As Mass. deals with cybersecurity threats, Baker creates response team
Confronting mounting cybersecurity threats to state government websites and networks, Gov. Charlie Baker on Wednesday issued an executive order to streamline the commonwealth’s strategy for responding to and recovering from attacks.
The directive comes as Baker has about three weeks left in office, with Gov.-elect Maura Healey poised to be sworn in on Jan. 5.
Baker administration officials said the Massachusetts Cyber Incident Response Team — also known MA-CIRT — will convene experts from across state government, including the Executive Office of Technology Services and Security, the Commonwealth Security Operations Center, the Executive Office of Public Safety and Security, the Commonwealth Fusion Center, the Massachusetts State Police Cyber Crime Unit, the Massachusetts National Guard and the Massachusetts Emergency Management Agency.
“State governments and other organizations across the country are increasingly being targeted by bad actors aiming to disrupt operations and compromise information systems,” Baker said in a statement Wednesday afternoon. “As state governments expand their digital footprints, moving more services online and allowing for a more connected workforce, it’s critical that we make the necessary investments to protect this critical technology infrastructure from acts of terrorism and criminal, organized crime, and gang activity.”
Baker’s executive order outlines key responsibilities for MA-CIRT, including reviewing cybersecurity threat information and vulnerabilities in order to craft recommendations and policies for state agencies to follow. The team must also submit an annual Cyber Incident Response Plan, which needs review and approval from the governor, as public safety and security teams aim to minimize threats.
Executive department agencies and other state organizations are required to identify and report significant attacks, as well as “coordinate efforts to mitigate and prevent further damage from cyber incidents,” officials said. That type of information should also be shared between the Commonwealth Fusion Center and the Commonwealth Security Operations Center, according to Baker’s executive order.
Executive department employees must also participate in annual security awareness training.
“Cybersecurity attacks threaten Commonwealth technology networks and the continuity of essential government services we provide to the constituents we serve,” Lt. Gov. Karyn Polito said in a statement. “With the establishment of MA-CIRT, the Baker-Polito Administration continues to invest and prioritize the delivery of effective and reliable government services to the people of the Commonwealth.”
Gloss