Report: Cities leaving their cyber assets exposed (ShutterStock image)

Report: Cities leaving their cyber assets exposed

Cities trying to tighten security should take a good look at their unsecured connected devices.

Scans of February 2016 data on internet-connected devices found that Lafayette, La.; Saint Paul, Minn.; and Washington, D.C., had the most exposed cyber assets.  Those  connected devices were vulnerable to cyber attack because they were  poorly configured, unpatched or had remote access enabled.

The goal of the analysis, conducted by Trend Micro and released on Feb. 15, “is to build public awareness about exposed cyber assets and highlight problems and issues associated with their exposure.” It focuses on the industries involved in critical infrastructure, including emergency, healthcare, utilities, financial services and education. It also ranks cities by the total number of exposed assets across industries.  

Firewalls were the most commonly exposed government devices at 48 percent of total devices. That was followed by wireless access points, specialized devices, webcams, routers and other assets.

The researchers were able to find these devices through Shodan, a search engine that finds internet connected devices by scouring the web to find undiscovered devices to add to its search results. It can find office printers, streetlights in a traffic network or security cameras in a local utility.

“With the proliferation of cyberterrorism by rogue nations and terrorist groups, exposed cyber assets pose serious threats to both national security and the daily functioning of cities,” the report read.

A potentially worrying trend found in the report is the continued use of Windows XP. Windows 7 and 8, along with newer versions of Linux, made up the majority of exposed operating systems across all sectors, but Windows XP still made up almost 9 percent of exposed government systems. Windows XP, now more than 15 years old has not had support from Microsoft since 2014.

Similar results were found for emergency services, with Houston and Lafayette having the highest number of exposed assets. Philadelphia and Seattle topped the list of cities having the most exposed education-related devices. And when it comes to utilities, authorities in smaller cities had more unsecured devices than did larger municipalities.

The report ends with some suggestions for securing networks and data, but acknowledges that  “no defense is impregnable against determined adversaries.”

That’s especially true if device owners fail to secure their assets. “Organizations, especially those considered to be part of critical infrastructure sectors, must always operate on the assumption that they have already been compromised and take steps to both detect and defend against threat actors,” the report concluded.

Read the full report here.

This article was changed Feb. 16 to correct the reference to Lafayette. The report refers to Lafayette, La., not Lafayette, Ind.

About the Author

Matt Leonard is a reporter/producer at GCN.

Before joining GCN, Leonard worked as a local reporter for The Smithfield Times in southeastern Virginia. In his time there he wrote about town council meetings, local crime and what to do if a beaver dam floods your back yard. Over the last few years, he has spent time at The Commonwealth Times, The Denver Post and WTVR-CBS 6. He is a graduate of Virginia Commonwealth University, where he received the faculty award for print and online journalism.

Leonard can be contacted at or follow him on Twitter @Matt_Lnrd.

Click here for previous articles by Leonard.

inside gcn

  • cloud video processing

    Sprocket kicks video processing into high gear

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group