Who is a member?
Our members are the local governments of Massachusetts and their elected and appointed leadership.
Recent cyberattacks on cities and towns across the country have shed light on the importance of strengthening cybersecurity resiliency at the municipal level.
A critical component of securing a municipality’s technology environment is bolstering its information technology policies and practices. To that end, the MassCyberCenter and the Cyber Resilient Massachusetts Working Group have updated the “The Minimum Baseline of Cybersecurity for Municipalities” to include a new resource guide for cities and towns as part of Goal 4: Secure Technology Environment and Best Practices. The update, called the “Minimum Baseline of IT,” covers the technologies, devices and basic configurations needed to establish a technology environment that is safe and secure.
Core parts of the IT baseline guide include:
• Enforcing multifactor authentication
• Implementing a strategy for data backup
• Installing a firewall
• Conducting vulnerability scanning regularly
System and data backups are especially important in the event of a ransomware attack, since data can be restored from backups even if the attackers have locked up the primary system.
The Minimum Baseline of IT also points to the importance of creating and maintaining an asset inventory by setting up remote monitoring and management, reassessing assets annually, and refreshing equipment every five years. The baseline urges municipalities to check in on digital assets regularly, and to have a plan to update and upgrade the hardware that supports those assets, in order to better ensure the safety and security of Massachusetts municipalities.
The MassCyberCenter, in collaboration with the Cyber Resilient Massachusetts Working Group, launched the municipal cybersecurity-focused framework, “The Minimum Baseline of Cybersecurity for Municipalities,” in 2020 to help communities across the Commonwealth get started on the path to cyber resiliency and to bolster their defenses against cyberthreats.
The baseline is made up of four goals that address training, threat sharing, response planning, and working to secure the technology environment and implement best practices. These goals — aimed at reducing incidents and minimizing impacts — cover a range of topics, from implementing annual employee cybersecurity awareness training to installing password management controls. The baseline guide also provides resources to help municipalities achieve the goals.
The Minimum Baseline of IT was created by the Cyber Resilient Massachusetts Municipality working group, led by Office of Municipal and School Technology Director Susan Noyes, MassCyberCenter Resiliency Program Manager Meg Speranza, Danvers IT Director Colby Cousens, and Westfield Network Administrator Mike Steben.
Each month, the Cyber Resilient Massachusetts Working Group convenes public and private sector leaders to identify ways the Commonwealth’s innovative technology ecosystem can help Massachusetts municipalities and critical institutions protect sensitive data, increase cybersecurity awareness, and respond to emerging threats.
On Oct. 5, the MassCyberCenter will host the annual statewide Municipal Cybersecurity Summit, which will be held in-person at Mechanics Hall in Worcester. The event will feature keynote addresses from federal, state, local and private sector leaders; an engaging round of panels about threats and programs from all levels of government; and more. Details and a link to register will be released in the coming weeks.
For more information about resources available from the MassCyberCenter, visit masscybercenter.org.
Written by Meg Speranza, resiliency program manager at the MassCyberCenter