THE THREAT OF a cyberattack sits perched just beyond our doorstep, targeting our privacy, economic prosperity, and national security. Motivated to act quickly, congressional and state leaders are pushing the Commonwealth to cultivate a cybersecurity ecosystem focused on educating Massachusetts’ next generation of frontline cybersecurity experts to protect vulnerable institutions, including our local governments, school districts, nonprofits, and businesses from these costly attacks.
From our sprawling higher education campuses to the innovative companies that call the Commonwealth home, Massachusetts has the resources, support system, muscle, and brainpower to innovate the current way we approach and neutralize these threats. As hackers work as a collective to disrupt and rewire society’s foundational systems, we must adopt a similar, collective mindset to protect our businesses, municipalities, and citizens.
The impetus to act cannot wait. In the first four months of 2023, malware attacks in Massachusetts have targeted the state’s second-largest health insurer, two school districts, as well as several of our community colleges. These attacks should serve as a glaring example of the vulnerabilities many Massachusetts companies face no matter their size or access to resources. No one is completely safe from bad actors’ intent on disrupting systems and taking advantage of soft spots in security infrastructure.
Federal agencies and deep-pocketed businesses are just as vulnerable. Russian cybercriminals launched a global cyberattack last month targeting multiple US federal government agencies and exploiting a vulnerability found in widely-used software; the impacts and aftermath of this hacking campaign could potentially affect companies and organizations across the United States.
Some estimates state that one in six Massachusetts communities has been infected by ransomware in recent years, with at least 10 communities deciding to pay hackers to unlock their files. The FBI reported that Massachusetts victims lost a total of $226 million total to cybercrimes in 2022, highlighting the massive economic cost to the state.
Despite the growing threats, there are currently more than 750,000 unfilled cybersecurity positions nationally, including 20,000 right here in Massachusetts. There’s also a clear lack of diversity, as 13 percent of cyber professionals are Black or Hispanic, and only 24 percent female, an issue the state has looked to address through programs like the Massachusetts Cybersecurity Mentorship Program, launched by the MassCyberCenter housed at the MassTech Collaborative.
In addition, within our state, there are several ongoing cybersecurity training and workforce development efforts that could serve as model programs to bolster cyber defense, building a statewide approach to cyber resiliency that encapsulates both workforce training and economic development under one roof.
The launch last fall of the nonprofit CyberTrust Massachusetts recognized the dire need for strengthening the cyber talent pipeline to bolster and support organizations across the state, and way to build the infrastructure for training our future workforce. CyberTrust Massachusetts, formed through the impetus of the MassCyberCenter and state leaders, including Sen. Michael Rodrigues, brings our colleges, universities, and businesses together, linked in a network of regional nodes, to meet critical cybersecurity needs.
For example, supported by $2 million in federal funding secured by the Massachusetts congressional delegation and an additional $1.45 million in state funding from the Massachusetts Skills Capital Grant and the MassCyberCenter, institutions of affordable higher learning like Springfield Technical Community College and Cambridge College in Boston are launching or expanding cybersecurity programs and infrastructure, while Bridgewater State University has already broken ground on both a cyber range and Security Operation Center (SOC) that will develop a qualified and experienced workforce.
A cyber range is a cybersecurity training space, designed to develop hands-on training through simulated cyberattacks, data breaches, and other cybercrimes. Not that different from a flight simulator, the cyber range is available to both students and outside entities like state and federal law enforcement organizations to learn how to navigate the stormy skies of a cyberattack. A state-of-the-art SOC, staffed by cybersecurity experts and student cybersecurity apprentices, can offer 24/7 cybersecurity risk detection and response to local governments, school districts, non-profits, and small businesses, which often lack the resources to identify and repel cyber-attacks, while simultaneously providing an invaluable hands-on learning experience for students.
This is the future of preventing cyberattacks in our connected Commonwealth: an ecosystem of linked facilities, actively defending our vulnerable institutions against rapidly evolving cyber threats, while at the same time acting as an accessible gateway to recruit and train a highly skilled workforce that will be ready to step into cyber jobs on day one.
This Massachusetts model is at the vanguard of cybersecurity preparedness and response across the nation. As a state, we all must continue to invest in these systems – through time, dollars, and in student recruitment – to help counter threats and expand our cybersecurity ecosystem. Our privacy, prosperity and security depend on it.
Carolyn Kirk is the executive director of the Massachusetts Technology Collaborative and former deputy secretary of the Executive Office of Housing and Economic Development. Frederick W. Clark Jr. is president of Bridgewater State University.