Watertown invests in cybersecurity, technology upgrades

As Watertown bolsters its cybersecurity defenses, the city is shifting its view of technology, from an area that causes anxiety to a vehicle for improving government services.

In September, the City Council approved the borrowing of $261,568 to fund the first year of a “centralized managed services plan” as part of its broader IT Cybersecurity Capital Plan. As part of these efforts, Watertown is consolidating several information technology services under one plan, moving to a program that involves 24/7 monitoring, auditing of computer networks and systems, testing for vulnerabilities, and other IT best practices. The plan is part of a multi-year effort to improve Watertown’s technological security, continuity and disaster recovery preparedness.

“I think the steps that we are putting in place are a key part of bringing our cybersecurity program as far along as we can, as soon as we can,” said City Manager George Proakis. “As a city manager, there are a lot of things to worry about every day in the community. This one worries me, along with a lot of those other things — the possibility of a cyberattack, of lost data, of something occurring that we don’t have the right redundancies on — all of the sort of things surrounding the ability to maintain operations from a data perspective.”

Watertown’s efforts come as local governments face increasing cyberattacks, particularly ransomware attacks in which criminals demand money while holding municipal computer systems hostage. Cybersecurity anxiety can create paralysis for municipalities, which can find themselves overwhelmed with options but are often short on funding and in-house expertise, said Christopher McClure, Watertown’s chief information officer.

“You don’t want to be wrong, but if you’re in a case where you’ve never been attacked — which, luckily, most places haven’t had a serious cyberattack — how do you know how much is the right amount to spend?” McClure said. “Is it a million dollars? How do you know how much to spend on something that hasn’t happened?”

Watertown’s answer to that question has involved increased staff, more centralized IT services, and infrastructure upgrades. The city’s plan includes offsite backup of data and offsite disaster recovery, email security, and antivirus protection. It also entails software patches, hardware updates, end-user management, regular updating of computers and running of backups, and a heavy emphasis on cybersecurity training. Much of Watertown’s focus centers around prevention, but if an attack does occur, the emphasis shifts to quick detection and remediation, McClure said.

During the first year of the plan, the city will be building a new system while its current setup remains in operation, so that no security gaps emerge during the transition. To make these improvements, the city is working with Hubtech, a firm that has assisted the city in various capacities for years and will help preserve continuity and offer institutional knowledge, McClure said. After Watertown centralizes these services and completes the initial groundwork, the city plans to incorporate this ongoing work in its operating budget in future years.

By improving its cybersecurity defenses, officials said, Watertown can focus more on using technology to promote innovation, efficiency, collaboration, enhanced online services, and improved communication with the public. By prioritizing the right investments, Proakis said, the city can help the IT Department focus on digital equity issues in the community, increased community access to online documents, and the continuing process of digitizing paper records.

“The more I can get these baseline needs taken care of with risk, and those levels of concern, the more our team can be focusing on asking whether kids in our housing authority buildings have internet access and the ability to access public data,” he said.