Communities in Massachusetts will train to become more resilient to cyberattacks through a new program from the MassCyberCenter, a public facility for developing the state’s technology ecosystem and workforce.
The program, which has yet to be named and was announced by Gov. Charlie Baker on Thursday, will revolve around a two-part series of public workshops conducted for municipalities across the state that mostly examine cyber incident response plans, as well as encourage collaboration between municipalities. The first workshop, to be held in 2020, will help communities determine what needs to be included in their incident response plan, said Stephanie Helm, the director of MassCyberCenter.
The second workshop, which will take place months after the first to let communities familiarize themselves with their plan, Helm said, will be a check-in to see “how they’re doing” on critical cybersecurity tasks like inventory management, software patch schedules and more.
Workshops will be hosted in five regions in the state, divided by the state’s five Department of Homeland Security planning regions. A third-party contractor that will be decided via an open bid in early 2020 will conduct the workshops, according to Helm. The program will operate with $300,000 in funding from the MassCyberCenter, which is housed in the Massachusetts Technology Collaborative, a public agency that is designed to foster private-sector innovation throughout the state.
The decision to host the workshops in each of the state’s five DHS planning regions — Metro Boston, Northeastern, Southeastern, Central and Western — is two-fold, Helm told StateScoop. First, the state can’t possibly hold 351 individual workshops for each municipality in the state, she said, even with federal and private assistance, and a regional workshop offers the opportunity for local officials to get to know one another and share resources.
“It’s impossible to go to 351 towns one-by-one,” Helm said, “and the benefit of a workshop is that you get to meet your neighbor or neighboring town. Some of these cities have quite a few resources and would be willing to lend a hand to a smaller nearby town, but they don’t know each other.”
Secondly, Helm said using DHS’ framework will encourage small communities to take advantage of unused federal cybersecurity funding. Many of the state’s local IT staff are firefighters or police officers by trade, Helm said, and so they may be unclear about what they need to bolster their cybersecurity or pay for such upgrades.
“These workshops will not only result in helping the municipalities in their planning process, but there will be other ways of getting them information and education,” Helm said.
The MassCyberCenter, which will be organizing the workshops, opened in 2017 during the state’s first annual Cybersecurity Forum, which has since become a launching ground for state technology initiatives under Baker’s administration. Last year, the state announced three grants, totaling $385,868, dedicated to helping secondary and primary school students develop the necessary skills for entry-level cybersecurity jobs. While there are many different types of jobs within the field of cybersecurity, Massachusetts currently has more than 17,000 open computer science positions according to Code.org, almost three times the number that the average state has.
Separately, Massachusetts is also one of seven states that is receiving cybersecurity assistance from the National Governors Association to bolster the security of critical infrastructure, among other objectives. As ransomware attacks become more common across municipal governments, state agencies and organizations are increasingly offering support to their local counterparts. A recent survey of state chief information officers from the National Association of State Chief Information Officers revealed 65 percent of them have provided security services, including election security and phishing training, to localities, an 11 percent increase since 2016.