Who is a member?
Our members are the local governments of Massachusetts and their elected and appointed leadership.
Gov. Charlie Baker yesterday signed an executive order to establish the Massachusetts Cyber Incident Response Team, which will enhance the Commonwealth’s ability to prepare for, respond to, mitigate against and recover from significant cybersecurity threats, which threaten the continuity of essential government services.
“State governments and other organizations across the country are increasingly being targeted by bad actors aiming to disrupt operations and compromise information systems,” Baker said. “This executive order will further strengthen the Commonwealth’s policies, procedures and resources required to prevent potential threats and appropriately respond to attacks on government infrastructure and services.
“As state governments expand their digital footprints — moving more services online and allowing for a more connected workforce — it’s critical that we make the necessary investments to protect this critical technology infrastructure from acts of terrorism and criminal, organized crime and gang activity,” he said.
The MA-CIRT, led by the secretary of the Executive Office of Technology Services and Security, will convene cybersecurity and public safety experts from across state government as required members, including leadership representatives from the Commonwealth Security Operations Center, the Executive Office of Public Safety and Security, the Commonwealth Fusion Center, the Massachusetts State Police Cyber Crime Unit, the Massachusetts National Guard, and the Massachusetts Emergency Management Agency.
To prevent against attacks and increase the Commonwealth’s cybersecurity resiliency, the Executive Order underscores the need for preparing for and marshaling a coordinated response, mitigation and recovery effort from significant cybersecurity threats or incidents.
The order requires the Executive Office of Technology Services and Security and MA-CIRT to assist the MassCyberCenter with efforts to foster cybersecurity resiliency through communications, collaboration and outreach to state agencies, municipalities, educational institutions and industry partners.
The order also:
• Requires MA-CIRT to review cybersecurity threat information and vulnerabilities to make recommendations and establish appropriate policies to manage the risk of cyber incidents for executive department agencies and all other state agencies served by EOTSS.
• Requires MA-CIRT to develop and maintain an up-to-date Cyber Incident Response Plan.
• Requires executive department agencies to comply with protocols and procedures established by MA-CIRT and EOTSS.
• Requires Commonwealth executive department agencies and other state agencies served by EOTSS to identify and report significant cybersecurity incidents and coordinate efforts to mitigate and prevent further damage from cyber incidents.
• Requires all executive department personnel to annually complete the EOTSS-approved security awareness training program administered by the Human Resources Division.
• Encourages other governmental entities throughout the Commonwealth not served by EOTSS to report cybersecurity threats or incidents to the Commonwealth Security Operations Center.
In 2021, the U.S. Congress established a $1 billion State and Local Cybersecurity Grant Program as a part of the Infrastructure Investment and Jobs Act. The four-year grant program requires 80% of funds go toward assisting municipalities in enhancing their cybersecurity posture.
The new federal program complements the Baker-Polito administration’s support for municipal cybersecurity efforts, including the Municipal Cybersecurity Awareness Grant Program, the free Cybersecurity Health Check Program, and the Community Compact IT Grant Program.
The EOTSS was established in 2017 as the Commonwealth’s lead technology and cybersecurity agency.