Some 78,000 employees from municipalities and public school districts will receive cybersecurity awareness training
By Steve Freker
Malden city officials and employees know firsthand of the effects of an unexpected cyberattack. Just over one year ago, in late January 2023, Malden municipal operations were ordered shut down by Mayor Gary Christenson when the city’s Information Technology Department detected a brief – but serious – invasion of Malden’s digital systems. Services were restored several days later, when deemed safe to go back to work with them in use, a virtual eternity in municipal government.
The cyberattack served as still another “wakeup call” that the dangers of cyberattacks were never going away, and Mayor Christenson and members of the Malden City Council pledged to reinforce an already strong, state-of-the-art cyber protection system with more budget funding, following an in-depth report on the local attack by city IT Director Anthony Rodrigues. Rodrigues informed the Councillors that Malden would continue to seek grant funding for more training against the dangers of cyberattacks for Malden municipal employees.
“Despite everyone’s best efforts, this [cyberattacks] is a huge problem for every community in every state and we will continue to fight it as best we can,” Rodrigues said a year ago during a detailed presentation to the Malden City Council. “We will continue to make sure all of the holes are plugged, even though sometimes it is like a game of ‘whack-a-mole’ – you address one issue and another pops right up.”
“These attacks are well planned and very well funded,” Rodrigues said at the time.
On Monday, the Healey-Driscoll Administration announced that Malden and another Advocate readership community, Saugus, were two of the 2024 Municipal Cybersecurity Awareness Grant Program award recipients. “Administered by the Executive Office of Technology Services and Security and its Office of Municipal and School Technology, this program will provide 78,000 employees from 227 municipalities and public school districts across Massachusetts with critical cybersecurity training to better detect and avoid cyber threats,” the Governor announced in a press release.
The 2024 Municipal Cybersecurity Awareness Grant Program is designed to support local government efforts – like those in Malden and Saugus – to improve overall cyber readiness through comprehensive online end-user training, evaluation and threat simulation. According to the release, “Awarded communities will receive licenses for end-user training, assessment and phishing simulation procured by the Executive Office of Technology Services and Security (EOTSS).”
Program participants begin their training with an initial cyber strength assessment to measure baseline cybersecurity awareness. “Following the assessments, periodic assessments consisting of training modules and simulated phishing email campaigns help participants build good cyber hygiene habits to increase their awareness of deceptive techniques used by bad actors to gain unauthorized access to government systems,” Mass. officials stated. “At the end of the program, participants complete a final cyber strength assessment to measure their progress.”
“Our administration is committed to partnering with our municipalities to move forward on our shared IT and cybersecurity goals” said Governor Maura Healey. “We are thrilled to see so many cities and towns prioritize cyber readiness through the Municipal Cybersecurity Awareness Training Grant Program.”
“Programs like the Municipal Cybersecurity Awareness Grant really move the needle with our municipal workforce, which is where the rubber meets the road on cybersecurity,” said Lt. Governor Kim Driscoll. “This program, provided at no cost to municipalities or employees taking the training, makes clear that cybersecurity is everyone’s responsibility, whether we have IT in our job titles or not.”
“In my time as the Commonwealth CIO I’ve had a chance to talk to municipal officials from all over the state.” said Secretary of Technology Services and Security Jason Snyder. “In every discussion, cybersecurity comes up as a top priority. EOTSS is proud to advance the Healey-Driscoll Administration’s priority of supporting municipal cybersecurity readiness. We work best in Massachusetts when state and municipal organizations work together, and this grant program exemplifies this commitment.”
The Commonwealth offers the training program free to municipal organizations, which are further supported with quarterly threat briefings and weekly newsletters with cybersecurity best practices and program updates provided by the EOTSS Office of Municipal and School Technology. Municipal information technology officials also receive monthly summary progress reports that detail the number of employees who inadvertently clicked on malicious links contained in the simulated phishing emails, offering important visibility on the threat landscape.
According to state officials, “In addition to the Municipal Cybersecurity Awareness Grant Program, The Healey-Driscoll Administration offers a number of other programs to further support municipal officials in their cybersecurity and information technology modernization efforts, including a Free Cybersecurity Health Check Program, the Community Compact IT Grant Program, and the Community Compact Municipal Fiber Grant Program.”
****
For more info on the Municipal Cybersecurity Awareness Grant Program, visit https://www.mass.gov/municipal-cybersecurity-awareness-grant-program.
FBI director: China’s cyberhackers preparing to ‘wreak havoc’ on critical U.S. infrastructure
Advocate Staff Report
In sheer numbers, they appear to have an overwhelming advantage. FBI Director Christopher Wray on Wednesday told members of a U.S. Congressional Select Committee that his agency believes that China’s cyber operatives outnumber all FBI agents by at least 50 to 1.
He warned members of the House Select Committee on the Chinese Communist Party as well as the general public that Chinese cyberhackers are preparing to “wreak havoc and cause real-world harm” to the United States. Though cyber officials have long warned about China’s offensive cyberattack capabilities, Wray’s dramatic public warning illuminates the high level of concern at the top of the U.S. government about the threat Chinese hackers pose to critical infrastructure nationwide. The head of the National Security Agency and other senior U.S. officials also testified on Chinese cyber activity in front of the panel Wednesday.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray told the House Select Committee on Wednesday.
Chinese government-backed hackers, Wray said, are targeting things like water treatment plants, electrical infrastructure and oil and natural gas pipelines. The Chinese hackers are working “to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous,” Wray said. “And let’s be clear: Cyber threats to our critical infrastructure represent real world threats to our physical safety.”
The Chinese government has previously denied allegations of hacking efforts.
The hearing comes in the wake of an attempt by U.S. and Chinese officials to ease tensions in the relationship between the two superpowers. At a meeting in November, Chinese President Xi Jinping assured U.S. President Joe Biden that China would not interfere in the 2024 U.S. election, CNN reported on Tuesday.
The focus of the hearing was not U.S. elections but how Chinese hackers are allegedly infiltrating computer networks at ports, energy plants and other key infrastructure in the United States.
Gen. Paul Nakasone, the head of the National Security Agency, told lawmakers removing hackers from U.S. critical networks is an ongoing concern. “We need to have a vigilance that continues onward,” Nakasone said. “This is not an episodic threat that we’re going to face. This is persistent.”