Cybersecurity for critical urban infrastructure is a major public safety issue for cities. Cyber-attacks can cause major physical damage, as well as sow chaos and undermine public faith in government. Cyber criminals constantly develop new types of malware, which may not be detectable by current anti-virus software. Developing updated response plans and long-term organizational strategies is key to assuring that critical infrastructure continues to operate.
In the case of ransomware attacks, hackers seize control of key city data systems, often through phishing emails that deliver malware through attachments or links. Hackers then encrypt an agency’s data, demanding payment by Bitcoin or other cryptocurrency in exchange for releasing the files being held hostage. Breaking the encryption to regain file access is rarely an option. If a city has adequate backups, they may be able to wipe their systems and start anew without significant data loss. However, cities often lack this option and face the difficult decision of paying the ransom or losing critical data.
Many attacks result not from technical weaknesses or the absence of anti-virus technology, but because users willingly surrender their login credentials in response to falsified requests, or download attachments containing malware. Smart city and Internet of Things (IOT) technology heighten the risk by increasing the range of attack vectors. These technologies also tighten the link between external facing information systems, which handle informational flows, and operational technology systems, which carry out infrastructure functions. As a result, operational technology systems, which are not designed to fend off cyber threats, are increasingly exposed.
Addressing cybersecurity requires a systems-wide approach. However, the interconnectedness of infrastructure sectors, as well as overlapping local, state, and federal jurisdictions make it difficult to deploy comprehensive solutions. Negotiations among this array of actors is essential to protecting critical infrastructure.
The Save Fairport exercise, available from the Teaching Negotiation Resource Center (TNRC), is designed to help students, urban managers, and policymakers grapple with these challenges. Participants explore the best ways of balancing conflicting priorities, a constrained budget, and the time demands of reaching consensus on the best way of enhancing cyber defense for public institutions.
Last week the City of Fairport suffered a debilitating ransomware attack focused on the city’s water system. In the absence of a structured response, the city discovered that they face a range of significant cybersecurity hazards. The Mayor, who is running for re-election, needs to act quickly to demonstrate that she is addressing the serious threats facing the city. The Mayor has convened a group of key stakeholders to formulate a policy strategy and a realistic budget.
In addition to introducing the vulnerabilities faced by critical urban infrastructure, the exercise covers the following points:
- Distinguishing positions vs. interests,
- Managing public-private, civil society coalitions in multiparty negotiations,
- Planning in the face of significant uncertainties,
- Power dynamics in city-level negotiations.
Take your training to the next level with the TNRC
The Teaching Negotiation Resource Center offers a wide range of effective teaching materials, including
TNRC negotiation exercises and teaching materials are designed for educational purposes. They are used in college classroom settings or corporate training settings; used by mediators and facilitators seeking to introduce their clients to a process or issue; and used by individuals who want to enhance their negotiation skills and knowledge.
Negotiation exercises and role-play simulations introduce participants to new negotiation and dispute resolution tools, techniques and strategies. Our videos, books, case studies, and periodicals are also a helpful way of introducing students to key concepts while addressing the theory and practice of negotiation.