Much of this support will center around expanding security operations center (SOC) projects. For one, the state SOC is now allowing municipalities to turn to it for help directly during an incident, CIO Jason Snyder said. Plus, the state is advancing an ongoing effort to open SOCs on its public higher ed campuses. This move is aimed at providing local governments with support to prevent an incident in the first place.
With the SOC, Massachusetts expanded its contract with an operations support vendor and augmented its team to give it the capacity to serve hundreds of municipalities, Snyder said. The idea is local governments impacted by an incident can call the SOC and get support, including direct assistance from vendors. Municipalities — or the state SOC — can also involve the state fusion center for help investigating cyber incidents that are criminal in nature.
Before they can receive such help, though, municipalities need cybersecurity incident response plans.
“We did a survey in the spring, which showed 14 percent of municipalities have an incident response plan today — so this is a major problem,” Snyder said. “When they’re attacked — not if, when — they’re not ready.”
There’s help coming for that remaining 86 percent. State and municipal partners secured a federal grant to fund local governments' development of such plans. State agencies and partners will also work with municipalities to help implement them.
Municipalities interested in learning more about the state SOC are invited to attend a session at the Chelsea, Mass., facility in person on Oct. 30, where they can receive tours and discuss needs.
Other new efforts include a soon-to-be-released score card helping municipalities understand their cyber maturities, and expanding the Massachusetts Cyber Incident Response Team to also help municipalities, rather than just state agencies.
The state is also advancing an effort,launched in 2022, to open cyber ranges and SOCs at community colleges and state universities, aiming to develop a stronger cyber workforce to better defend local governments. Essentially, the SOC/Range Initiative has dual goals of developing student cyber skills via hands-on activities and providing affordable cyber services to municipalities, nonprofits and small businesses.
A recent $1 million grant is supporting this work in part. In 2022, Bridgewater State University (BSU) and Springfield Technical Community College (STCC) became the first participating institutions, and now MassBay Community College joins the roster with plans to develop a cybersecurity training center. The grant also provides BSU with more funds for its current work.
The initiative is still in early stages, with BSU aiming to open its physical range by late 2023, and both it and STCC expect to open SOCs in 2024. In the meantime, students have been able to access a virtual range from vendor Cyberbit, said John Petrozzelli, director of Mass Tech Collaborative‘s MassCyberCenter, a public-sector organization managing the initiative.
BSU and STCC have used the cyber range platform to incorporate hands-on activities into higher ed curriculums, enabling students to practice self-paced on-demand activities as well as train against threat simulations in class. High school students have also gotten a taste, with some integrating it into after-school or summer program-style offerings that prepare participants for community colleges or state schools, Petrozzelli said.
During pilots in the first half of this year, 133 students trained on the cyber ranges.
The initiative aims to see SOCs offer both advisory and operational services. On the operational side, SOCs will begin by offering endpoint detection and response (EDR) and managed detection and response (MDR) services. That can be a good foundation, giving more insights into the threat landscape.
“Those two services will provide a lot more visibility for the municipalities, as well as the state, into the municipalities to determine what those threats are [that are] attacking the municipalities and will give the state a better idea of whether those threats are singular in nature, or whether they're being directed at multiple municipalities,” Petrozzelli said.
The grants include $800,000 to enable MassBay to host a cyber range on its Wellesley campus. This will serve students in the cybersecurity associates degree program and other cyber training programs, per a press release. About $500,000 of that award is intended for the infrastructure costs while the remaining supports first-year operating expenses. Partner community colleges, state universities and high schools can access the range.
Meanwhile, about $300,000 goes to BSU to support the first year of operations at its cyber range, once it’s up and running.
Funding is an important question for an initiative focused on providing low-cost cyber services, and details are still being pinned down. Last year, officials launched CyberTrust Massachusetts, a membership nonprofit intended to fund ongoing SOC and range expenses. It will likely rely primarily on state funds for the first couple years, until its alternate revenue sources are built up more. Those sources could include dues from members of its consortium of schools and companies, as well as subscription fees paid by recipients of its SOC services. Those two revenue streams will become more dependable as participation grows.