‘We’re giving local communities in Alabama a fighting chance’: McCrary program provides cyber defense for local governments across the state

‘We’re giving local communities in Alabama a fighting chance’: McCrary program provides cyber defense for local governments across the state

‘We’re giving local communities in Alabama a fighting chance’: McCrary program provides cyber defense for local governments across the state

https://eng.auburn.edu/news/2026/07/mccrary-program-provides-cyber-defense-for-local-governments-across-the-state.html?utm_sourceu003dauburnuu0026utm_mediumu003dweb

Publish Date: 2026-07-07 17:06:00

Source Domain: eng.auburn.edu

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.
The average cost of a data breach in 2025 for U.S. organizations was $10.22 million, according to IBM. Even more, 34 percent of local agencies — city halls, fire stations, hospitals, schools — were compromised by ransomware.
To combat this threat, the average information technology division in Alabama employs 2.2 people. That’s it. 2.2.
A successful cyberattack can shut down the systems a community depends on. Water systems go offline. Utility billing stops. Communications are disrupted. Public safety is put at risk. It’s what cybersecurity experts consider “a city’s worst day.”
“When a cyberattack strikes Anytown, USA, what does that mayor do?” asked Nick Sellers, McCrary Institute for Cyber and Infrastructure Security chief operating officer. “What do county commissioners do? What does that local hospital administrator do? They’ve got to get services going, and if they don’t have a plan or the resources, they’re in trouble.”

The Alabama Cybersecurity Intelligence Center serves as a workforce-development pipeline, exposing students to cybersecurity operations that are difficult to replicate in a traditional classroom setting.

Cybersecurity professionals and students at Auburn University’s Samuel Ginn College of Engineering have a solution.
The Alabama Cybersecurity Intelligence Center, a joint initiative of the Alabama Office of Information Technology (AOIT) and the McCrary Institute, offers basic cyber hygiene, multi factor authentication, penetration testing, incident response planning and round-the-clock monitoring of every device on a municipal network.
The fundamental elements that can be quickly deployed are known as McCrary Secure and are made possible through the State and Local Cybersecurity Grant Program (SLCGP), a $19 million, five‑year federal investment under the Infrastructure Investment and Jobs Act.
“We’re giving local communities in Alabama a fighting chance,” Sellers said. “What we’re offering is real, no‑cost protection from experienced cybersecurity professionals and industry partners. It’s a no‑risk means to make your community safer. That’s what land-grand institutions do.”
Learn more at Alabama State and Local Government Cybersecurity Services – McCrary Institute.
“Protecting Alabama’s local governments requires a whole-of-state approach, and the McCrary Institute has been an essential partner in making that vision real,” said AOIT Secretary Daniel Urquhart. “The Alabama Office of Information Technology is proud to help lead this effort alongside McCrary to ensure communities across Alabama have access to the cybersecurity expertise, tools and support they need to protect the services their citizens depend on.”

Like many local governments, Calera, a growing city in southern Shelby County, needed help overcoming budget, staffing and aging technology challenges that limited its ability to identify vulnerabilities and keep pace with evolving cyber threats. McCrary Secure helped local leaders identify vulnerabilities, prioritize improvements and develop a proactive approach to protecting operational systems.
“What impressed me most is that this wasn’t just about receiving equipment or services; it was about gaining a true partner in cybersecurity,” said James Fuller, City of Calera chief information officer. “The team helped us identify vulnerabilities, prioritize improvements and develop a more proactive approach to protecting the systems that support our city operations. Programs like this help level the playing field for communities like Calera. We are incredibly grateful for the support and expertise provided by ACIC and the McCrary Institute, and the impact has been felt throughout our organization.”
Assessing vulnerabilities
Tucker Simpson, Cybersecurity Research Engineer and Project Manager at the McCrary Institute, said more than 140 statewide municipalities have signed up.
In the early stages of working on the SLCGP grant, Simpson spent more than 130 days over the past years meeting with local governments, assessing their cyber needs.
“Many of those visits were in very rural parts of the state,” he said. “We were hearing their challenges and trying to understand whether there was a common set of pain points. Some of those are towns with two or three total employees. Some are massive counties. But the common thread was the same, nobody had the bandwidth to monitor their network 24/7.”
McCrary Secure offers a bundle of fundamental, highly-deployable services, such as vulnerability assessments, including penetration testing and attack‑surface analysis. The goal: show local governments how an attacker could break in.
“Think about it like scoping out around a building you’re going to try to break into,” Simpson said. “What’s the first thing you do? You look ‘do they have cameras?’ ‘Do the doors lock?’ That’s essentially what we’re doing from a cybersecurity perspective. What does an attacker see when they look at you from the outside?”
The team identifies vulnerabilities, tests them and shares findings through daily reviews before delivering a final assessment that reveals the organization from an attacker’s perspective and highlights opportunities to strengthen defenses.
“Penetration testing is something that’s usually very expensive to do,” said Jonathan Sherk, State and Local Program Manager at the McCrary Institute. “It’s great to have the SLCGP grant to cover that. Once we find potential vulnerabilities, we can turn right around and say ‘here’s a solution. You can identify equipment, such as firewalls as a need and recommend so that OIT can purchase them. We can provide identity access management, network access control.”’
A 24/7 monitoring
Simpson said “threat actors are no longer breaking in, they’re logging in.”
“The sheer amount of credentials that are given away means most of these campaigns end in ransomware,” he said. “If you miss the first access alert, someone can be in that network for months, moving low and slow. It becomes harder to find them.”

Cyber defenders in the Alabama Cybersecurity Intelligence Center monitor activity 24/7.

McCrary Secure’s 24/7 monitoring service is a key defense.
“We’re watching real alerts on real networks for real cities,” Sherk said. “These aren’t simulations. These are the same threats hitting major corporations and federal agencies, and they’re hitting small towns with two IT people. Our job is to catch it before it becomes their worst day.”
The program also serves as a workforce-development pipeline, exposing students to cybersecurity operations that are difficult to replicate in a traditional classroom setting.
“One of the biggest challenges in cybersecurity is getting exposure to the right experiences and the right equipment,” Sherk said. “Tools like Splunk and CrowdStrike are widely used in the industry, but they’re not always easy for students to access. Here, students are working with those platforms in a real operational environment. That kind of experience is incredibly valuable because it gives them familiarity with the same technologies they’ll encounter when they enter the workforce.”
As part of round-the-clock monitoring, ACIC utilizes Security Orchestration, Automation and Response (SOAR) software to automate the earliest stages of incident response. SOAR does not require a human analyst, reducing the time an attacker could advance through a given network. With SOAR, cyber defenders can block IP addresses, kill processes, or isolate computers from the network until problems are contained.
“Many times, we’ll see something at night, and there’s not going to be anyone at that local government who can answer a phone call until the next morning,” Simpson said. “Instead, we can quarantine the device and wait to contact the customer in the morning. That’s the reality of who we’re serving.”
‘Do you want to keep rolling the dice’?
Among the most effective tools in the program are cyber tabletop exercises — guided simulations that walk city and county leadership through worst-case scenarios before they happen.
“When we can get council members, commissioners and mayors to join in those sessions, they leave going, ‘I finally understand why my IT staff is asking for money,’” Simpson said. “We’ve had several in the last few weeks where people walked out saying they’re going to open the pocketbook and help their teams get solutions. That part has been very impactful.”
On average, it takes an organization 181 days to identify a cyber breach and another 60 days to contain it, Simpson said.
“We have people tell us all the time, ‘I’ve never been hit.’ And it’s like — ‘do you want to keep rolling the dice?” Simpson said. “The only device threat actors cannot get to is one that’s not turned on and plugged in, so do you keep hoping today’s not your day, or do you put things in place so that when someone does come poking, you’re ready?
“We’re making America safer, one small town at a time.”