Boston is adding fuel to the firewall.
As part of a broad plan to beef up the city’s cybersecurity in light of a number of high-profile data breaches — including April’s OPM hack, which compromised the personal information of approximately 22 million Americans — Boston officials have earmarked $3.5 million for the construction of a next-generation firewall system.
“There’s a lot of ongoing work that we have around identifying any place within our technology infrastructure where we think we have got a vulnerability or a system that we don’t think has the right kind of redundancy,” Jascha Franklin-Hodge, Boston’s chief information officer, said, according to the Boston Herald.
The firewall is expected to be operational by the end of the year, but the campaign to bolster security efforts extends through 2020, which the city’s chief information security officer Greg McCarthy hopes will result in a multi-tiered system for data protection.
Although Boston has suffered no large-scale data breaches yet, the proliferation of hacking software and viruses necessitate constant vigilance, according to McCarthy.
“The center of the onion is the crown jewel of the city, and we continually build layer on layer to protect. We have external parties that are scanning our networks looking for vulnerability where they might attack — this is a fact of life,” McCarthy said. “This is a high-threat environment that we operate in.”
This vigilance includes proactive preparation for contingencies which may threaten city systems’ functionality, such as glitches or power outages. Last weekend, a loss of power supply led to parts of the Boston Fire Department network going offline. Although back-up generators prevented the failure from becoming critical, operations were hampered.
“A single component failure was able to take down a piece of the network,” Franklin-Hodge said. “We had backup plans — 98 percent of the network had a proper redundant power configuration, 2 percent did not.”
As for targeted attacks, Cesar Cerrudo, chief technology officer for IOActive Labs, said that motivations might vary widely.
“There could be different goals — it could be to get money in the case of cyber criminals. It could be to cause terror (or) create chaos in case of cyber terrorists or foreign governments,” Cerrudo said. “Attacks could be small and insignificant but people get angry when they can’t do their regular daily activities like going to work, connect to the Internet, make a phone call.”