In its new online training modules for municipalities, the MassCyberCenter describes a cyberattack on a fictional community called “Massboro” to underscore its training goals.

The MassCyberCenter has released new online training materials to help local leaders implement cybersecurity best practices and attain a “minimum baseline of cybersecurity” to protect digital assets and information against cyberattack threats.

The MassCyberCenter at the Massachusetts Technology Collaborative unveiled the free, interactive training modules on Oct. 7 during the first-ever Municipal Cybersecurity Summit, which was attended by about 300 government officials from around Massachusetts. MassCyberCenter Director Stephanie Helm said the summit reflected the state’s partnership with federal and state agencies, organizations including the MMA, and with its regional Homeland Security councils.

“The launch of these online training modules builds on the work of the MassCyberCenter and our partners statewide, including the Cyber Resilient Massachusetts Working Group, to engage with municipalities directly about their cyber preparedness and to highlight the resources, grants and technical experts that can help them bolster their defenses,” Helm said.

Municipalities across the country have increasingly been targeted with cyberattacks, exposing them to ransom demands, lost data and costly IT work to restore their networks and services to the public. The MassCyberCenter, established in 2017, seeks to “encourage municipalities to improve their ability to protect and defend themselves from a cyberattack, inspire collaboration and strengthen cybersecurity resilience across Massachusetts.”

The MassCyberCenter’s training seeks to establish a “minimum baseline” of cyber preparedness for municipalities, by relying on their people, processes and technology.

The MassCyberCenter has aimed the modules at achieving four goals:
• Reduce the number of cybersecurity incidents by having better-trained and more cyber-secure employees
• Encourage greater sharing of threat information and improving regional awareness
• Improve cyber incident response planning by creating an effective strategy for handling cyber incidents
• Implement best practices to create a more secure technology environment

The modules introduce trainees to the fictional community of “Massboro,” which experiences a cyberattack after an employee clicks on a malicious link and accidentally downloads ransomware onto a municipal computer. As a result, Massboro loses access to everything from tax records to birth certificates, as all of its records are encrypted over a ransom demand. The training walks people through the hypothetical scenario, the effects it would have on municipal services, and the steps municipalities can take now to avoid a similar fate.

Written by