Written by Benjamin Freed
Massachusetts officials said Wednesday they were trying to maintain near-constant contact with their local counterparts on cybersecurity issues, a relationship that became even more vital during the COVID-19 pandemic as cities and towns looked at the needs of digital services. and online education. .
The events of the past year and beyond have given the impression that this close collaboration between the state government and its municipalities is essential to overcoming the “last mile” of cybersecurity, said Curtis Wood, director of information for Massachusetts, at a panel during the annual RSA Conference.
“What we really believe is that we all need to work together,” he said.
Wood, who has worked in the state government for almost all of his 45-year career, said the community has improved considerably in recent years.
“Security had always focused on the computer aspect,” he said. “It simply came to our notice then. It is a basic competence of the executive. We can’t do government business in general without understanding the security aspect. “
People and process
Wood said the Massachusetts Office of Technology and Security Services Executive, which he has led as cabinet-level secretary since 2018, now addresses cybersecurity as primarily a business function.
“The technologies we have are certainly important, but it’s more about people and processes,” he said.
He credited this change to Gov. Charlie Baker, who Wood said heads the “first administration to invest in it” of the nine he has served. Baker elevated information and cybersecurity technologies to an executive-level agency in 2017 and later created a Cybersecurity Strategy Council made up of agency, education and business executives to advise him.
But updating all 351 Massachusetts municipalities, ranging from Boston to small towns, presented challenges to the state government.
“[Baker] he understands the threat, he made the investments, “Wood said.” Unfortunately, I don’t think this has happened at the municipal level. “
“Always in the communities”
Much of the communication between the state and its localities comes through the national security office of the state. Jeanne Benincasa Thorpe, Baker’s national security adviser, said the local public security authorities she works with have become increasingly concerned about information security throughout the pandemic.
“We were always in the communities for COVID, whether or not [personal protective equipment] or tests, ”he said. “It has intensified on COVID due to the needs of the communities. Not only were they asking for help with testing and vaccinations, but they were asking for cybersecurity because their schools and health centers were being affected. “
Massachusetts has been no stranger to cyberattacks during the pandemic: last month, public schools in Haverhill, a city about 30 miles north of Boston, canceled classes due to a ransomware incident just as students they were preparing to return to personal instruction time in more than a year.
Benincasa Thorpe credited the Massachusetts fusion centers, one run by the state government and the other by Boston area authorities, with “capturing information nationwide and disseminating it to our communities.”
“On the ground”
Massachusetts Secretary of Housing and Economic Development Mike Kennealy, a member of the state’s cybersecurity advisory group, said the state merger center has also organized webinars and incident response workshops for city leaders, all and that he said he hopes to feel like holding these meetings in person. as the health crisis recedes. (According to the Centers for Disease Control and Prevention, 63% of Massachusetts residents have received at least one COVID-19 vaccine and 48% are fully vaccinated, tied to the highest in any state).
“There’s no substitute for being on the ground,” Kennealy said.
But the most important step, said Wood, the state CIO, is to promote the realization that cybersecurity is a government-wide concern.
“We need to make sure that our political leadership at the local level understands that as well. It’s not just about the computer or IT person, it’s about ownership,” Wood said. “It’s everyone’s responsibility at the municipal and state level. Take home what the impact is for them. “