9 minute read
News From the Institute for Local Government
New Clean Mobility Options Roll Out in Arvin by Nicole Enright
A new clean mobility solution has arrived in the City of Arvin (pop. 22,178), opening up new opportunities for residents to meet their transportation needs with innovative technology. Míocar, which launched in Arvin in summer 2019, offers a 100 percent electric car-sharing service to bridge transportation gaps. The service facilitates easy access to clean and affordable options to run errands, get to medical appointments, pick up children from school, and more.
Advertisement
Technological innovations such as Míocar can be found statewide but are especially needed in San Joaquin Valley communities with small populations, long travel distances, and limited transit service.
Project Provides Multiple Opportunities
Míocar is administered by Self-Help Enterprises, a community development organization based in Visalia, and supported by CalVans, Mobility Development, San Joaquin Valley Air Pollution Control District, Kern Council of Governments, and California Climate Investments. The car-sharing service provides a new opportunity for the City of Arvin to continue making progress in addressing its priorities related to air quality and clean energy. Not only does car-sharing offer flexibility and convenience, but it can also introduce community members who may never have ridden in an electric vehicle (EV) to the new technology. This introduction can help them feel more comfortable potentially purchasing an EV in the future and facilitates increased investment in EV charging in the San Joaquin Valley.
Service Is Inexpensive and Easy to Use
With just a few taps on a smartphone app, Míocar participants can check out an EV, get in, and go. Participants must be age 21 or over to sign up for the service. Interested drivers can register via the website (miocar.org) or app with relatively few qualifications: they must have a valid driver’s license, a relatively clean driving record, and a credit, debit, or prepaid card. After a brief application check period and a one-time membership fee of $20, they’re ready to drive.
In Arvin, a Chevrolet Bolt EV with a 240-mile range and a BMW i3 with a 180-mile range are available for members to reserve and check out either through the app or a smart card; no keys are needed. Cars are parked in designated “home” spaces with access to charging, all included in the price of the reservation. At just $4 per hour or $35 per day, including insurance, vehicle maintenance, and roadside assistance, Míocar offers an affordable, convenient, and emissionfree mobility alternative to community members to go where they need to without further contributing to vehicle emissions. Over 100 members have already signed up to drive.
The ride-sharing program offers an affordable, convenient mobility alternative.
Partnership Provides Customized Support
The Institute for Local Government (ILG) is partnering with the City of Arvin through the BOOST Program, which allows ILG to provide customized and tailored support to 10 cities and two regions through out California. Through BOOST, ILG will help communities: • Build awareness of funding opportunities to address climate action. • Organize projects to be best positioned to meet community goals. • Optimize existing resources and build more capacity.
• Strengthen relationships with key stakeholders and identify new opportunities for regional engagement and collaboration.
• Transform their approach to addressing climate action.
With this BOOST partnership, ILG and the City of Arvin are expanding clean energy opportunities in the community through educational events, grants, residential solar installations, and more.
Visit www.ca-ilg.org/BOOST for more information.
“We are excited to bring innovative technology solutions like Míocar to our city,” says Arvin Mayor José Gurrola. “These electric cars provide a vital service in helping to reduce air pollution, increase access to clean energy technology, and offer additional community transportation options for community members to get where they need to go — efficiently and affordably.”
Future Plans
Though the program is relatively new, Míocar will soon be expanding in Arvin, thanks to frequent participation and positive feedback from residents. Approved drivers will have access to gaselectric hybrid vans, which will carry more passengers and can be used to transport equipment or move into a new home.
The City of Arvin is working to increase access to clean transportation options by connecting community members with EV incentives and pursuing grant funding for EV chargers, electric buses, and other innovative mobility services made possible through technology and community partnerships. ■
These attacks on the cities of Las Vegas, New Orleans, San Marcos, and Baltimore, and the coordinated attack on 22 cities in Texas, are just a sampling of the numerous attacks on cities in recent years.
Types of Cyberattacks
A cyberattack is an attack launched from one or more computers against another computer, multiple computers, or networks. There are many types of cyberattacks, but the following techniques are commonly used to infect victims with ransomware, one of the most prevalent kinds of attacks on cities.
Email phishing campaigns. The cyberattacker sends an email containing a malicious file or link, which deploys malware when a recipient clicks on it.
Remote Desktop Protocol (RDP) at
tacks. RDP allows individuals to control the resources and data of a computer through the internet. Once they have RDP access, criminals can deploy a range of malware — including ransomware — to targeted systems.
Software attacks. Cybercriminals take advantage of security weaknesses in widely used software programs to gain control of targeted systems and deploy ransomware.
These attacks can cause significant financial harm to victims. A recent report by the Federal Bureau of Investigation’s Internet Crime Complaint Center found that in 2019, cyberattacks cost victims $3.5 billion in losses. While phishing was the most effective method of cyberattacks in 2019 measured by the number of victims, the highest financial losses were caused by compromised business email (referred to in the industry as “business email compromise”). Notably, California was the state with the most victims and highest financial losses caused by cyberattacks; thus, it is particularly important for cities in California to be on alert.
Unsurprisingly, cyberattackers increasingly target mobile devices. Ransomware can infect mobile devices just like it can infect workstations and laptops.
Cybersecurity Best Practices
The FBI outlines a number of best practices for cybersecurity, including: • Regularly back up data and verify its integrity. Ensure that backups are not connected to the computers and networks they are backing up; for example, physically store them offline. Backups are critical in fighting ransomware; if your city is infected, backups may be the best way to recover its data.
The Laborers’ International Union of North America (LIUNA) partners with responsible contractors, elected officials, public and private entities, and community groups to build and maintain the infrastructure needs of communities throughout California while providing residents a career in the construction industry, even in uncertain times. BUILDS CALIFORNIA
PEOPLE І PROJECTS І PARTNERSHIPS
Northern California (925) 469-6800 Southern California (626) 350-7583 www.LIUNAbuildsCA.org
Laborers’ International Union of North America
(855) 532-3879 LIUNAbuildsCA.org
Laborers’ International
Union of North America
• Focus on awareness and training. Because end users are targeted, employees should be made aware of the threat of ransomware and how it is delivered and trained on information security principles and techniques.
• Ensure that patches for the operating system, software, and firmware are continually updated on all devices.
• Employ best practices for use of RDP, including auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
• Ensure that anti-virus and anti-malware solutions are set to update automatically and that regular scans are conducted.
• Categorize data based on its organizational value, and implement physical and logical separation of networks and data for different organizational units. For example, sensitive data should not reside on the same server and network segment as an organization’s email environment.
The FBI also provides these specific recommendations to protect against business email compromise attacks: • Employees should be educated about and alert to this type of scheme. Tools that can be deployed to train employees include webinars, in-person presentations, phishing exercises, and more.
• Use secondary channels or two-factor authentication to verify requests for changes in account information.
• Ensure the URL in emails is associated with the business it claims to be from.
• Be alert to hyperlinks that may contain misspellings of the actual domain name.
• Refrain from supplying login credentials or personal identifying information in response to any emails.
• Monitor personal financial accounts on a regular basis for irregularities, such as missing deposits.
• Keep all software patches on all systems updated.
• Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.
• Ensure that the settings on employee computers are enabled to allow full email extensions to be viewed.
Responding to a Cyberattack
When a cyberattack against a city occurs, the city typically engages in a phased response, which includes investigation, containment, remediation, and notification, if appropriate. Although every incident and organization’s response will be unique, some broad considerations for reacting to cyber incidents are offered here.
Before a cyberattack occurs, cities should have clear instructions for staff and vendors about what qualifies as a security incident, whom to notify, how to notify, and timing for notification. This can be accomplished in an incident response plan or other written policies. After a qualifying security incident occurs, the city should implement the incident response plan or other written policies as designed. Every city should consider obtaining or purchasing cyber insurance. Upon detecting a qualifying cyber incident, a city that has cyber insurance should notify its cyber insurer immediately, so the city can access the coverage and resources available under its insurance plan.
The city must then investigate and contain the incident. Investigation largely falls to the city’s IT Department or an outside forensic investigator. Documenting the investigation and everything that follows, including remediation and notification efforts, helps to preserve a record of what occurred. Obtaining legal counsel right away may offer the best chances of preserving attorney-client privilege or attorney work-product doctrine over communications and other materials related to the cyberattack.
For remediation, the goal is to restore the city to its normal functioning. When a ransomware attack occurs, the best method of restoration — if the city has implemented best practices and has backups — is to restore the city system to normal functioning from the backups. Such backups can help protect the city from having to pay a ransom to get its files back.
If a cyberattack affects personal information such that it qualifies as a data breach under applicable law, there may also be a requirement to notify affected individuals, the offices of the attorneys general, the U.S. Department of Health and Human Services Office for Civil Rights, credit agencies, or other agencies. For notification concerns, rely on your attorney’s advice on whether a data breach has occurred under applicable law and then proceed with notification as appropriate.
Conclusion
As with other emergencies and crises that affect cities, taking proactive steps is the key to preventing or recovering from a cyberattack. Cities wishing to avoid costly cyberattacks should implement preventive measures with an emphasis on best practices and employee education, purchase cyber insurance, and ensure that an incident response plan and other written policies related to such attacks are in place. ■
Looking for Footnotes?
For a fully footnoted version, read this article online at www.westerncity.com.
