Massachusetts Cybersecurity Czar Calls for Rules, Enforcement

Faced with mounting threats and a legislative report that cited the state as being “extremely vulnerable,” MassCyberCenter Director Stephanie Helm said a more strategic approach is needed to protect government and industry.

by Christian M. Wade, The Eagle-Tribune / March 4, 2019
Shutterstock

(TNS) — The state faces myriad threats from hackers and rogue nations trying to get into the computer systems of governments, businesses and individuals to steal confidential information and financial data, according to Massachusetts’ new cybersecurity czar.

"The threat is very real, and anything that is compute-based is vulnerable to exploitation," said Stephanie Helm, a former U.S. Navy captain and intelligence officer who recently took over as director of MassCyberCenter. "The severity of the threats depend on the adversary and their objective. Sometimes they want your information, sometimes they want your money."

Helm said cyberspace threats seem to multiply each year, as government agencies and businesses scramble to keep a handle on them.

"We have a lot of very unique intellectual property in Massachusetts that we need to do our best to protect," she said. "We've also got a lot of big corporations, and their livelihood is based on strong cybersecurity."

A report last year by a legislative panel found the state is "extremely vulnerable" to cyberattacks from hackers and foreign adversaries.

"There is a need for more strictly regulated and enforced cybersecurity measures in both the public and private sectors, which leaves the private data of Massachusetts citizens open to manipulation and theft, actions which can ruin companies’ reputations and destroy public trust in government bodies," the report stated.

It cited breaches in Holyoke, Leominster and Brookline, where hackers accessed local government computers and in some cases demanded ransom payments.

Critical infrastructure — such as utilities, voting systems and transportation overseen by local governments — is especially at risk, the report noted.

Gov. Charlie Baker created the cybercenter two years ago and earmarked $400,000 for a new grant program to train cybersecurity professionals.

He also created the 19-member Cybersecurity Strategy Council comprised of former military and industry officials to advise state leaders. Michael Brown, a retired U.S. Navy rear admiral and former director for cybersecurity coordination at the Department of Homeland Security, is chairing the committee.

MassCyberCenter is as a part of the Massachusetts Technology Collaborative and serves several functions, according to the Baker administration, including working with the private sector to provide support for business development, fostering the growth of cybersecurity firms and running programs that "increase the cybersecurity talent pipeline."

A primary goal of the center is to act as a clearinghouse of advice for businesses, municipalities and individuals about steps they can take to deter cyberattacks.

To be sure, the center is a work in progress. Helm currently works with a staff of two -- herself and a program manager -- but said the center's position within MassTech gives it access to the state's high-technology sector.

She's working on a two-year strategic plan, which she expects to submit to Baker for consideration, outlining the agency's approach to cybersecurity resiliency.

"The center will play a key role in discussions between state government, industry and academic partners on a collaborative approach to address the cyberthreats we face," she said.

Fears about cybersecurity have been stoked by recent claims that Russian hackers have been remotely targeting the U.S. electric grid. Meanwhile, hackers from China, Iran and North Korea have targeted nuclear reactors and other power industry infrastructure, using tainted emails to harvest credentials and gain access to networks, according to federal officials.

The integrity and security of state and municipal voting systems are another concern for cyber security officials ahead of the 2020 presidential election.

Last year, a grand jury indicted a dozen Russian hackers, accusing them of interfering in the 2016 presidential election and stealing sensitive information from state and local election boards.

Helm points out that Massachusetts is home to some of the country’s top cybersecurity firms — including Raytheon, Threat Stack, Rapid7 and Identity Force — as well as prestigious colleges and universities where faculty and researchers are developing the next generation of cybersecurity systems.

"Massachusetts is at the forefront of the cybersecurity sector," she said. "We have a tremendous amount of technical innovation that can rapidly be used to improve cybersecurity, and we have a ready pipeline of highly educated workers to fill those jobs."

©2019 The Eagle-Tribune (North Andover, Mass.). Distributed by Tribune Content Agency, LLC.