Ransomware Resilience for Municipal Infrastructure

Authors

  • Venkata Kartheek Reddy Somasani

Keywords:

ransomware resilience, municipal cybersecurity, local government networks, defense in depth, zero trust, incident response, IAM, MFA, RADIUS, DNS filtering, SIEM/SOAR, EDR, immutable backup, NAC, public safety, finance/ERP.

Abstract

Ransomware remains a continuity threat for municipal infrastructure because it targets the availability of public services as directly as it targets data confidentiality. This paper presents a vendor-neutral reference architecture and operational playbook for municipal/local-government networks, synthesizing public-sector incident lessons and authoritative guidance from CISA, NIST, IC3, and state-level cyber programs. The proposed architecture integrates next-generation firewalls, IDS/IPS, URL and DNS filtering, SD-WAN policy segmentation, SIEM/SOAR, EDR/EPP, packet analysis, IAM/MFA, RADIUS-backed AAA, 802.1X network access control, protected privileged-access workflows, secure remote access using IPsec/IKEv2, and immutable/offline backup vaults. The architecture is organized around segmented trust zones—External/Cloud, DMZ, Control Zone, management/monitoring enclaves, and a generic protected boundary for isolated sensitive services—to reduce lateral movement and preserve recovery trust. A lifecycle playbook mapped to NIST SP 800-61 emphasizes preparation, detection and analysis, containment, eradication and recovery, and post-incident improvement. Measurable outcomes include reduced dwell time, faster isolation, improved restore confidence, and shorter restoration intervals for priority municipal services. The result is a repeatable, cloud-agnostic resilience model for local governments seeking to prevent, contain, and recover from ransomware while sustaining public trust and continuity of operations. [2], [3], [8], [9], [10]. 

Downloads

Download data is not yet available.

References

FBI Internet Crime Complaint Center, “2024 IC3 Annual Report,” 2024. [Online]. Available: https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf

CISA and the Joint Ransomware Task Force, “#StopRansomware Guide,” Mar. 2025. [Online]. Available: https://www.cisa.gov/sites/default/files/2025-03/StopRansomware-Guide%20508.pdf

Murugiah Souppaya et al., “NIST IR 8374 Rev. 1 (Initial Public Draft), Ransomware Risk Management,” Jan. 2025. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8374r1.ipd.pdf

Local-government official report, “THE CITY OF DALLAS RANSOMWARE INCIDENT: MAY 2023

Incident Remediation Efforts and Resolution,” Sept. 2023. [Online]. Available: https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf

A. Waldman, “Dallas doles out $8.5M to remediate May ransomware attack,” TechTarget SearchSecurity, 2023. [Online]. Available: https://www.techtarget.com/searchsecurity/news/366553259/Dallas-doles-out-85M-to-remediate-May-ransomware-attack

Kevin Reece, “Dallas, Texas ransomware attack: The latest recovery efforts,” WFAA, 2023. [Online]. Available: https://www.wfaa.com/article/news/local/dallas-ransomware-progress-recovery/287-8fecc192-e4b2-40ce-8f6f-3078d1fac1b4

CISA, “Partnering to Safeguard Localities from Cybersecurity Threats Toolkit,” 2023. [Online]. Available: https://www.cisa.gov/sites/default/files/2023-01/23-0070_mayorscybersecuritytoolkit_508c.pdf

Alex Nelson et al., “SP 800-61 Rev. 3, Incident Response Recommendations and Considerations for Cyber Risk Management,” NIST, 2025. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.pdf

CISA, “Federal Government Cybersecurity Incident and Vulnerability Response Playbooks,” 2021. [Online]. Available: https://www.cisa.gov/sites/default/files/2023-02/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf

Scott Rose, “SP 800-207, Zero Trust Architecture,” NIST, 2020. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-207.pdf

CISA, “Known Exploited Vulnerabilities Catalog.” [Online]. Available: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

CISA, “Cybersecurity Performance Goals 2.0,” 2025. [Online]. Available: https://www.cisa.gov/cybersecurity-performance-goals-2-0-cpg-2-0

Karen Kent, Murugiah Souppaya, “SP 800-92, Guide to Computer Security Log Management,” NIST, 2006. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-92.pdf

Karen Kent et al., “SP 800-86, Guide to Integrating Forensic Techniques into Incident Response,” NIST, 2006. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-86.pdf

IEEE 802.1 Working Group, “802.1X: Port-Based Network Access Control.” [Online]. Available: https://1.ieee802.org/security/802-1x/

S. Kent and K. Seo, “RFC 4301: Security Architecture for the Internet Protocol,” IETF, 2005. [Online]. Available: https://www.rfc-editor.org/rfc/rfc4301.html

C. Kaufman et al., “RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2),” IETF, Oct. 2014. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc7296

Texas Department of Information Resources, “Cybersecurity Incident Management and Reporting,” and “SB 271 Security Incident,” 2024–2025. [Online]. Available: https://dir.texas.gov/information-security/cybersecurity-incident-management-and-reporting

CISA, “Public Safety Cybersecurity,” and “Public Safety Emergency Communications Resources.” [Online]. Available: https://www.cisa.gov/public-safety-cybersecurity

FEMA, “Hazardous Response Capabilities,” and NCBI, “State and Local Governments — Crisis Standards of Care.” [Online]. Available: https://www.fema.gov/emergency-managers/risk-management/hazardous-response-capabilities ; https://www.ncbi.nlm.nih.gov/books/NBK201073/

Keith Stouffer et al., “SP 800-82 Rev. 3, Guide to Operational Technology Security,” NIST, 2023. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf

ISA, “ISA/IEC 62443 Series of Standards.” [Online]. Available: https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards

FBI Internet Crime Complaint Center, “Ransomware.” [Online]. Available: https://www.ic3.gov/CrimeInfo/Ransomware

Claroty, “IT vs OT Security: Key Differences in Cybersecurity,” 2026. [Online]. Available: https://claroty.com/blog/it-and-ot-cybersecurity-key-differences

Dragos, “Dragos Industrial Ransomware Analysis: Q2 2025,” 2025. [Online]. Available: https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q2-2025

Alec Davison, “Ransomware Resilience: Renew Your Ransomware Defense with CISA’s Updated Guidance,” WaterISAC, 2023. [Online]. Available: https://www.waterisac.org/ransomware-resilience-renew-your-ransomware-defense-cisas-updated-guidance

Dr. Brian Gardner, “After Action Review Report of May 3rd Ransomware Incident,” Local Government Official Memorandum, 2023. [Online]. Available: https://dallascityhall.com/government/citymanager/Documents/Council%20Materials/After%20Action%20Review%20Report%20%28AAR%29%20of%20May%203rd%20Ransomware%20Incident.pdf

Local-government update, “Update on Ransomware Incident & Personal Data Protection,” 2023. [Online]. Available: https://www.dallascitynews.net/update-on-ransomware-incident-personal-data-protection

Candace Sweat and Ken Kalthoff, “Dallas Ransomware Attack Contained, But Ongoing; Police, Fire Service Uninterrupted,” 2023. [Online]. Available: https://www.nbcdfw.com/news/local/the-city-of-dallas-says-its-battling-a-ransomware-attack/3250013/

CISA, “State, Local, Tribal, and Territorial Government.” [Online]. Available: https://www.cisa.gov/audiences/state-local-tribal-and-territorial-government

Downloads

Published

10.06.2026

How to Cite

Venkata Kartheek Reddy Somasani. (2026). Ransomware Resilience for Municipal Infrastructure. International Journal of Intelligent Systems and Applications in Engineering, 14(1s), 1372–1380. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/8356

Issue

Vol. 14 No. 1s (2026)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.