New Hampshire state officials will spend $300,000 to fund training exercises to help school leaders and city officials combat cyberattacks, as officials continue to raise the alarm about preparedness.
Under a federal grant approved by the Executive Council Wednesday, the Department of Information Technology will have three years to design materials for cyber incident response training.
The grant funding comes as state and federal officials have warned that cyber attacks against public sector targets are increasing, and have urged local governments and organizations to get training. Many attacks come from oversees and involve ransomware, where the infiltrators hold sensitive information such as employees’ Social Security numbers hostage in exchange for a demanded payout. The federal government does not advise that victims of those attacks pay the ransom.
The training will be available to municipal officials, public school administrators, first responders, such as police officers, and IT workers and other technical employees. The money will help fund workshops and “tabletop exercises,’’ in which organizations design a blueprint for how to respond to an attack, assign roles, and walk through the plan in a controlled environment.
“The cybersecurity training and exercise program will prepare leaders and technicians at both the state and municipal levels to protect their systems and networks against potential data breaches and prepare for cyber intrusions that may result in failures of physical infrastructure,” wrote, Department of Information Technology Commissioner Denis Goulet in a letter to the Council.
The money comes from the U.S. Department of Homeland Security’s State and Local Homeland Security Grant Program, designed to help local governments address crime and terrorism attacks more broadly.
Goulet wrote the funds would be “used to protect state and local assets from growing threats of cyberwarfare, cyberterrorism, and cybercrime, which threaten the integrity of essential financial, communications, information and security system.”
New Hampshire public school districts are already required to develop plans detailing their defenses to a cyberattack and their protocols if a breach does occur, thanks to a 2018 law. That law requires that the districts update the plans annually, which are reviewed by the Department of Education.
But experts say it is also important for local officials to have a personal familiarity with the nature of cybercrime threats and what practices can be done each day to stop them. At a forum hosted by Sen. Maggie Hassan at St. Anselm College Monday, state and federal officials urged public employees to take available trainings to learn how to use multi-factor authentication for online sign-ins, as well as how to spot phishing attacks and protect sensitive financial information.
Beyond the state’s new training programs, the U.S. Secret Service has provided free cybersecurity training to New Hampshire public employees and law enforcement at the National Computer Forensics Institute in Hoover, Ala. In an interview Monday, Timothy Benitez, the Manchester resident agent in charge at the Secret Service, said he hopes to draw more police departments into that training.
“More and more locals need to take advantage of this,” he said. “But you know, it’s the time. People don’t have time.”