Skip to main content

Measuring the Integrated Cyber Attack Surface Across US County Government Networks

Rishipal Yadav
Author
Rishipal Yadav
Assistant Manager – Cybersecurity @ Uniqus Consultech · CISSP · GCP-ACE · M.Eng Cybersecurity, UMD · Writing at not your CISO
Table of Contents

Institution: University of Maryland — School of Public Policy
Advisor: Prof Charles Harry →, School of Public Policy, UMD College Park
Period: Fall 2022 – Spring 2023
Full paper: Read on OSF →


Summary
#

This research developed a methodology to measure and compare the integrated cyber attack surface of US county government networks — a sector that is often overlooked in cybersecurity policy discussions despite being responsible for critical local services.

The work involved passive reconnaissance techniques to enumerate exposed services, ports, and infrastructure across a representative sample of US counties, and produced a comparative scoring framework useful for policy prioritisation.


Key findings
#

  • County government networks show significant variance in exposed attack surface, often correlating with budget and population size
  • Many counties expose legacy services and administrative interfaces directly to the public internet
  • The measurement framework provides a replicable baseline for longitudinal tracking of public-sector security posture