Leaders discuss cyber resiliency at the Massachusetts Municipal Cybersecurity Summit in Worcester, Massachusetts.

Jul 02 2024

Massachusetts Helps Municipalities Strengthen Their Cybersecurity Posture

The commonwealth funds a cyber resiliency program and shares tips.

The initial inspiration for creating the Massachusetts Municipal Cybersecurity Summit in 2021 — to encourage cities and towns to work together on cybersecurity prevention — remains a focus for the MassCyberCenter, says Director John Petrozzelli.

“This was a way of getting people together to share business cards and ideas — almost crowdsourcing across the state — so the first time an incident happens, you already know people,” he says.

State and federal nonprofit agencies often speak about their cybersecurity programs at the event, and municipal leaders can pose questions. As part of the MassCyberCenter’s budget, the summit is free to attend.

“The biggest thing we were trying to drill home was that we know the threats exist, and the state has a variety of resources in place to help,” Petrozzelli says. “This summit is right in line with our mission: to help municipalities become more cyber resilient by having that interaction with state or federal officials — or other municipalities they haven't seen in a while — to talk about best practices.”

During the 2024 summit, the MassCyberCenter announced the new $1.4 million Cyber Resilient Massachusetts Grant Program. The initiative provides up to $25,000 to help individual municipalities strengthen their internet-facing vulnerabilities.

“We wanted to enhance their capability to fill any gaps they have in cybersecurity as a result of grants they didn't receive — or received, but used for different parts of their IT stack,” Petrozzelli says. “This program is built with the idea that they can harden those vulnerabilities on a small scale. It might be implementing the best practices for Microsoft Office 365 or Google Workspace, or installing third-party firewall certificates.”

Click the banner below to explore how to establish strong cyber resilience.


Cybersecurity Summit Draws an Informed Crowd

The MassCyberCenter, which provides cyber resiliency resources for communities, hosted the fourth annual Massachusetts Municipal Cybersecurity Summit on May 8.

While the events in 2021 and 2022 required Zoom breakout rooms for specific topics, the organization’s first face-to-face summit took place in October 2023 at Mechanics Hall in Worcester, Mass. This year’s summit, held in Worcester’s DCU Center, drew an even bigger crowd.

“Originally, we wanted to have this in person; that's the best way to meet and discuss sensitive issues,” Petrozzelli says. “We started with a virtual summit because of the pandemic. Last October, about 170 registrants attended; this year, we had 253. It was a much better turnout than just six months ago.”

Speakers at this year’s summit shared information about cyber hygiene and available cybersecurity programs and funding with approximately 156 municipality and 33 nonprofit organization employees, 22 higher education professionals and 42 state and federal agency attendees.

READ MORE: Massachusetts CIO shares AI insights.

Topics Included Threat Prevention and Response

During the first half of the day, Susan Noyes, director of the state’s Office of Municipal and School Technology, and MassCyberCenter Resiliency Program Manager Meg Speranza spoke about ways to build a mature cybersecurity program using low- and no-cost federal and state resources.

John Petrozzelli
This was a way of getting people together to share business cards and ideas — almost crowdsourcing across the state — so the first time an incident happens, you already know people.”

John Petrozzelli Director, MassCyberCenter

Subsequent sessions touched on mitigating current municipality-related threats — including some that CIO Colby Cousens has seen in Danvers, Mass., Petrozzelli says — and state-supported tools that can help cities and towns defend against digital security risks.

CEO Pete Sherlock and other representatives from CyberTrust Massachusetts — a nonprofit that supports communities’ cybersecurity resiliency and helps develop cyber workforce talent — discussed resources such as the 24/7 endpoint detection and response monitoring services the Commonwealth’s security operations center initiative provides via third-party vendor SentinelOne.

LEARN MORE: Risk assessments can help your agency stay ahead of cyber threats.

Summit Attendees Get Hands-On Opportunities

In the afternoon, summit attendees participated in an interactive exercise designed to highlight the importance of collaboration during a cybersecurity incident.

A member of the Cyber Resilient Massachusetts Working Group — which comprises public and private industry leaders who provide cybersecurity guidance and updates — came up with the idea for the CyberSecureDeck card game several months before the event, Petrozzelli says.

“He thought it would be a great idea to build some type of incident response activity and gamify it so it was more interesting to people who are maybe not in the IT world,” he says. “We worked within our Cyber Resilient Massachusetts Working Group to identify possible scenarios we could use for the exercise, and then we built the game based on real-world events that happened in 2023 across different industries.”

Groups of eight attendees were given decks of 3-by-5-inch cards — color-coded to indicate roles that players assumed, such as media professional, operations and others — and one of the game’s five potential cybersecurity scenarios or additional developments that can factor into players’ decisions, referred to as injects.

In a phishing scenario, for example, after suddenly discovering their computers aren’t responding, the finance team receives a ransomware message.

“It took on a life of its own,” Petrozzelli says. “The injects are numbered 1 through 12; I played it linearly, and another instructor shuffled the cards and decided which ones to give out to make things even more difficult for the team to understand. At the end of the day, we got really positive feedback.”

Summit attendees received a copy of the game, which is also available on the MassCyberCenter website, to take with them and use within their organization.

SeanPavonePhoto/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.