Lexington, Mass., Adapts to Ward Off Cyberthreats, CIO Says

While the budget for cybersecurity operations and frequency of attacks have remained constant, CIO Tom Case said changes to threat delivery requires staying on top of employee training and standard practices.

by Matthew Reid, Wicked Local Metro / July 31, 2019
Shutterstock/GlebSStock

(TNS) — Places such as Baltimore and Atlanta have been hit with massive cyberattacks in recent years, but it's not just major cities that are at risk of losing data or having their systems hacked. Smaller municipalities, such as Lexington are also targets.

According to a 2019 report from the International City Management Association, approximately one in three local governments do not know how frequently their information system is subject to attacks, incidents and breaches. Of those that do, 60 percent report they are subject to daily cyberattacks, often hourly or more.

Lexington uses a combination of industry standard practices, modern technology, and employee awareness to combat these attacks, Chief Information Officer Tom Case said. Annually, external companies have been invited to Lexington in order to test the town's cybersecurity. This is done by simulating attacks and using social engineering to see how prone employees are to falling for various scams, Case said.

While Lexington has not been the victim of any major attacks, the town's technology infrastructure is constantly under threat, Case said.

"Everybody is constantly under attack. On any given day most of the email that tries to get through to any organization is junk and has to get filtered out," he said.

Generally, Case said, Lexington's cybersecurity budget has remained consistent from year to year, as have the number of potential attacks. However, the types of attacks do change over time, with the high profile cases in large cities like Atlanta drawing attention to new ransomware attacks where government information is held hostage by criminals until a ransom is paid. Therefore, Case said, towns and cities are more reluctant to share cybersecurity information with the public than ever, not wanting to risk it getting into the wrong hands.

"We're taking this very seriously. It's at the top of our list of responsibilities and priorities to keep the data and the systems of the town safe, as well as the people using them," Case said.

Tiffany Schoenike, chief operating officer for the National Cyber Security Alliance, warns smaller municipalities are just as likely as larger cities to be the target of an attack. This could include anything from sensitive data being lost or stolen to systems being locked with the only recourse paying the hacker to regain access.

"Sometimes funding levels make things worse," Schoenike said. "This could be from not being able to afford the right kinds of technology, or not being able to hire the best people for the job."

But ultimately, hackers won't discriminate based on the type of government or system they target.

"They go where the money is," she said. "Just like some criminals rob banks and others rob convenience stores, every hacker is different. That's why every community, large or small, needs to be protected."

'Think before you click'

Phishing, Schoenike said, remains one of the most-effective methods for hackers to gain access to a city or town's data. The act, which involves a cybercriminal posing as a legitimate person or company as a way to obtain private information, is nothing new. But the methods used are constantly being refined.

A Melrose Police detective's laptop was infected in 2016 through a phishing attack, after an officer opened an attachment that set off a virus and encrypted all of the data on the computer. The attack compelled the department to pay nearly $500 for a Bitcoin ransom to regain control of its network. The city's technology director transferred the digital currency to the hackers via a mobile app, following instructions the hackers had left on the laptop.

Officials in Leominster paid $10,000 in Bitcoin last year when a similar incident occurred involving the school district's computer systems, which affected every school in the district.

A computer virus shut down municipal computers in New Bedford in early July, and nearly two weeks later city officials were implementing restoration plans on its municipal computer network. The city had released little information as of July 17, but said that the virus at least shut down some of the computers at both City Hall and in the Fire Department.

Issues such as these are causing many municipal officials to act, before something similar happens in their community.

In May, voters in Burlington approved a Town Meeting article to request a report by year's end from the Board of Selectman on the current status of the town's cybersecurity, including a risk assessment and recommendations moving forward. The town has reactivated its Information Systems Advisory Committee to assist.

"The article was put on the warrant to be proactive," said David Miller, an advisory committee member. "A lot of people hear about various cities across the nation being hit with things like ransomware and/or other hacking attacks, and (we) want Burlington to get ahead of the curve."

Education is key

In Framingham, a city with about 600 regular users on its network, trainings occur regularly to ensure the system is not compromised.

"We are constantly taking a look at ways to improve security," said Carly Melo, director of technology services. "Something even as small as a two-minute video reminding people of best practices can go a long way."

Melo said the city has increased its cybersecurity methods even in the past year, as new vulnerabilities are always popping up.

"We even offer advice on how our staff behaves on social media," she said. "We tell people to always think before they click on a link. There's always the chance of a vulnerability leading to something bad happening."

Schoenike said the education of municipal employees, regardless of their comfort and familiarity with technology, is crucial.

"You can have the best tech in place, but if one person clicks on a link they shouldn't, or opens the wrong attachment, that's all some people need to gain access," she said. "And these criminals are getting very good at disguising themselves, so people think they're dealing with something that is safe and secure."

©2019 Wicked Local Metro, Needham, Mass. Distributed by Tribune Content Agency, LLC.

Platforms & Programs