Massachusetts Governor Issues Executive Order To Strengthen State’s Cyber Defenses – Security

Governor Charlie Baker recently took steps to
strengthen cybersecurity in Massachusetts by signing an executive order on December 14, 2022
creating an advisory panel to improve the state’s cyber
defense. The new state task force will assess existing resources,
develop contingency plans, and identify strategies for preventing
future cyberattacks. The goal of the task force is to ensure that
the Bay State is at the forefront of the ever-evolving
cybersecurity landscape. With cyber threats becoming increasingly
sophisticated, it’s crucial for the state to stay ahead of the
curve. The panel will study existing protocols, assess the
state’s current level of preparedness, and recommend ways to
improve security measures.

The executive order will also create a
Cybersecurity Incident Response Team (MA-CIRT), which will consist
of state leaders from the public and private sectors, including
representatives from the Governor’s Office, the Massachusetts
State Police, the Department of Telecommunications and Cable, the
Commonwealth Fusion Center, the Department of Security, the
Massachusetts Emergency Management Agency. MA-CIRT will be led by
the Secretary of the Executive Office of Technology Services and
Security (a position currently held by Curt Wood).

Additionally, the Executive Order:

• Requires MA-CIRT to review cybersecurity threat information and
  vulnerabilities to make informed recommendations and establish
  appropriate policies to manage the risk of cyber incidents for
  executive department agencies and all other state agencies served
  by EOTSS.




• Requires MA-CIRT to develop and maintain an up-to-date Cyber
  Incident Response Plan, which will guide the actions of the
  Commonwealth’s key public safety and information security and
  technology teams, state agency resources, and security
  professionals in responding to and minimizing the impact of
  significant cybersecurity threats to Commonwealth systems. The Plan
  is required to be submitted annually to the Governor for review and
  approval.




• Empowers the EOTSS Secretary to serve as MA-CIRT lead, with the
  approval of the Governor, to direct MA-CIRT in response to a
  significant cyber incident.




• Requires the routine exchange of information related to
  cybersecurity threats and reported incidents between the
  Commonwealth Fusion Center and the Commonwealth Security Operations
  Center.




• Requires EOTSS and MA-CIRT to consult with the Massachusetts
  Cyber Center and assist the Center with efforts to foster
  cybersecurity resiliency through communications, collaboration, and
  outreach to state agencies, municipalities, educational
  institutions and industry partners.




• Requires executive department agencies to comply with protocols
  and procedures established by MA-CIRT and all related policies,
  standards and Administrative Directives issued by EOTSS.




• Requires Commonwealth executive department agencies and other
  state agencies served by EOTSS to identify and report significant
  cybersecurity incidents and coordinate efforts to mitigate and
  prevent further damage from cyber incidents.




• Requires all executive department personnel to annually
  complete the EOTSS approved security awareness training program
  administered by the Human Resources Division.




• And strongly encourages other governmental entities throughout
  the Commonwealth not served by EOTSS to report cybersecurity
  threats or incidents to the Commonwealth Security Operations
  Center.

To view Foley Hoag’s Security, Privacy and The Law
Blog please click
here

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.