Tewksbury hosts municipal cybersecurity summit | News | #government | #hacking | #cyberattack | #education | #technology | #infosec

[ad_1]

TEWKSBURY — Lead­ers from over a dozen lo­cal communities and mu­nicipal organizations came together in Tewksbury last month to discuss the threat of cybercrime. Hos­ted by the Town of Tewks­bury, the forum was the first of its kind collaboration between municipalities and cyber professionals.

The day long meeting was an opportunity to discuss vulnerabilities that cities and towns in Massa­chusetts, and across the country, face. Ransom­ware, killware, and access to resident data were all part of the discussion.

Select Board member James Mackey, a cyber professional, moderated the discussion which was held at the Tewksbury Public Library with support from Leicester Cyber Solutions and Lowell 5 bank.

Topics such as election security, network security, threat detection, and in­ter­nal processes for cities and towns were covered. Municipal leaders were encouraged to not only evaluate their current status, but to start to evaluate weaknesses and stra­tegize ways to address them.

Mackey said, “I see this as just a first step on the long road to tackling the problem of municipal cy­bersecurity. This event was designed to introduce municipal senior management to some of the core concepts of cybersecurity. While they are not expected to be subject matter ex­perts, they do need to be able to meet their technical staff half way”.

During the session, engineers and cyber operations experts introduced resour­ces that are available to communities to use as part of an implementation plan for cy­bersecurity. First and foremost, managers were en­cour­aged to create a road­map for a cybersecurity program, involving de­part­ment heads and IT departments within the city or town government.

Even if there is no strong process in place, there were immediate process changes that could be made, such as changing passwords to non-common, non-obvious choi­ces.

Strategies from the Na­tional Institute of Stan­dards and Technology were discussed. NIST is a government agency focused on science and technology and has created a framework for assessing and addressing cybersecurity risks for business and government.

Threat detection and man­agement was broken down into several categories: identify, protect, detect, respond and recover. Ac­cording to the framework, which was establish­ed in 2014, “The national and economic security of the Uni­ted States depends on the reliable functioning of critical infrastructure. Cyberse­curity threats ex­ploit the increased complexity and connectivity of critical in­frastructure systems, placing the Nation’s security, economy, and pub­lic safety and health at risk.”

The net of this strategy is to minimize risk.

Managers were encouraged to embark on an in­ventory of software and hardware in their organizations. Passwords were cited as a common point of weakness for networks, along with users not being able to recognize phishing emails and potentially opening spam email that might launch spyware or malware designed to harm an infrastructure system.

Backing up data was also discussed and highlighted as a key vulnerability. The presenters stated that if routine backups are scheduled then restoration of data be­comes easier and the mu­nicipality will be in a stron­ger position should an at­tack occur. Emphasis was also placed on alerting surrounding communities should a cyberattack happen as a means to stop any type of serial intrusion.

During the session, a de­monstration of hacker at­tempts was shown on the screen. Using a secure ser­­ver and a simple do­main, presenters were able to de­monstrate how attempts to penetrate a password-protected site were happening around the clock from locations around the globe. Dur­ing one discussion, over 10,000 attempts were log­ged, emanating from countries such as China, Russia, and even from within the United States.

Mackey said, “We wanted to start the discussion, educate and empower senior leaders, and build relationships for tackling this problem. While there is much Tewksbury can do to im­prove our cyber se­curity protection measures, de­tection and re­sponse capabilities are costly. Hope­fully as Tewks­bury and our neighbors mature, we can look at partnerships to help re­source the critical detection and response capabilities.”

[ad_2]

Source link