IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Massachusetts Establishes Cyber Incident Response Team

Gov. Charlie Baker has created the Cyber Incident Response Team in a Dec. 14 executive order. The group will be comprised of members from state government public safety and cybersecurity organizations.

Massachusetts is getting a cyber incident response team. In an executive order signed yesterday, Gov. Charlie Baker established the Massachusetts Cyber Incident Response Team (MA-CIRT) to guide state efforts to mitigate, respond to and recover from “significant cybersecurity threats,” impacting agencies, according to a press release.

The secretary of the Executive Office of Technology Services and Security (EOTSS) will lead the cyber incident response team. Members will be drawn from state agencies focused on cybersecurity and public safety.

The executive order also calls for a variety of cyber preparations, including directing the MA-CIRT to maintain a cyber incident response plan, requiring regular cyber incident and threat information sharing between the state’s security operations center (SOC) and fusion center, and obligating executive branch personnel to complete security awareness training annually, among other measures.

“State governments and other organizations across the country are increasingly being targeted by bad actors aiming to disrupt operations and compromise information systems,” Gov. Baker said in a statement. “This executive order will further strengthen the commonwealth’s policies, procedures and resources required to prevent potential threats and appropriately respond to attacks on government infrastructure and services. As state governments expand their digital footprints, moving more services online and allowing for a more connected workforce, it’s critical that we make the necessary investments to protect this critical technology infrastructure from acts of terrorism and criminal, organized crime and gang activity.”

MA-CIRT will include members representing leadership from the EOTSS, SOC, fusion center, and State Police Cyber Crime Unit, as well as the Executive Office of Public Safety and Security, National Guard and Emergency Management Agency.

The executive order also calls for new steps to bolster Massachusetts’ cyber defenses and resilience. Per the press release it:

  • "Requires MA-CIRT to review cybersecurity threat information and vulnerabilities to make informed recommendations and establish appropriate policies to manage the risk of cyber incidents for executive department agencies and all other state agencies served by EOTSS.
  • Requires MA-CIRT to develop and maintain an up-to-date Cyber Incident Response Plan, which will guide the actions of the commonwealth’s key public safety and information security and technology teams, state agency resources, and security professionals in responding to and minimizing the impact of significant cybersecurity threats to commonwealth systems. The plan is required to be submitted annually to the governor for review and approval.
  • Empowers the EOTSS secretary to serve as MA-CIRT lead, with the approval of the governor, to direct MA-CIRT in response to a significant cyber incident.
  • Requires the routine exchange of information related to cybersecurity threats and reported incidents between the Commonwealth Fusion Center and the Commonwealth Security Operations Center.
  • Requires EOTSS and MA-CIRT to consult with the Massachusetts Cyber Center and assist the center with efforts to foster cybersecurity resiliency through communications, collaboration, and outreach to state agencies, municipalities, educational institutions and industry partners.
  • Requires executive department agencies to comply with protocols and procedures established by MA-CIRT and all related policies, standards and administrative directives issued by EOTSS.
  • Requires commonwealth executive department agencies and other state agencies served by EOTSS to identify and report significant cybersecurity incidents and coordinate efforts to mitigate and prevent further damage from cyber incidents.
  • Requires all executive department personnel to annually complete the EOTSS-approved security awareness training program administered by the Human Resources Division.
  • And strongly encourages other governmental entities throughout the commonwealth not served by EOTSS to report cybersecurity threats or incidents to the Commonwealth Security Operations Center."

In a statement, EOTSS Sec. Curt Wood called the executive order “critical” and said it “will serve the commonwealth for years to come.”

The MA-CIRT will soon fall under new leadership, with both Wood and Baker slated to depart in January.