Recent legislative changes have introduced a new approach to cybersecurity: they enable local authorities to build a security system tailored to their own risks. At the same time, clear requirements were introduced: the LSG body must have a designated cybersecurity officer, the municipality must have an information security policy and an incident response plan, and staff must undergo regular training in cyber hygiene. Alongside this, the government has set out how to respond to cyberattacks and how to liaise with the relevant authorities.
In doing this, municipalities are not left to face these challenges on their own. U-LEAD with Europe supports them in implementing modern approaches to cybersecurity. Experts help to develop information security policies, explain how to apply new regulations in practice, and work with municipalities to find solutions that can realistically be implemented with the resources available.
In practice, cybersecurity within a municipality is not built solely through technical solutions. It starts with the organisation of work and the daily routines of employees. It is these seemingly simple things that often determine the overall security of the system. For example, if passwords are written on sticky notes and left on monitors or under keyboards, anyone could gain access to the systems. Similarly, using work computers for personal purposes, or conversely, carrying out work-related tasks on personal devices without adequate security measures, introduces additional risk. All of these are typical situations that are easy to rectify; yet they often serve as the entry points for cyber threats.
Today, municipalities manage large volumes of sensitive information — population registers, social data and medical records. Simultaneously, digital systems support water supply, energy, transport and healthcare. Any system failure or data breach can have consequences that are not only damaging to reputation but also have a very real impact on people’s lives.
That is why cybersecurity has become a priority both at the national level and in the context of European integration. Ukraine is steadily moving towards European Union standards, and municipalities play a vital role in this process. Both safety and trust in digital services depend on their willingness to adopt new approaches.
Pavlo Riabokon, the Head of Digitalisation Working Group at U-LEAD with Europe, emphasises that effective cybersecurity starts with the basics and a systematic approach:
“Even things that seem trivial at first glance can create vulnerabilities if they are overlooked. It is therefore important to establish clear and straightforward rules for day-to-day information management. We are currently working with pilot municipalities to help them develop an information security policy that will provide clear, step-by-step guidelines for specialists. It reflects the real-world circumstances in which municipalities operate and the resources they have at their disposal, so that these decisions can be put into practice and the level of protection progressively strengthened.”
U-LEAD’s tips on how to organise work processes in a municipality
It is important for municipalities to take a step-by-step approach and plan this work over time:
- Appoint or designate a person responsible for cybersecurity;
- Develop and approve an information security policy and a cyber incident response plan;
- Provide cyber hygiene training for staff;
- Monitor information on cyber threats on an ongoing basis and update security profiles;
- Review all cybersecurity documents and procedures annually.
Separate funding should be set aside for these processes: municipalities should include in their budgets expenditure on software, specialist services, training, security audits and backup systems.
Today, a municipality’s resilience is measured not only by its physical infrastructure, but also in terms of how well it functions in the digital environment. In fact, it is systematic awareness of day-to-day processes — from organising the workplace to updating policies — that gradually builds the level of digital resilience needed to enable the municipality to operate safely and reliably even in challenging circumstances.
