web vulnerability scanning tools, which identify security weaknesses in web applications and websites, and SSL certificates that establish secure and encrypted links between web servers and browsers [7]. Network security tools include network firewalls, monitoring tools, packet sniffers, IDPS, VPNs, and router security [78,79]. Data security tools include encryption tools, DLP software, MFA, backup solutions, and data masking to protect sensitive data from unauthorized access [50,51,85]. Endpoint security tools include antivirus software for protection against various forms of malware that could compromise endpoint devices [49]. Application security tools include WAF, penetration testing software, and SIEM systems [25,82]. Cloud security tools use encryption tools to protect data stored in the cloud, ensuring confidentiality and security even in shared and multi-tenant cloud environments [33,61].
The existing literature on cybersecurity in local government contexts highlights a significant gap in the coverage of vital security tools across core concepts. While the literature mentioned common tools for Internet security, it did not mention the tools essential for robust web, network, data, endpoint, application, and cloud security. This is particularly important given the rapidly evolving nature of cyberthreats and the significance of data management by local governments. The existing literature neglects Content Security Policy (CSP) for web security, a crucial tool for preventing attacks like XSS and data injection [102,103]. CSP allows web developers to specify valid domains for executable scripts, preventing malicious script execution [104]. Given the increasing sophistication of web-based attacks, CSP’s role in local government websites and web applications is crucial.
The literature lacks tools like Network Access Control (NAC) and Unified Threat Management (UTM) in network security [105,106]. NAC systems are crucial for secure network access, enforcing security policy compliance on devices attempting to access network resources. UTMs provide a comprehensive security solution, simplifying infrastructure for local governments with limited IT resources. In endpoint security, tools like endpoint detection and response (EDR) detect and respond to threats; Mobile Device Management (MDM) manages mobile device security; and disk and media encryption protect data on endpoint devices, ensuring that data remain secure even in the event of theft or loss [99,107,108].
For application security, the literature overlooks tools such as Application Security Testing (AST) and runtime application self-protection (RASP), which are crucial for identifying vulnerabilities and addressing security issues during development [109,110]. RASP provides a real-time security layer by analyzing application behavior and blocking harmful actions. In cloud security, tools like Identity and Access Management (IAM), which manages user identities and access privileges, Cloud Access Security Brokers (CASBs), which provide data visibility and control, Cloud Security Posture Management (CSPM), which ensures security best practices, and Cloud Workload Protection Platforms (CWPPs), which protect cloud workloads against evolving threats, are not cited in the existing literature in the cybersecurity and local government research domain [89,111,112,113].

5.2.3. Assessment Frameworks and Standards

The existing literature on cybersecurity for local governments predominantly cites only a few frameworks and standards, including NIST, ISO/IEC 27001:2013, COBIT5, ISA 62443-2-1:2009, and ISA 62443-3-3:2013 [12,25,36,55,114]. NIST is known for its comprehensive cybersecurity guidelines, while ISO/IEC 27001:2013 provides the requirements for ISMS. COBIT5 is a governance framework for enterprise IT, emphasizing regulatory compliance, risk management, and aligning IT strategy with organizational goals. ISA 62443-2-1:2009 and ISA 62443-3-3:2013 focus on the security of Industrial Automation and Control Systems, providing a systematic approach to reducing cybersecurity risks in industrial operational environments. Although these frameworks and standards are useful, the current literature shows a lack of comprehensive coverage of cybersecurity frameworks and tools.
It is worth noting that the updated NIST framework, NIST CSF 2.0 (Draft), which represents a substantial advancement over its predecessor [115], is not mentioned in the existing literature in this research domain. The framework now includes a sixth function, the govern function, which covers how an organization can make and execute its own internal decisions to support its cybersecurity strategy [116]. The draft provides improved guidance for implementation, focusing on situation-specific profiles and providing examples for subcategories. According to the NIST website, the final version is set to be released in early 2024 [115].
The Centre for Internet Security (CIS) Controls is a framework that provides a collection of practical measures for protecting against cyberthreats, offering a structured approach to enhancing an organization’s cybersecurity position [114,117]. The General Data Protection Regulation (GDPR), while being primarily a regulatory standard for the European Union, establishes a model for data protection and privacy that can be used as a reference for local governments worldwide [118]. The Cybersecurity Maturity Model Certification (CMMC) is an emerging framework designed to strengthen cybersecurity measures in the defense industrial base [89,119]. Although originally designed for defense contractors, local governments can use the principles and practices of CMMC to enhance their defense measures [120,121]. Local governments may also consider frameworks such as the IT Infrastructure Library (ITIL), which emphasizes the synchronization of IT services with business requirements [89,122,123].
In addition to the aforementioned frameworks and standards, various countries and organizations have prepared their own frameworks and standards. Examples include the New Zealand Information Security Manual (NZISM) and the New York Department of Financial Services Cybersecurity Regulation, the Standard Nasional Indonesia (SNI), China’s National Standard, Australia’s Essential Eight, and the USA General Service Administration’s Federal Risk and Authorization Management Program (FedRAMP) [124]. The NZISM is the government cybersecurity standard in New Zealand, providing guidelines for agencies to protect their digital information and assets. It covers access control and incident management, focusing on sensitive government data, and is issued by the Government Communications Security Bureau of New Zealand. The SNI is Indonesia’s national cybersecurity standard, aimed at ensuring the quality and safety of products and services, including IT and cybersecurity. It provides guidelines and best practices for Indonesian organizations to ensure robust and effective cybersecurity measures against regional and global threats.
The National Standard of the People’s Republic of China (GB/T 22239-2019) is the national cybersecurity framework, encompassing regulations on data protection, Internet services, and network infrastructure [124]. These standards are crucial in shaping the implementation of cybersecurity by organizations operating within China’s borders, given its unique regulatory environment. The Australian Cyber Security Centre developed the Essential Eight, a comprehensive framework designed to prevent cybersecurity incidents. It offers practical guidelines such as application whitelisting, patching, and configuring Microsoft Office macro settings, making it a valuable tool for both government and private sector organizations. The FedRAMP is a government-wide program in the USA that standardizes the security assessment, authorization, and continuous monitoring of the cloud products and services used by federal agencies. Its goal is to ensure that these services meet stringent security requirements, protecting government data. The FedRAMP certification is a benchmark for cloud service providers, indicating high security assurance. Local governments can take insights from these frameworks in various regional and organizational contexts and adopt best practices in their cybersecurity measures.

5.2.4. Challenges and Recommendations

(a) Resource and Infrastructure Issues: Researchers have identified resource limitations, particularly in terms of budgetary allocations, as a major obstacle to the advancement of cybersecurity within local governments [8,47]. The irregular reporting of breaches and misconceptions that these smaller governmental entities are less vulnerable undermine cybersecurity prioritization in local governments [19]. The budget limitations in local governments have cascading effects, restricting experts’ recruitment, infrastructure improvement, and the skill development of current employers [63,117,125]. Consolidating IT networks in local governments can reduce complexity and streamline cybersecurity measures [7,77,112]. The security landscape has evolved, necessitating changes in the authentication systems [92]. Implementing multifactor authentication and a ‘zero trust’ approach can reduce unauthorized access risk [12]. Despite the initial costs and transition challenges, this approach is highly recommended by researchers for long-term cybersecurity benefits, especially considering the rapid increase in IoT device usage and transformation into smart cities [85,106]. Maintaining hardware and software inventories is also crucial for endpoint and application security [14,90]. AI can be a valuable tool for local governments to protect their cybersecurity, as its machine-learning algorithms can identify complex attacks which conventional systems may fail to detect [3,48,126,127]. However, research on AI’s potential in detecting and preventing cyber-attacks in smart cities is limited due to its emerging nature [124].
Researchers have indicated that local governments have a shortage of specialized cybersecurity professionals due to budget constraints and improper knowledge of its significance among decision-makers [7,63]. This shortfall limits the swift identification, response, and recovery from cyber-attacks. To address this issue, local governments can collaborate and partner with state or central governments and private sector companies to access affordable security solutions [9,54,128]. Researchers and experts in the field also recommend unconventional strategies like outsourcing cybersecurity to specialized contractors and cybersecurity insurance, and collecting community and expert feedback to develop targeted cybersecurity strategies [11,15,60].
Budget constraints also prevent local governments from investing in R&D for cybersecurity improvements [77]. However, R&D is vital for conducting thorough risk assessments, analyzing past cyber incidents, developing new security protocols, and staying informed about emerging threats [47,78]. But R&D is usually expensive and can be a daunting task for smaller local governments. Cost-effective strategies such as partnerships with academic institutions and inter-governmental cybersecurity agencies, hosting hackathons, and small-scale pilot projects can be effective alternatives to R&D for local governments with limited financial resources [49,64,129].
(b) Policy and Regulatory Issues: Researchers frequently cited the lack of comprehensive cybersecurity policies as a critical gap in local governments’ cybersecurity preparedness [77,83,128]. MacManus, Caruson, and McPhee [53] identified regulatory oversight and a lack of enforcement as crucial challenges for local governments. A lack of visibility and influence can lead to a disconnect between policy formulation and implementation, resulting in insufficient resource allocation and attention to cybersecurity matters [11,18]. The lack of political and bureaucratic support also hinders the development and enforcement of effective cybersecurity measures [86]. To tackle these challenges, it is crucial to emphasize cybersecurity governance, establish a clear regulatory framework, and gain support from political, bureaucratic, and executive leaders [14,53,80].
Cybersecurity policies should outline local governments’ cybersecurity stance, define roles and standards, and be regularly reviewed [82,130]. Collaboration with academic institutions can help local governments develop policies cost-effectively, aligning with smart cities [10,13]. Considering resource limitations as a major constraint for local government, they can benefit from the use of large language models (LLM) or generative pre-trained transformer (GPT)-assisted approaches for cybersecurity policies, as these tools are already being utilized by organizations for cybersecurity governance, risk management, and compliance (GRC) policies. In fact, in their research, McIntosh et al. [131] demonstrated that GPT-generated policies can be more effective and comprehensive when provided with custom-tailored prompts.
However, due to the evolving cybersecurity landscape and limitations of GPT models, human moderators and subject-matter experts are crucial in refining AI-generated content. Their involvement ensures that the output aligns with the latest trends and upholds legal and ethical standards, making the policies practically relevant and ethically responsible [91]. Along with the policies, regular audits and consequence management systems are also essential. Formal regulatory structures, including cybersecurity committees, could be formed within local governments to ensure that data management practices align with cybersecurity principles. Additionally, the existing literature on cybersecurity lacks the comprehensive coverage of legislative and regulatory compliance, particularly in areas like data privacy, cloud computing, and IoT. The available literature does not cover legal frameworks and practical guidance for implementing these mandates within local governments’ unique operational contexts. This presents an untapped area for research.
(c) Accountability and Behavioral Issues: Accountability and organizational culture are essential for effective governance, and cybersecurity is no exception. In local governments, where multiple stakeholders collaborate, accountability lines often blur, leading to vulnerabilities and potential breaches [132,133]. Cybersecurity in local governments faces behavioral challenges, such as reactive protocols adopted after incidents and a lack of collaboration within departments [13,77,130]. To address these issues, local governments must encourage collaboration on cybersecurity initiatives, share best practices, foster a culture of communication and teamwork, prioritize cybersecurity as a shared objective, and cultivate a culture of ‘cyber hygiene’ among employees [8,12]. This involves maintaining basic digital environments, such as regular updates, vigilant monitoring, and adherence to best practices in digital communication and data management [42,134]. Educating employees through workshops, training sessions, and awareness campaigns about the importance of cyber hygiene is crucial for building a knowledgeable, aware, and responsible workforce [13].
(d) Technical and Operational Issues: Local governments face increasing technical and operational challenges, particularly in addressing the complexity and sophistication of cyberthreats [18], safeguarding data, and ensuring their integrity [77]. Ensuring data integrity is crucial to maintaining public trust [19,50]. Local governments must implement secure coding practices, intrusion detection systems, regular software updates, and blockchain technology to enhance data integrity. On the other hand, to maintain public trust, local governments must demonstrate transparency in their cybersecurity practices and data handling procedures. To balance between safeguarding residents’ information and confidential administrative documents and upholding public trust, a multifaceted approach is needed. This encompasses the formulation of policies, the frequent training of staff members on cybersecurity protocols, and active involvement with the public to disseminate knowledge about local governments’ cybersecurity and data protection strategies, as well as educating residents on protecting their own data as well as about cybersecurity [13,62,68,76].
The general lack of knowledge among staff and decision-makers about cybersecurity and how to safeguard data exacerbates vulnerability to cyberthreats [55,58,64]. This knowledge gap is significant, manifesting not only in a general lack of cybersecurity awareness among non-IT staff but also in the specific technical knowledge necessary for IT professionals within local governments. Each data category has unique vulnerabilities, requiring different levels of safeguarding [135]. Understanding the different types of cyberthreats is crucial for IT professionals to prioritize their cybersecurity measures. Furthermore, obtaining specific cybersecurity certifications can be resource-intensive and beyond the reach of many local governments, making them ill-prepared to manage and respond to cyberthreats. To tackle technical and operational challenges, local governments can form partnerships, invest in targeted training programs, and use open-source or cost-effective cloud-based cybersecurity services [26,35]. Regular risk assessments and audits can also help them identify vulnerabilities and prioritize resource allocation.

6. Conclusions

This conceptual framework, built upon critical cybersecurity domain, is a novel attempt to comprehensively map the cybersecurity landscape of local governments from a non-technical and governance perspective. The non-technical nature of our framework offers advantages for decision-makers in local governments as it provides a comprehensive overview of the cybersecurity landscape, segmenting and categorizing challenges, attacker motivations, threats, and countermeasures. This approach allows decision-makers, even without technical expertise, to understand the depth of cybersecurity issues they face and the potential solutions. For practitioners such as IT administrators or officers in local governments, this framework provides a roadmap, helping them make informed decisions about cybersecurity issues. It provides detailed insights on attack types, potential attackers, essential tools, and relevant standards, allowing officials to focus on matters relevant to their local governments’ cybersecurity. From an academic perspective, this framework addresses the gap in the cybersecurity literature by consolidating scattered knowledge on local governments’ cybersecurity landscape. It provides a cohesive reference for further studies, critiques, and discussions.
This framework serves as a dynamic platform for academic discourse, catalyzing future research trajectories and paving the way for academic–practice collaborations. The ‘structured and layered’ approach of the framework encourages further exploration and research of each layer. Real-world application of the framework is also crucial to bringing forth more issues in the cybersecurity landscape of local governments. The human aspect of cybersecurity, influenced by organizational behaviors, decision-making patterns, and public perceptions, presents a profound research avenue too [136,137]. Understanding these intersections could help develop strategies that balance technical and human-centric cyber-defense mechanisms [138,139]. Policy and legislative implications are also potential research topics, as the framework can inform the development of dedicated cybersecurity policies and legislation for local governments.
Although this conceptual framework is comprehensive, it has limitations like any other general frameworks, which need to be identified and recognized [40,140,141,142]. The dynamic and ever-evolving nature of the cyber-attack and threat landscapes is a key limitation of this conceptual framework [8,66]. As technology advances, cyber-attackers consistently evolve and develop novel and enhanced attack vectors [7,85]. Our conceptual framework is built upon the existing scholarly literature and may not account for attack types that have not yet been recorded in scholarly articles, are yet to be invented, or are still emerging. Similarly, this framework also includes countermeasures or cybersecurity tools, an assessment framework, and standards that are currently available and have been cited in the academic literature.
Despite these limitations, our conceptual framework is an invaluable asset for relevant stakeholders in local governments as it facilitates the understanding of the types of attacks, tools, and assessment frameworks in a structured way. Adaptations and extensions of the framework are possible for users, including practitioners, decision-makers, and researchers, to accommodate emergent threats and solutions. This framework’s capacity for adaptability guarantees its ongoing relevance and currency, functioning as a cornerstone which can be consistently revised and modified to tackle the ever-changing threat landscapes of cybersecurity in local governments.

Author Contributions

S.T.H.: data collection, processing, investigation, analysis, and writing—review and editing; T.Y., K.N. and Y.X.: supervision, conceptualization, and writing—review and editing. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by the Australian Research Council Discovery Grant Scheme, with grant number DP220101255.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Data will be made available upon request from the corresponding author.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Rotta, M.J.R.; Sell, D.; dos Santos Pacheco, R.C.; Yigitcanlar, T. Digital commons and citizen coproduction in smart cities: Assessment of Brazilian municipal e-government platforms. Energies 2019, 12, 2813. [Google Scholar] [CrossRef]
  2. Micozzi, N.; Yigitcanlar, T. Understanding smart city policy: Insights from the strategy documents of 52 local governments. Sustainability 2022, 14, 10164. [Google Scholar] [CrossRef]
  3. Yigitcanlar, T.; Agdas, D.; Degirmenci, K. Artificial intelligence in local governments: Perceptions of city managers on prospects, constraints and choices. AI Soc. 2023, 38, 1135–1150. [Google Scholar] [CrossRef]
  4. Chałubińska-Jentkiewicz, K. Access to the ICT network as a public task of local government. Lex Localis 2021, 19, 175–195. [Google Scholar] [CrossRef] [PubMed]
  5. Yigitcanlar, T.; Li, R.Y.M.; Beeramoole, P.B.; Paz, A. Artificial intelligence in local government services: Public perceptions from Australia and Hong Kong. Gov. Inf. Q. 2023, 40, 101833. [Google Scholar] [CrossRef]
  6. Norris, D.F.; Mateczun, L.; Forno, R. Cybersecurity and Local Government; John Wiley & Sons, Inc.: Hoboken, NJ, USA, 2022. [Google Scholar]
  7. Norris, D.F.; Mateczun, L.; Joshi, A.; Finin, T. Cyberattacks at the grass roots: American local governments and the need for high levels of cybersecurity. Public Adm. Rev. 2019, 79, 895–904. [Google Scholar] [CrossRef]
  8. Norris, D.F.; Mateczun, L.K. Cyberattacks on local governments 2020: Findings from a key informant survey. J. Cyber Policy 2022, 7, 294–317. [Google Scholar] [CrossRef]
  9. Wolff, J.; Lehr, W. When cyber threats loom, what can state and local governments do? Georget. J. Int. Aff. 2018, 19, 67–75. [Google Scholar] [CrossRef]
  10. Hatcher, W.; Meares, W.L.; Heslen, J. The cybersecurity of municipalities in the United States: An exploratory survey of policies and practices. J. Cyber Policy 2020, 5, 302–325. [Google Scholar] [CrossRef]
  11. Norris, D.F.; Mateczun, L.; Joshi, A.; Finin, T. Cybersecurity at the grassroots: American local governments and the challenges of internet security. J. Homel. Secur. Emerg. Manag. 2018, 15, 20170048. [Google Scholar] [CrossRef]
  12. Chaudhuri, A.; Bozkus Kahyaoglu, S. Cybersecurity assurance in smart cities: A risk management perspective. EDPACS 2023, 67, 1–22. [Google Scholar] [CrossRef]
  13. Demertzi, V.; Demertzis, S.; Demertzis, K. An overview of cyber threats, attacks and countermeasures on the primary domains of smart cities. Appl. Sci. 2023, 13, 790. [Google Scholar] [CrossRef]
  14. Caruson, K.; MacManus, S.A.; McPhee, B.D. Cybersecurity policy-making at the local government level: An analysis of threats, preparedness, and bureaucratic roadblocks to success. J. Homel. Secur. Emerg. Manag. 2012, 9, 20120003. [Google Scholar] [CrossRef]
  15. Norris, D.F.; Mateczun, L.; Joshi, A.; Finin, T. Managing cybersecurity at the grassroots: Evidence from the first nationwide survey of local government cybersecurity. J. Urban Aff. 2021, 43, 1173–1195. [Google Scholar] [CrossRef]
  16. Chahal, N.S.; Bali, P.; Khosla, P.K. A proactive approach to assess web application security through the integration of security tools in a security orchestration platform. Comput. Secur. 2022, 122, 102886. [Google Scholar] [CrossRef]
  17. Almeida, F. Prospects of cybersecurity in smart cities. Future Internet 2023, 15, 285. [Google Scholar] [CrossRef]
  18. Frandell, A.; Feeney, M. Cybersecurity threats in local government: A sociotechnical perspective. Am. Rev. Public Adm. 2022, 52, 558–572. [Google Scholar] [CrossRef]
  19. Chodakowska, A.; Kańduła, S.; Przybylska, J. Cybersecurity in the local government sector in Poland: More work needs to be done. Lex Localis 2022, 20, 161–192. [Google Scholar] [CrossRef]
  20. NIST. Framework for Improving Critical Infrastructure Cybersecurity. 2018. Available online: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf (accessed on 3 December 2023).
  21. BS ISO/IEC 27032:2023; Cybersecurity. Guidelines for Internet Security. BSI: Geneva, Switzerland, 2023.
  22. BS EN ISO/IEC 27000:2020; Information Technology. Information Security Management Systems. Overview and Vocabulary. BSI: Geneva, Switzerland, 2020.
  23. Ross, R.; Pillitteri, V.; Graubart, R.; Bodeau, D.; Mcquaid, R. Developing Cyber-Resilience Systems: A Systems Security Engineering Approach; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2021.
  24. von Solms, B.; von Solms, R. Cybersecurity and information security—What goes where? Inf. Comput. Secur. 2018, 26, 2–9. [Google Scholar] [CrossRef]
  25. Andrade, R.O.; Yoo, S.G.; Tello-Oquendo, L.; Ortiz-Garces, I. A comprehensive study of the IoT cybersecurity in smart cities. IEEE Access 2020, 8, 228922–228941. [Google Scholar] [CrossRef]
  26. Madjid, M.A.; Legionosuko, T.; Samudro, E.G. The information security strategy of Bogor’s smart city to deal with threat in cyber space. IOP Conf. Ser. Mater. Sci. Eng. 2021, 1073, 12054. [Google Scholar] [CrossRef]
  27. Sensuse, D.I.; Putro, P.A.W.; Rachmawati, R.; Sunindyo, W.D. Initial cybersecurity framework in the new capital city of Indonesia: Factors, objectives, and technology. Information 2022, 13, 580. [Google Scholar] [CrossRef]
  28. Li, W.; Yigitcanlar, T.; Erol, I.; Liu, A. Motivations, barriers and risks of smart home adoption: From systematic literature review to conceptual framework. Energy Res. Soc. Sci. 2021, 80, 102211. [Google Scholar] [CrossRef]
  29. Regona, M.; Yigitcanlar, T.; Xia, B.; Li, R.Y.M. Opportunities and adoption challenges of AI in the construction industry: A PRISMA review. J. Open Innov. Technol. Mark. Complex. 2022, 8, 45. [Google Scholar] [CrossRef]
  30. David, A.; Yigitcanlar, T.; Li, R.Y.M.; Corchado, J.M.; Cheong, P.H.; Mossberger, K.; Mehmood, R. Understanding local government digital technology adoption strategies: A PRISMA review. Sustainability 2023, 15, 9645. [Google Scholar] [CrossRef]
  31. Senadheera, S.; Yigitcanlar, T.; Desouza, K.C.; Mossberger, K.; Corchado, J.; Mehmood, R.; Li, R.Y.M.; Cheong, P.H. Understanding chatbot adoption in local governments: A review and framework. J. Urban Technol. 2024, 1–35. [Google Scholar] [CrossRef]
  32. Marasinghe, R.; Yigitcanlar, T.; Mayere, S.; Washington, T.; Limb, M. Computer vision applications for urban planning: A systematic review of opportunities and constraints. Sustain. Cities Soc. 2024, 100, 105047. [Google Scholar] [CrossRef]
  33. Dong, N.; Zhao, J.; Yuan, L.; Kong, Y. Research on information security system of smart city based on information security requirements. J. Phys. Conf. Ser. 2018, 1069, 012040. [Google Scholar] [CrossRef]
  34. AlDairi, A.; Tawalbeh, L.a. Cyber security attacks on smart cities and associated mobile technologies. Procedia Comput. Sci. 2017, 109, 1086–1091. [Google Scholar] [CrossRef]
  35. Ahmadi-Assalemi, G.; Al-Khateeb, H.; Epiphaniou, G.; Maple, C. Cyber resilience and incident response in smart cities: A systematic literature review. Smart Cities 2020, 3, 894–927. [Google Scholar] [CrossRef]
  36. Kalinin, M.; Krundyshev, V.; Zegzhda, P. Cybersecurity risk assessment in smart city infrastructures. Machines 2021, 9, 78. [Google Scholar] [CrossRef]
  37. Kim, K.; Istabraq Mohammed, A.; Ramachandran, S.; Kim, J.; Zia, T.; Almorjan, A. Cybersecurity and cyber forensics for smart cities: A comprehensive literature review and survey. Sensors 2023, 23, 3681. [Google Scholar] [CrossRef] [PubMed]
  38. Yigitcanlar, T.; Kamruzzaman, M.; Buys, L.; Ioppolo, G.; Sabatini-Marques, J.; da Costa, E.M.; Yun, J.J. Understanding ‘smart cities’: Intertwining development drivers with desired outcomes in a multidimensional framework. Cities 2018, 81, 145–160. [Google Scholar] [CrossRef]
  39. Arulkumar, V.; Latha, C.P.; Dasig, D. Concept of implementing big data in smart city: Applications, services, data security in accordance with internet of things and AI. Int. J. Recent Technol. Eng. 2019, 8, 6819–6825. [Google Scholar] [CrossRef]
  40. D’Amico, G.; L’Abbate, P.; Liao, W.; Yigitcanlar, T.; Ioppolo, G. Understanding sensor cities: Insights from technology giant company driven smart urbanism practices. Sensors 2020, 20, 4391. [Google Scholar] [CrossRef] [PubMed]
  41. Cortese, T.T.P.; Almeida, J.F.S.d.; Batista, G.Q.; Storopoli, J.E.; Liu, A.; Yigitcanlar, T. Understanding sustainable energy in the context of smart cities: A PRISMA review. Energies 2022, 15, 2382. [Google Scholar] [CrossRef]
  42. Liu, Y.S.; Yigitcanlar, T.; Guaralda, M.; Degirmenci, K.; Liu, A.; Kane, M. Leveraging the opportunities of wind for cities through urban planning and design: A PRISMA review. Sustainability 2022, 14, 11665. [Google Scholar] [CrossRef]
  43. Son, T.H.; Weedon, Z.; Yigitcanlar, T.; Sanchez, T.; Corchado, J.M.; Mehmood, R. Algorithmic urban planning for smart and sustainable development: Systematic review of the literature. Sustain. Cities Soc. 2023, 94, 104562. [Google Scholar] [CrossRef]
  44. Shaamala, A.; Yigitcanlar, T.; Nili, A.; Nyandega, D. Algorithmic green infrastructure optimisation: Review of artificial intelligence driven approaches for tackling climate change. Sustain. Cities Soc. 2024, 101, 105182. [Google Scholar] [CrossRef]
  45. Vistro, D.M. IoT based big data analytics for cloud storage using edge computing. J. Adv. Res. Dyn. Control Syst. 2020, 12, 1594–1598. [Google Scholar] [CrossRef]
  46. Duffy, T. Helping local governments improve cyber security. Public Manag. 2011, 93, 21. [Google Scholar]
  47. Javed, A.R.; Shahzad, F.; Rehman, S.u.; Zikria, Y.B.; Razzak, I.; Jalil, Z.; Xu, G. Future smart cities: Requirements, emerging technologies, applications, challenges, and future aspects. Cities 2022, 129, 103794. [Google Scholar] [CrossRef]
  48. Bokhari, S.A.A.; Myeong, S. The influence of artificial intelligence on e-governance and cybersecurity in smart cities: A stakeholder’s perspective. IEEE Access 2023, 11, 69783–69797. [Google Scholar] [CrossRef]
  49. Efe, A.; Isik, A. A general view of industry 4.0 revolution from cybersecurity perspective. Int. J. Intell. Syst. Appl. Eng. 2020, 8, 11–20. [Google Scholar] [CrossRef]
  50. Ma, C. Smart city and cyber-security; technologies used, leading challenges and future recommendations. Energy Rep. 2021, 7, 7999–8012. [Google Scholar] [CrossRef]
  51. Siddiqui, S.; Hameed, S.; Shah, S.A.; Khan, A.K.; Aneiba, A. Smart contract-based security architecture for collaborative services in municipal smart cities. J. Syst. Archit. 2023, 135, 102802. [Google Scholar] [CrossRef]
  52. Verhulsdonck, G.; Weible, J.L.; Helser, S.; Hajduk, N. Smart cities, playable cities, and cybersecurity: A systematic review. Int. J. Hum. Comput. Interact. 2023, 39, 378–390. [Google Scholar] [CrossRef]
  53. MacManus, S.A.; Caruson, K.; McPhee, B.D. Cybersecurity at the local government level: Balancing demands for transparency and privacy rights. J. Urban Aff. 2013, 35, 451–470. [Google Scholar] [CrossRef]
  54. Preis, B.; Susskind, L. Municipal cybersecurity: More work needs to be done. Urban Aff. Rev. 2022, 58, 614–629. [Google Scholar] [CrossRef]
  55. Ibrahim, A.; Valli, C.; McAteer, I.; Chaudhry, J. A security review of local government using NIST CSF: A case study. J. Supercomput. 2018, 74, 5171–5186. [Google Scholar] [CrossRef]
  56. Ali, H.; Elzeki, O.M.; Elmougy, S. Smart attacks learning machine advisor system for protecting smart cities from smart threats. Appl. Sci. 2022, 12, 6473. [Google Scholar] [CrossRef]
  57. Neupane, C.; Wibowo, S.; Grandhi, S.; Deng, H. A trust-based model for the adoption of smart city technologies in Australian regional cities. Sustainability 2021, 13, 9316. [Google Scholar] [CrossRef]
  58. Alam, R.G.; Ibrahim, H. Cybersecurity strategy for smart city implementation. Int. Arch. Photogramm. Remote Sens. Spat. Inf. Sci. 2019, 42, 3–6. [Google Scholar] [CrossRef]
  59. Karpiuk, M. The local government’s position in the Polish cybersecurity system. Lex Localis 2021, 19, 609–620. [Google Scholar] [CrossRef] [PubMed]
  60. Wu, Y.C.; Sun, R.; Wu, Y.J. Smart city development in Taiwan: From the perspective of the information security policy. Sustainability 2020, 12, 2916. [Google Scholar] [CrossRef]
  61. Wu, S.M.; Guo, D.; Wu, Y.J.; Wu, Y.C. Future development of Taiwan’s smart cities from an information security perspective. Sustainability 2018, 10, 4520. [Google Scholar] [CrossRef]
  62. Napetvaridze, V.; Chochia, A. Cybersecurity in the making—Policy and law: A case study of Georgia. Int. Comp. Law Rev. 2019, 19, 155–180. [Google Scholar] [CrossRef]
  63. Ahmad, M.O.; Ahad, M.A.; Alam, M.A.; Siddiqui, F.; Casalino, G. Cyber-physical systems and smart cities in india: Opportunities, issues, and challenges. Sensors 2021, 21, 7714. [Google Scholar] [CrossRef] [PubMed]
  64. Alhalafi, N.; Veeraraghavan, P. Exploring the challenges and issues in adopting cybersecurity in Saudi smart cities: Conceptualization of the cybersecurity-based UTAUT model. Smart Cities 2023, 6, 1523–1544. [Google Scholar] [CrossRef]
  65. Toh, C.K. Security for smart cities. IET Smart Cities 2020, 2, 95–104. [Google Scholar] [CrossRef]
  66. Popescul, D.; Radu, L.D. Data security in smart cities: Challenges and solutions. Inform. Econ. 2016, 20, 29–38. [Google Scholar] [CrossRef]
  67. Sadik, S.; Ahmed, M.; Sikos, L.F.; Najmul Islam, A.K.M. Toward a sustainable cybersecurity ecosystem. Computers 2020, 9, 74. [Google Scholar] [CrossRef]
  68. Hossain, S.T.; Yigitcanlar, T.; Nguyen, K.; Xu, Y. Understanding local government cybersecurity policy: A concept map and framework. Information 2024, 15, 342. [Google Scholar] [CrossRef]
  69. Ali, O.; Soar, J.; Yong, J. An investigation of the challenges and issues influencing the adoption of cloud computing in Australian regional municipal governments. J. Inf. Secur. Appl. 2016, 27–28, 19–34. [Google Scholar] [CrossRef]
  70. Vigliarolo, B. Ransomware Attack Sends US County Back to 1977. Available online: https://www.theregister.com/2022/05/29/security_roundup/#:~:text=In%20brief%20Somerset%20County%2C%20New%20Jersey%2C%20was%20hit,as%20land%20records%2C%20vital%20statistics%2C%20and%20probate%20records (accessed on 8 September 2023).
  71. Sytas, A. Russian Group Claims Hack of Lithuanian Sites in Retaliation for Transit Ban. Available online: https://www.reuters.com/technology/lithuania-hit-by-cyber-attack-government-agency-2022-06-27/ (accessed on 12 September 2023).
  72. Toulas, B. Vice Society Ransomware Claims Attack on Italian City of Palermo. Available online: https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-italian-city-of-palermo/#:~:text=The%20Vice%20Society%20ransomware%20group%20has%20claimed%20responsibility,million%20people%20and%20many%20tourists%20visiting%20the%20city (accessed on 12 September 2023).
  73. Lewton, J. Troup Confirms Cyber Attack on City Was Ransomware. Available online: https://www.wgem.com/2022/05/24/troup-confirms-cyber-attack-city-was-ransomware/ (accessed on 12 September 2023).
  74. Sharma, K.; Mukhopadhyay, A. Sarima-based cyber-risk assessment and mitigation model for a smart city’s traffic management systems (SCRAM). J. Organ. Comput. Electron. Commer. 2022, 32, 1–20. [Google Scholar] [CrossRef]
  75. Hammi, B.; Zeadally, S.; Nebhen, J. Security threats, countermeasures, and challenges of digital supply chains. ACM Comput. Surv. 2023, 55, 316. [Google Scholar] [CrossRef]
  76. Tok, Y.C.; Chattopadhyay, S. Identifying threats, cybercrime and digital forensic opportunities in smart city infrastructure via threat modeling. Forensic Sci. Int. Digit. Investig. 2023, 45, 301540. [Google Scholar] [CrossRef]
  77. Habibzadeh, H.; Nussbaum, B.H.; Anjomshoa, F.; Kantarci, B.; Soyata, T. A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities. Sustain. Cities Soc. 2019, 50, 101660. [Google Scholar] [CrossRef]
  78. Mohamed, N.; Al-Jaroodi, J.; Jawhar, I.; Kesserwan, N. Data-driven security for smart city systems: Carving a trail. IEEE Access 2020, 8, 147211–147230. [Google Scholar] [CrossRef]
  79. Falco, G.; Viswanathan, A.; Caldera, C.; Shrobe, H. A master attack methodology for an AI-based automated attack planner for smart cities. IEEE Access 2018, 6, 48360–48373. [Google Scholar] [CrossRef]
  80. Alzahrani, N.M.; Alfouzan, F.A. Augmented reality (AR) and cyber-security for smart cities—A systematic literature review. Sensors 2022, 22, 2792. [Google Scholar] [CrossRef] [PubMed]
  81. Tariq, N.; Khan, F.A.; Asim, M. Security challenges and requirements for smart internet of things applications: A comprehensive analysis. Procedia Comput. Sci. 2021, 191, 425–430. [Google Scholar] [CrossRef]
  82. Vitunskaite, M.; He, Y.; Brandstetter, T.; Janicke, H. Smart cities and cyber security: Are we there yet? A comparative study on the role of standards, third party risk management and security ownership. Comput. Secur. 2019, 83, 313–331. [Google Scholar] [CrossRef]
  83. Ali, O.; Shrestha, A.; Chatfield, A.; Murray, P. Assessing information security risks in the cloud: A case study of Australian local government authorities. Gov. Inf. Q. 2020, 37, 101419. [Google Scholar] [CrossRef]
  84. Kesan, J.P.; Zhang, L. An empirical investigation of the relationship between local government budgets, IT expenditures, and cyber losses. IEEE Trans. Emerg. Top. Comput. 2019, 9, 582–596. [Google Scholar] [CrossRef]
  85. Aslam, M.; Khan Abbasi, M.A.; Khalid, T.; Shan, R.u.; Ullah, S.; Ahmad, T.; Saeed, S.; Alabbad, D.A.; Ahmad, R. Getting smarter about smart cities: Improving data security and privacy through compliance. Sensors 2022, 22, 9338. [Google Scholar] [CrossRef] [PubMed]
  86. Savaş, S.; Karataş, S. Cyber governance studies in ensuring cybersecurity: An overview of cybersecurity governance. Int. Cybersecur. Law Rev. 2022, 3, 7–34. [Google Scholar] [CrossRef]
  87. Taherdoost, H. Understanding cybersecurity frameworks and information security standards—A review and comprehensive overview. Electronics 2022, 11, 2181. [Google Scholar] [CrossRef]
  88. Nguyen, P.H.; Ali, S.; Yue, T. Model-based security engineering for cyber-physical systems: A systematic mapping study. Inf. Softw. Technol. 2017, 83, 116–135. [Google Scholar] [CrossRef]
  89. Ariffin, K.A.Z.; Ahmad, F.H. Indicators for maturity and readiness for digital forensic investigation in era of industrial revolution 4.0. Comput. Secur. 2021, 105, 102237. [Google Scholar] [CrossRef]
  90. Alanazi, M.; Mahmood, A.; Chowdhury, M.J.M. SCADA vulnerabilities and attacks: A review of the state-of-the-art and open issues. Comput. Secur. 2023, 125, 103028. [Google Scholar] [CrossRef]
  91. Li, W.; Yigitcanlar, T.; Browne, W.; Nili, A. The making of responsible innovation and technology: An overview and framework. Smart Cities 2023, 6, 1996–2034. [Google Scholar] [CrossRef]
  92. Guembe, B.; Azeta, A.; Misra, S.; Osamor, V.C.; Fernandez-Sanz, L.; Pospelova, V. The emerging threat of Ai-driven cyber attacks: A review. Appl. Artif. Intell. 2022, 36, 2037254. [Google Scholar] [CrossRef]
  93. Bray, S.D.; Johnson, S.D.; Kleinberg, B. Testing human ability to detect ‘deepfake’ images of human faces. J. Cybersecur. 2023, 9, tyad011. [Google Scholar] [CrossRef]
  94. Chen, T.; Zeng, H.; Lv, M.; Zhu, T. CTIMD: Cyber threat intelligence enhanced malware detection using API call sequences with parameters. Comput. Secur. 2024, 136, 103518. [Google Scholar] [CrossRef]
  95. Matheu, S.N.; Hernández-Ramos, J.L.; Skarmeta, A.F.; Baldini, G. A Survey of cybersecurity certification for the internet of things. ACM Comput. Surv. 2020, 53, 115. [Google Scholar] [CrossRef]
  96. Khan Abbasi, M.H.; Ullah, S.; Ahmad, T.; Buriro, A. A real-time hybrid approach to combat in-browser cryptojacking malware. Appl. Sci. 2023, 13, 2039. [Google Scholar] [CrossRef]
  97. Fernandez-Carames, T.M.; Fraga-Lamas, P. Towards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacks. IEEE Access 2020, 8, 21091–21116. [Google Scholar] [CrossRef]
  98. Alshahrani, M.M. Secure multifactor remote access user authentication framework for iot networks. Comput. Mater. Contin. 2021, 68, 3235–3254. [Google Scholar] [CrossRef]
  99. Sewak, M.; Sahay, S.K.; Rathore, H. Deep reinforcement learning in the advanced cybersecurity threat detection and protection. Inf. Syst. Front. 2023, 25, 589–611. [Google Scholar] [CrossRef]
  100. Ahmed, U.; Petri, I.; Rana, O. Edge-cloud resource federation for sustainable cities. Sustain. Cities Soc. 2022, 82, 103887. [Google Scholar] [CrossRef]
  101. Kale, N.R.; Metre, K.V.; Chitte, P.P.; Mahankale, N.; Gore, S.; Gore, S. Cloud computing for effective cyber security attack detection in smart cities. Int. J. Recent Innov. Trends Comput. Commun. 2023, 11, 777–785. [Google Scholar] [CrossRef]
  102. Ying, M.; Li, S.Q. CSP adoption: Current status and future prospects. Secur. Commun. Netw. 2016, 9, 4557–4573. [Google Scholar] [CrossRef]
  103. Berlin, J.; Kelly, M.; Nelson, M.L.; Weigle, M.C. To re-experience the web: A framework for the transformation and replay of archived web pages. ACM Trans. Web 2023, 17, 28. [Google Scholar] [CrossRef]
  104. Patil, K.; Frederik, B. A measurement study of the content security policy on real-world applications. Int. J. Netw. Secur. 2016, 18, 383–392. [Google Scholar]
  105. Kreutz, D.; Malichevskyy, O.; Feitosa, E.; Cunha, H.; Da Rosa Righi, R.; De Macedo, D.D.J. A cyber-resilient architecture for critical security services. J. Netw. Comput. Appl. 2016, 63, 173–189. [Google Scholar] [CrossRef]
  106. Tamy, S.; Belhadaoui, H.; Rabbah, N.; Rifi, M. Cyber security based machine learning algorithms applied to industry 4.0 application case: Development of network intrusion detection system using hybrid method. J. Theor. Appl. Inf. Technol. 2020, 98, 2078–2091. [Google Scholar]
  107. Wani, T.A.; Mendoza, A.; Gray, K. Hospital bring-your-own-device security challenges and solutions: Systematic review of gray literature. JMIR Mhealth Uhealth 2020, 8, e18175. [Google Scholar] [CrossRef] [PubMed]
  108. Wurzenberger, M.; Höld, G.; Landauer, M.; Skopik, F. Analysis of statistical properties of variables in log data for advanced anomaly detection in cyber security. Comput. Secur. 2024, 137, 103631. [Google Scholar] [CrossRef]
  109. Amoroso, E. Recent progress in software security. IEEE Softw. 2018, 35, 11–13. [Google Scholar] [CrossRef]
  110. Espinha Gasiba, T.; Lechner, U.; Pinto-Albuquerque, M. Sifu—A cybersecurity awareness platform with challenge assessment and intelligent coach. Cybersecurity 2020, 3, 24. [Google Scholar] [CrossRef]
  111. Kaur, S.; Gupta, R. Enhancing features of cloud computing using cloud access security brokers to avoid data breaches. Eur. J. Eng. Technol. Res. 2019, 4, 185–189. [Google Scholar] [CrossRef]
  112. Coppola, G.; Varde, A.S.; Shang, J. Enhancing cloud security posture for ubiquitous data access with a cybersecurity framework based management tool. In Proceedings of the 14th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA, 12–14 October 2023; pp. 0590–0594. [Google Scholar]
  113. Osnat, R. Rethinking security with cloud native in mind. Comput. Fraud. Secur. 2023, 2023, 2. [Google Scholar] [CrossRef]
  114. Hamdani, S.W.A.; Abbas, H.; Janjua, A.R.; Shahid, W.B.; Amjad, M.F.; Malik, J.; Murtaza, M.H.; Atiquzzaman, M.; Khan, A.W. Cybersecurity standards in the context of operating system: Practical aspects, analysis, and comparisons. ACM Comput. Surv. 2021, 54, 57. [Google Scholar] [CrossRef]
  115. NIST. Updating the NIST Cybersecurity Framework—Journey to CSF 2.0. Available online: https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20 (accessed on 8 November 2023).
  116. NIST. The NIST Cybersecurity Framework 2.0—Initial Public Draft. 2023. Available online: https://doi.org/10.6028/NIST.CSWP.29.ipd (accessed on 8 November 2023).
  117. Gonzalez-Granadillo, G.; Menesidou, S.A.; Papamartzivanos, D.; Romeu, R.; Navarro-Llobet, D.; Okoh, C.; Nifakos, S.; Xenakis, C.; Panaousis, E. Automated cyber and privacy risk management toolkit. Sensors 2021, 21, 5493. [Google Scholar] [CrossRef]
  118. Turk, Ž.; García de Soto, B.; Mantha, B.R.K.; Maciel, A.; Georgescu, A. A systemic framework for addressing cybersecurity in construction. Autom. Constr. 2022, 133, 103988. [Google Scholar] [CrossRef]
  119. Dawood Gani, A.B.; Fernando, Y. The cybersecurity governance in changing the security psychology and security posture: Insights into e-procurement. Int. J. Procure. Manag. 2021, 14, 308–327. [Google Scholar] [CrossRef]
  120. Bahuguna, A.; Bisht, R.K.; Pande, J. Country-level cybersecurity posture assessment: Study and analysis of practices. Inf. Secur. J. 2020, 29, 250–266. [Google Scholar] [CrossRef]
  121. Garba, A.A.; Siraj, M.M.; Othman, S.H. An explanatory review on cybersecurity capability maturity models. Adv. Sci. Technol. Eng. Syst. 2020, 5, 762–769. [Google Scholar] [CrossRef]
  122. Sofyani, H.; Riyadh, H.A.; Fahlevi, H. Improving service quality, accountability and transparency of local government: The intervening role of information technology governance. Cogent Bus. Manag. 2020, 7, 1735690. [Google Scholar] [CrossRef]
  123. Irsheid, A.; Murad, A.; AlNajdawi, M.; Qusef, A. Information security risk management models for cloud hosted systems: A comparative study. Procedia Comput. Sci. 2022, 204, 205–217. [Google Scholar] [CrossRef]
  124. Syafrizal, M.; Selamat, S.; Zakaria, N. Analysis of sybersecurity standard and framework components. Int. J. Commun. Netw. Inf. Secur. 2020, 12, 417–432. [Google Scholar] [CrossRef]
  125. Villani, J.J. Risk analysis of legacy systems on county government assets. J. Comput. Sci. Coll. 2022, 38, 198. [Google Scholar]
  126. Diro, A.A.; Chilamkurti, N. Distributed attack detection scheme using deep learning approach for internet of things. Future Gener. Comput. Syst. 2018, 82, 761–768. [Google Scholar] [CrossRef]
  127. Palleti, V.R.; Adepu, S.; Mishra, V.K.; Mathur, A. Cascading effects of cyber-attacks on interconnected critical infrastructure. Cybersecurity 2021, 4, 8. [Google Scholar] [CrossRef]
  128. Harknett, R.J.; Stever, J.A. The new policy world of cybersecurity. Public Adm. Rev. 2011, 71, 455–460. [Google Scholar] [CrossRef]
  129. Zhao, P.; Li, S.; Hu, P.J.H.; Cao, Z.; Gu, C.; Xie, D.; Zeng, D.D. Coordinated cyber security enhancement for grid-transportation systems with social engagement. IEEE Trans. Emerg. Top. Comput. Intell. 2022, 1–15. [Google Scholar] [CrossRef]
  130. Li, L.; He, W.; Xu, L.; Ash, I.; Anwar, M.; Yuan, X. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int. J. Inf. Manag. 2019, 45, 13–24. [Google Scholar] [CrossRef]
  131. McIntosh, T.; Liu, T.; Susnjak, T.; Alavizadeh, H.; Ng, A.; Nowrozy, R.; Watters, P. Harnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation. Comput. Secur. 2023, 134, 103424. [Google Scholar] [CrossRef]
  132. Mudacumura, G.M. Accountability and transparency: Cornerstones of development and democratic governance. In Challenges to Democratic Governance in Developing Countries; Mudacumura, G., Morçöl, G., Eds.; Springer International Publishing: Cham, Switzerland, 2014; pp. 37–55. [Google Scholar]
  133. Lauwo, S.G.; Azure, J.D.-C.; Hopper, T. Accountability and governance in implementing the sustainable development goals in a developing country context: Evidence from Tanzania. Account. Audit. Account. J. 2022, 35, 1431–1461. [Google Scholar] [CrossRef]
  134. Srinivas, J.; Das, A.K.; Kumar, N. Government regulations in cyber security: Framework, standards and recommendations. Future Gener. Comput. Syst. 2019, 92, 178–188. [Google Scholar] [CrossRef]
  135. Pritika; Shanmugam, B.; Azam, S. Risk assessment of heterogeneous IoMT devices: A review. Technologies 2023, 11, 31. [Google Scholar] [CrossRef]
  136. Liaropoulos, A.N. Cyberspace governance and state sovereignty. In Democracy and an Open-Economy World Order; Bitros, G.C., Kyriazis, N.C., Eds.; Springer International Publishing: Cham, Switzerland, 2017; pp. 25–35. [Google Scholar]
  137. Deibert, R.J. Toward a human-centric approach to cybersecurity. Ethics Int. Aff. 2018, 32, 411–424. [Google Scholar] [CrossRef]
  138. Morgan, P.L.; Asquith, P.M.; Bishop, L.M.; Raywood-Burke, G.; Wedgbury, A.; Jones, K. A new hope: Human-centric cybersecurity research embedded eithin organizations. In Proceedings of the HCI for Cybersecurity, Privacy and Trust, Copenhagen, Denmark, 19–24 July 2020; pp. 206–216. [Google Scholar]
  139. Grobler, M.; Gaire, R.; Nepal, S. User, usage and usability: Redefining human centric cyber security. Front. Big Data 2021, 4, 583723. [Google Scholar] [CrossRef] [PubMed]
  140. Bordage, G. Conceptual frameworks to illuminate and magnify. Med. Educ. 2009, 43, 312–319. [Google Scholar] [CrossRef]
  141. Khan, H.H.; Malik, M.N.; Zafar, R.; Goni, F.A.; Chofreh, A.G.; Klemeš, J.J.; Alotaibi, Y. Challenges for sustainable smart city development: A conceptual framework. Sustain. Dev. 2020, 28, 1507–1518. [Google Scholar] [CrossRef]
  142. Repette, P.; Sabatini-Marques, J.; Yigitcanlar, T.; Sell, D.; Costa, E. The evolution of city-as-a-platform: Smart urban development governance with collective knowledge-based platform urbanism. Land 2021, 10, 33. [Google Scholar] [CrossRef]
Applsci 14 05501 g001
Figure 1. Relationship between information security, cybersecurity, Internet security, network security, and web security, derived from von Solms and von Solms [24] and BSI [21,22].
Figure 1. Relationship between information security, cybersecurity, Internet security, network security, and web security, derived from von Solms and von Solms [24] and BSI [21,22].
Applsci 14 05501 g001
Applsci 14 05501 g002
Figure 2. A screenshot of the search query (executed in Scopus).
Figure 2. A screenshot of the search query (executed in Scopus).
Applsci 14 05501 g002
Applsci 14 05501 g003
Figure 3. Article selection steps for a systematic literature review with PRISMA.
Figure 3. Article selection steps for a systematic literature review with PRISMA.
Applsci 14 05501 g003
Applsci 14 05501 g004
Figure 4. Publication trend by year.
Figure 4. Publication trend by year.
Applsci 14 05501 g004
Applsci 14 05501 g005
Figure 5. Geographical context of the selected articles.
Figure 5. Geographical context of the selected articles.
Applsci 14 05501 g005
Applsci 14 05501 g006
Figure 6. Classification of data that local governments store and manage.
Figure 6. Classification of data that local governments store and manage.
Applsci 14 05501 g006
Applsci 14 05501 g007
Figure 7. Barriers to cybersecurity and recommended solutions for local governments.
Figure 7. Barriers to cybersecurity and recommended solutions for local governments.
Applsci 14 05501 g007
Applsci 14 05501 g008
Figure 8. Conceptual framework of local governments’ cybersecurity landscape.
Figure 8. Conceptual framework of local governments’ cybersecurity landscape.
Applsci 14 05501 g008
Table 1. Primary and secondary inclusion and exclusion criteria.
Table 1. Primary and secondary inclusion and exclusion criteria.
PrimarySecondary
Inclusion CriteriaExclusion CriteriaInclusion CriteriaExclusion Criteria
Academic journal articles that were peer-reviewed, published in English, and available online in their full-text versionBooks, chapters, reports, editorials, conference proceedings, and publications other than those mentioned in the inclusion criteriaArticles that focus on cybersecurity issues in local governments with or without mentioning the smart city and cybersecurity in the smart city, with or without indicating the central or local governmental roleArticles that focus on subjects other than those mentioned in the secondary inclusion criteria
Table 2. Category formulation criteria.
Table 2. Category formulation criteria.
Selection Criteria
Selection of relevant articles using eye-balling techniques
Classification of the selected literature works based on their relevance to cybersecurity issues in local governments and/or smart cities focusing on local governments’ administrative role
Identification of data that local governments store and manage
Identification and categorization of the type of cyber-attacks in local governments
Determination of the purposes/motivations of cyber-attacks and the type of attackers
Identification and classification of barriers to cybersecurity and recommended solutions
Identification of cybersecurity tools and assessment frameworks and standards
Validation and justification of the classification
Organize the reviewed literature into the relevant classifications
Table 3. Cyber-attacks on local governments.
Table 3. Cyber-attacks on local governments.
YearLocationAttack TypeDescriptionReference
2022Somerset County, NJ, USARansomwareThe county suffered a ransomware attack, disrupting operations and limiting access to essential data like land records, vital statistics, and probate records, causing email service loss and Internet-reliant services’ disruption.[12,70]
2022Vilnius, LithuaniaDDoSDDoS cyber-attacks in Lithuania disrupted state websites, causing the tax authority to temporarily shut down servers. The attacks targeted state and transport institutions, media, and private businesses, causing further threats.[12,71]
2022Palermo, ItalyRansomwareThe Palermo municipality experienced a major cyber-attack, disrupting services like surveillance, police operations, and online bookings. This was an issue for residents relying on fax machines and tourists struggling with online bookings, and it caused traffic zone card issuance to halt.[12,72]
2022Quincy, MA, USARansomwareQuincy experienced a cyber-attack, compromising its systems and incurring ongoing costs, including USD18,000 for legal compliance fees. Many city departments, including Planning and Development, remain hampered, with certain functionalities like credit card payments for building permits still unavailable.[12,73]
2019Baltimore, MD, USARansomwareA ransomware attack on Baltimore’s local government operations, using RobbinHood ransomware, disrupted real estate transactions and billing systems, causing significant operational and financial challenges for the local government. Baltimore refused to pay the ransom demanded, which was around USD76,000 in Bitcoin. The city’s recovery and remediation efforts cost millions and took months.[74,75]
2018Baltimore, MD, USARansomwareA ransomware attack in Baltimore disrupted the city’s 911 dispatch system, causing the city to revert to manual emergency dispatching for 17 h. The incident highlighted vulnerabilities in the city’s technological systems and highlighted the need for enhanced cybersecurity measures.[6,11,15,58,74]
2015Jefferson County, TX, USA Jefferson County, Texas, experienced a significant data breach when the Social Security Numbers of thousands of residents were disclosed online, highlighting vulnerabilities in the county’s data management systems.[11]
2015Dallas County, TX, USA The county suffered a data breach, exposing residents’ personal information for over six months, raising concerns about the local government’s data management and cybersecurity practices.[11]
2014City of Akron, OH, USA 47,452 documents published online following a breach by a group.[11]
2014City of Detroit, MI, USA A cyber-attack in Detroit compromised the personal data of 1700 city employees by locking access to sensitive files, including names, birth dates, and Social Security Numbers.[11]
2013Baltimore, MD, USAInsider attackInsider breach threatening the personal records of 12,000 county employees.[11]
Table 4. Types and techniques of cyber-attacks in local governments.
Table 4. Types and techniques of cyber-attacks in local governments.
Type and TechniqueDescriptionReference
RansomwareA type of malicious software designed to encrypt and lock a computer system until a specific amount of money is paid.[8,19,36]
SpywareMalicious software that secretly collects data from a computer system without the user’s explicit knowledge or authorization.[7,11,14]
AdwareA type of malware that automatically delivers ads to users, often integrating into free software, posing privacy concerns and affecting system performance.[50,81]
KeyloggersSurveillance software that records keystrokes on computers or mobile devices, capturing sensitive information like usernames, passwords, and personal messages.[14,76]
TrojansTrojans are malicious programs disguised as legitimate software, enabling cybercriminals to steal sensitive data and gain backdoor access to systems. They do not replicate themselves but can be just as destructive as viruses, posing a significant threat to users.[12,25,49]
VirusesMalicious software that replicates, infects files, steals resources, accesses private information, corrupts data, displays political or humorous messages, or renders a computer unusable.[33,57,61]
WormsMalicious software programs that replicate and spread independently, exploiting vulnerabilities in operating systems or software, causing harm through bandwidth consumption, data theft, or file deletion.[14,67,81]
RootkitsUnauthorized software tools that hide processes, modify operating systems, and maintain an undetectable presence, facilitating continuous malicious activities.[15,56]
Bots/BotnetA bot is a software application that performs automated tasks over the Internet, both for legitimate purposes like indexing web pages and maliciously, such as sending spam or launching DoS attacks. Botnets are networks of Internet-connected devices infected with malicious bot software, used to amplify cyber-attacks and steal data. Bots are individual software programs performing automated tasks, while Botnets are collections of bots working together under a common command-and-control structure, amplifying the impact of cyber-attacks.[19,27,47,82]
SQL InjectionA code injection technique that exploits database vulnerabilities by injecting malicious SQL queries into input fields, allowing attackers to view, modify, or delete sensitive data.[50,62]
MalvertizingThe use of malicious code in digital advertisements to spread malware, often appearing on legitimate websites, allowing users to download or redirect to malicious sites.[35]
XSSA web application vulnerability that allows attackers to inject malicious scripts into user-viewed webpages, stealing session tokens, cookies, or personal data.[76]
Internet Protocol (IP) SpoofingA method where an attacker falsifies the source IP address in packet headers, gaining unauthorized access to computers.[67,83]
Address Resolution Protocol (ARP) SpoofingInvolves sending fake ARP messages to local networks, allowing attackers to intercept, modify, or block data, leading to network disruption.[13,67]
Domain Name System (DNS) SpoofingType of attack where an attacker exploits vulnerabilities within the DNS.[7,65,77]
DoSAn attack where a malicious actor prevents legitimate users from accessing information systems, devices, or network resources.[9,37,63,76]
DDoSAn attack that floods a targeted system with more requests than it can handle, using multiple computers to target a resource. A DoS originates from one source, disrupting a single system with excessive requests, while a DDoS attack is executed from multiple coordinated sources and is more complex and difficult to mitigate.[36,62,78]
PhishingA deceptive method wherein individuals are tricked into sharing sensitive personal information through emails claiming to be from trusted organizations.[11,15,48,74,80,84]
Spear phishingSimilar to phishing, but spear phishing targets specific individuals or organizations while phishing targets a large group of people.[8]
WhalingA type of phishing, but only targets high officials within an organization.[8]
Man-in-the-MiddleCybersecurity exploits where attackers intercept and alter communication between parties, stealing personal information, financial data, and spreading misinformation, posing a significant threat.[25,34,35,81,83]
Brute Force AttacksAttempting various combinations of symbols or words until the correct password is discovered.[8,25]
Social EngineeringInvolves attackers manipulating individuals to compromise information or perform actions, exploiting human vulnerabilities and making it challenging to protect against using technological means alone.[11,53,64,79]
Malicious InsiderIntentional attack by someone within an organization for personal benefit or as an act of vengeance. [15,80]
Negligent InsiderDespite not being malicious, it unintentionally causes security breaches or fails to follow protocols, leading to potential vulnerabilities or attacks.[7]
Zero-Day Target AttacksAn attack that exploits vulnerabilities in software that neither the vendor nor the creator was aware of.[7,56,67]
RepudiationAn attack that occurs when an application or system fails to properly track and log user actions, allowing malicious manipulation or forging new actions.[51,76]
TamperingUnlawful alteration of a system, its components, intended behavior, or data.[49,74,77]
SpammingDistribution of unwanted bulk messages via electronic messaging systems, digital delivery systems, and public media.[10,61,66]
APTAn attack that gains unauthorized access to a system for an extended period, executing a continuous and persistent attack.[25,78,79]
Table 5. Cybersecurity tools for local governments.
Table 5. Cybersecurity tools for local governments.
Cybersecurity ToolsDescriptionReference
Antivirus SoftwarePrevents, detects, and removes malicious software to maintain the integrity of system data.[14,49,64]
Anti-Phishing ToolsCybersecurity applications that detect and prevent phishing attacks by scanning emails, websites, and online communications for signs of fraudulent attempts.[13]
VPNsSecure private communication over a public network.[77,78]
MFA/biometric authenticationMFA is a security method that requires users to provide two or more distinct identification factors.[8,25,50]
Web GatewaysFilter malicious content or links from reaching the end-user, thus ensuring that content remains unaltered and legitimate.[63,66,81]
Email Security SolutionsSafeguard email accounts from phishing, spam, and malware by utilizing filters, scanning tools, and encryption to block malicious emails and safeguard sensitive data.[15]
Web/Network Vulnerability Scanning ToolsTools that scan web/network for vulnerabilities that hackers could exploit.[10,77]
SSL CertificatesDigital certificates that guarantee secure, encrypted communications between a website and an Internet browser, facilitating data transfers, credit card transactions, logins, and social media browsing.[7,25,65]
Network FirewallsA security device that regulates and controls network traffic, acting as a barrier between secure internal networks and potentially unsafe external networks.[14,19,67,74]
Network Security Monitoring ToolsMonitor network traffic to detect unusual or suspicious activities, intrusions, and security policy violations.[9,10]
Packet SniffersTools for network administrators, capturing and analyzing network traffic to monitor issues, identify vulnerabilities, and detect potential breaches, ensuring network security and efficiency.[67,83]
IDPSDetect security breaches or policy violations and prevent intrusion by actively blocking or preventing such occurrences by monitoring network or system activities.[78]
Router SecurityInvolves protecting a network’s router through strong passwords, firmware updates, firewalls, remote management disabling, and Wi-Fi encryption to prevent unauthorized access and cyberthreats.[37,56,79]
Encryption ToolsCrucial for protecting sensitive data, especially during Internet transfers, by encoding data with the right encryption key for only authorized access.[33,61,81]
DLPUtilized to safeguard sensitive data by monitoring, detecting, and blocking its handling and movement across an organization’s network.[19,25,85]
Backup SolutionsData copies for data recovery and business continuity planning, ensuring that additional instances can be used to restore original data in the case of loss.[14,51,83]
Data MaskingTechnique that conceals original data with modified content, safeguarding sensitive information and offering a functional substitute when the original data are not required.[85]
WAFA firewall that filters, monitors, and blocks HTTP traffic to and from a web application.[25,50]
Penetration Testing SoftwareSimulates cyber-attacks on computer systems to identify exploitable vulnerabilities, allowing attackers to exploit security weaknesses.[35,79]
SIEMA cybersecurity solution that combines Security Information Management and Security Event Management capabilities, enabling the real-time analysis of security alerts and enabling quick detection, analysis, and response to incidents.[55,82]
Table 6. Cybersecurity assessment frameworks and standards.
Table 6. Cybersecurity assessment frameworks and standards.
NameTopicDescriptionReference
COBIT5 (Assessment Framework)Purpose/BackgroundOffers a comprehensive view of enterprise IT governance, emphasizing the importance of information and technology in generating value for businesses, incorporating principles, practices, analytical tools, and models from global business and IT experts.[25,55]
Key ComponentsPrinciples: Offers five key principles for the management and governance of IT in enterprises.
Stakeholder needs: The focus is to address the requirements of stakeholders inside various organizations.
Performance management: Involves the establishment of precise metrics and targets to guarantee the efficiency of IT governance and management operations.
RelevanceThe comprehensive methodology of COBIT5 is crucial for organizations to effectively leverage IT for value optimization and ensure thorough risk and resource oversight.
ISA 62443-2-1:2009 (Standard)Purpose/BackgroundThe standard addresses the security requirements of industrial automation and control systems.[55]
Key ComponentsIntegrated security: Introduces a comprehensive guideline tailored to the specific requirements in industrial settings.
Cultural aspects: Emphasizes security-conscious culture among industrial personnel.
RelevanceThis standard provides a protective layer against potential cyber vulnerabilities in increasingly interconnected and vulnerable industrial systems.
ISA 62443-3-3:2013 (Standard)Purpose/BackgroundAn integral component of the ISA 62443 series and dives deep into system security.[55]
Key ComponentsSystematic approach: The security of industrial control systems is prioritized throughout their entire lifecycle using a systematic approach.
Adaptable security levels: Enable organizations to define and achieve specific security outcomes.
RelevanceProvides a comprehensive technical analysis of industrial control system security, emphasizing the critical importance of preventing cyber breaches.
ISO/IEC 27001:2013 (Standard)Purpose/BackgroundThis international standard describes Information Security Management System (ISMS) recommended practices.[12,13,36,55,61]
Key ComponentsRisk management process: Offers comprehensive methods for risk assessment, monitoring, and review.
Audit and review: Emphasizes the need for routine internal audits and management reviews to achieve continuous improvement.
RelevanceBecause of its global recognition and rigorous certification process, it has become an indicator of trust in organizations’ commitment to cybersecurity.
NIST (Assessment Framework)Purpose/BackgroundNon-regulatory federal agency in the USA, develops and promotes measurement standards in cybersecurity, providing guidelines, standards, and best practices.[10,27,54,55,65,67]
Key ComponentsFrameworks: The NIST cybersecurity framework encompasses five concurrent and ongoing functions—identify, protect, detect, respond, and recover.
Guidelines and standards: Provides cybersecurity best practices for federal agencies to prevent cyberthreats.
RelevanceWidely adopted in organizations, especially in the private sector to ensure robust cybersecurity posture.
NIST SP 800-53 (Assessment Framework)Purpose/BackgroundThis is a part of NIST’s special publication series designed to safeguard federal information systems.[55,61]
Key ComponentsDetailed security controls: Broken down into categories, such as incident response, maintenance, and system integrity.
Appendices: Provide additional information regarding the science underlying security control selection and customization.
RelevanceWhile designed for federal compliance, its in-depth examinations of diverse security controls make it an invaluable resource for any organization, regardless of the industry.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Hossain, S.T.; Yigitcanlar, T.; Nguyen, K.; Xu, Y. Local Government Cybersecurity Landscape: A Systematic Review and Conceptual Framework. Appl. Sci. 2024, 14, 5501. https://doi.org/10.3390/app14135501

AMA Style

Hossain ST, Yigitcanlar T, Nguyen K, Xu Y. Local Government Cybersecurity Landscape: A Systematic Review and Conceptual Framework. Applied Sciences. 2024; 14(13):5501. https://doi.org/10.3390/app14135501

Chicago/Turabian Style

Hossain, Sk Tahsin, Tan Yigitcanlar, Kien Nguyen, and Yue Xu. 2024. "Local Government Cybersecurity Landscape: A Systematic Review and Conceptual Framework" Applied Sciences 14, no. 13: 5501. https://doi.org/10.3390/app14135501

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop