Massachusetts Helps Municipalities Strengthen Their Cybersecurity Posture

Cybersecurity Summit Draws an Informed Crowd

The MassCyberCenter, which provides cyber resiliency resources for communities, hosted the fourth annual Massachusetts Municipal Cybersecurity Summit on May 8.

While the events in 2021 and 2022 required Zoom breakout rooms for specific topics, the organization’s first face-to-face summit took place in October 2023 at Mechanics Hall in Worcester, Mass. This year’s summit, held in Worcester’s DCU Center, drew an even bigger crowd.

“Originally, we wanted to have this in person; that's the best way to meet and discuss sensitive issues,” Petrozzelli says. “We started with a virtual summit because of the pandemic. Last October, about 170 registrants attended; this year, we had 253. It was a much better turnout than just six months ago.”

Speakers at this year’s summit shared information about cyber hygiene and available cybersecurity programs and funding with approximately 156 municipality and 33 nonprofit organization employees, 22 higher education professionals and 42 state and federal agency attendees.

READ MORE: Massachusetts CIO shares AI insights.

Topics Included Threat Prevention and Response

During the first half of the day, Susan Noyes, director of the state’s Office of Municipal and School Technology, and MassCyberCenter Resiliency Program Manager Meg Speranza spoke about ways to build a mature cybersecurity program using low- and no-cost federal and state resources.

Subsequent sessions touched on mitigating current municipality-related threats — including some that CIO Colby Cousens has seen in Danvers, Mass., Petrozzelli says — and state-supported tools that can help cities and towns defend against digital security risks.

CEO Pete Sherlock and other representatives from CyberTrust Massachusetts — a nonprofit that supports communities’ cybersecurity resiliency and helps develop cyber workforce talent — discussed resources such as the 24/7 endpoint detection and response monitoring services the Commonwealth’s security operations center initiative provides via third-party vendor SentinelOne.

LEARN MORE: Risk assessments can help your agency stay ahead of cyber threats.

Summit Attendees Get Hands-On Opportunities

In the afternoon, summit attendees participated in an interactive exercise designed to highlight the importance of collaboration during a cybersecurity incident.

A member of the Cyber Resilient Massachusetts Working Group — which comprises public and private industry leaders who provide cybersecurity guidance and updates — came up with the idea for the CyberSecureDeck card game several months before the event, Petrozzelli says.

“He thought it would be a great idea to build some type of incident response activity and gamify it so it was more interesting to people who are maybe not in the IT world,” he says. “We worked within our Cyber Resilient Massachusetts Working Group to identify possible scenarios we could use for the exercise, and then we built the game based on real-world events that happened in 2023 across different industries.”

Groups of eight attendees were given decks of 3-by-5-inch cards — color-coded to indicate roles that players assumed, such as media professional, operations and others — and one of the game’s five potential cybersecurity scenarios or additional developments that can factor into players’ decisions, referred to as injects.

In a phishing scenario, for example, after suddenly discovering their computers aren’t responding, the finance team receives a ransomware message.

“It took on a life of its own,” Petrozzelli says. “The injects are numbered 1 through 12; I played it linearly, and another instructor shuffled the cards and decided which ones to give out to make things even more difficult for the team to understand. At the end of the day, we got really positive feedback.”

Summit attendees received a copy of the game, which is also available on the MassCyberCenter website, to take with them and use within their organization.