City AI Connection is a series of posts on emerging ideas in artificial intelligence, with a focus on government application. These articles are initially shared exclusively with the City AI Connect community and subsequently with a broader audience via the Bloomberg Center for Government Excellence at Johns Hopkins University website, govex.jhu.edu. City AI Connect is a global learning community and digital platform for cities to trial and advance the usage of generative artificial intelligence to improve public services. The community is open exclusively to local government employees. To join, visit cityaiconnect.jhu.edu. 

By Lena Geraghty

As artificial intelligence permeates public sector operations, local governments, with their enormous stores of sensitive information, are facing new digital threats that demand stronger cyber security measures. 

AI relies on large datasets, and improper handling of government data like social security numbers, medical details, and bank account information can lead to breaches of privacy and data misuse. These systems are prime targets for hacking, putting both individual data and public infrastructure at risk. 

 The good news? Many municipalities already take cyber security seriously — 96 percent of respondents to the Public Technology Institute’s 2023 Local Government Cybersecurity National Survey say that their organization provides cyber security training at least once a year. 

You have probably participated in these exercises, like mock phishing attempts and password updates, in your own organization. These essential practices are a solid start but, in the age of AI, are not enough to adequately protect government-owned data. 

As we close out Cyber Security Awareness Month, here are five steps governments can take to build more resilience in their data infrastructure in the age of AI.

Conduct a Risk Assessment — Evaluate where AI solutions are or will be used, especially in high-risk areas like public safety, utilities, or resident services. Test AI solutions using adversarial scenarios to understand how they can be manipulated or evaded by malicious actors. Then, devise a plan to address these issues.

Build a Strong Foundation of Data Governance — Create an information security policy to ensure airtight collection, storage, and processing of data used in AI models and tools. Focus on limiting the amount of personal and sensitive data processed by AI systems to reduce exposure in the event of an attack.

Engage in Regular Audits and Compliance Checks — Partner with third-party experts to conduct periodic security assessments to identify vulnerabilities in AI systems, datasets, or software solutions. Ensure AI solutions comply with relevant data protection regulations and sector-specific laws. Assess vendors and tech providers for security practices, ensuring they meet your institution’s cyber security standards.

Train Staff and Build Awareness — Enhance cyber security training to include AI-related risks. Include tips for recognizing highly realistic and persuasive content created by Generative AI tools. Ensure staff understand the incident response process for AI-related security breaches and can act quickly in the event of an attack.

Engage External Experts and Collaborate — Join intergovernmental forums or networks focused on AI security to share best practices, threat intelligence, and resources. If you are a city government employee, GovEx’s City AI Connect is a great place to start. This field is constantly evolving so partner with cyber security and AI specialists to remain up-to-date on the latest threats and defensive techniques.

Lena Geraghty is a data and government advisor for GovEx.