With that in mind, Gov. Maura Healey's administration is making millions of federal dollars available to cities and towns, so they can further insulate their computer systems from hacks and attacks by cyber criminals.
Sparing a municipality from all that's involved in recovering from a successful hack is reason enough to apply for a slice of these federal funds.
Just ask the city of Lowell.
The Municipal Local Cybersecurity Grant Program provides $7.2 million for municipalities, regional school districts and other local government entities. Applicants can request up to $100,000, while multiple communities can jointly apply for up to $300,000, officials said.
Another $1.8 million, available through the State Share Cybersecurity Grant Program, allows local governments to request up to $100,000 in federal funding.
The flow of federal dollars will be overseen by the federal Department of Homeland Security's Cybersecurity and Infrastructure Security Agency and the Federal Emergency Management Agency.
In total, $9.1 million in competitive grants are on the table; applications will be accepted on a rolling basis until March 8, the agency said.
Healey said the federal funding will provide recipient state and local agencies "with resources to effectively respond to and recover from a cyber-incident."
"Cybersecurity threats continue to increase in sophistication and frequency. In this ever-changing digital world, we must implement smart cybersecurity strategies and adapt our systems to meet the moment," she said in a statement.
While the cost to recover from a sophisticated cyber security breach might far exceed what a city or town can receive through these programs, they certainly provide a source of seed money that can be utilized to help identify a municipality's cyber weaknesses.
We're certain the city of Lowell wished it had untaken a review of its computer security systems prior to a massive cyberattack last April.
The online ransomware group Play claimed responsibility for the hacking of Lowell's municipal network, boasting that it had released 5 gigabytes of data from that theft and posted it to the dark web.
Five months later, Lowell still hadn't fully recovered from this network breach, which had left city government without phone service, email, access to financial, human resources, asset management and revenue systems, as well as other ancillary services like dog, business and marriage licenses.
In the interim, city departments faced the daunting prospect of rebuilding servers and networks, installing new equipment, creating secure user access portals and training employees in cybersecurity.
Even by September, Lowell police reported that critical functions could not be conducted from patrol car computers, forcing officers to log on at neighborhood precincts or police headquarters to complete their shift work — a tedious, time-consuming process.
City Manager Tom Golden noted at the time that the cyberattack highlighted vulnerabilities in some equipment used to access internal, proprietary databases that police officers use to write their incident reports.
Though Lowell officials didn't disclose the ransomware amount that Play allegedly demanded or the information the group claimed to have extracted, in May, the city did purchase LifeLock protection for municipal and school employees to provide financial monitoring.
Terrence Reidy, secretary of the state Executive Office of Public Safety and Security, said the state's embrace of advanced technology "has vastly improved the government's ability to deliver more effective and efficient services" but has also "exposed our operational systems and sensitive data to significant risk."
"I encourage eligible entities to pursue this funding opportunity and strengthen our collective defense against evolving digital threats," he said in a statement.
As Lowell's systems vulnerability demonstrated, Massachusetts cities and towns remain under constant threat from hackers probing for weaknesses in computer systems, from which they can steal money and personal information.
Attacks range from malware, ransomware and email phishing scams, to con jobs via the internet to trick people.
Many perpetrators operate from overseas, with ties to rogue nations and criminal gangs, making it hard to catch them.
The FBI's Internet Crime Complaint Center logged 800,944 suspected internet crimes last year, with reported losses exceeding $10.2 billion.
Topping the list of crimes were "phishing" scams, nonpayment/non-delivery scams and internet-based extortion, the agency said.
According to FBI data, there were 7,805 victims of cybercrimes — many of them elderly — in Massachusetts last year, with losses topping $226 million.
For local communities, we know that the publicity generated by Lowell's cyber calamity served as a wakeup call.
But if a lack of cash has kept IT personnel from running reviews of a municipality's cyber defenses, we urge all cities and towns in that position to apply for a portion of this federal aid.
© 2024 Sentinel & Enterprise, Fitchburg, Mass. Distributed by Tribune Content Agency, LLC.
