Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Tewksbury looks at cybersecurity | News | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

TEWKSBURY — The Town of Tewksbury has re­cently secured a grant to improve security for its operational technology sys­tems governing critical in­frastructure. As part of an ongoing initiative, the town has been reviewing and hardening its OT (operational technology) and IT (information technology systems), both for critical service delivery and to protect sensitive data.

OT involves the systems that manage the physical mechanicals that a company or a municipality might rely upon, whereas IT involves systems a com­pany or municipality uses to collect and store data such as customer information or financials.

According to Select Board Vice Chair James Mackey, the town will begin working with Dragos, a Mary­land-based cybersecurity company, to evaluate and then implement processes and technology to address any operational technology and industrial control systems vulnerabilities that may be detected.

“We can’t just rely on tools or products,” said Mackey, a cyber security specialist.

“The castle and moat model is no longer a guarantee,” Mackey said, ex­plaining that protecting the assets of the community requires training personnel, having processes in place, and then implementing technology to support the controls.

Control systems around water are the first areas that will be evaluated.

Like many municipalities, the town has been a victim of threat actors, including a ransomware attack on the police de­partment in December of 2014 and an email spear phishing scam in January of 2022. Procedures have been put in place by town management, but Tewks­bury is not alone in being victimized by this type of cybercrime.

The town has been ac­tively working to increase awareness of cybersecurity threats to municipalities, hosting a summit in late 2021 where a dozen local communities participated in a seminar about municipal cybersecurity. At the seminar, Mackey said the event was de­signed to introduce municipal senior management to some of the core concepts of cybersecurity, and recognize that while they are not expected to be subject matter experts, city and town management do need to be able to be conversant in cyber­threat mitigation and re­sponse.

Dragos will begin system evaluation to validate their understanding of Tewksbury’s infrastructure systems. According to Mackey, development of a cybersecurity program is a significant undertaking, and is a living process. Cybersecurity experts ag­ree that a security strategy needs to be nimble and always improving to stay ahead of threats.

Protecting systems in­volves people, processes, and technologies. Mackey said that threats are evolving all the time and are either financial, criminal, or those of a nation state. Mackey also said there are “hacktivists” — those seeking to make a point by hijacking a website and changing its message. Recent larger infrastructure breaches in the news underscore this point, such as the Colonial Pipeline shutdown in 2021 where hackers stopped the flow of oil in the United States’ largest pipeline.

Mackey hopes to leverage the National Guard’s IRT unit to bring additional cybersecurity reinforcement to the community. Mackey said that an en­gagement for 2023 is being formalized which will bring services at no cost to the community, and provide a training opportunity for the group. Further, Mackey envisions internships with students interested in cybersecurity as a field.

“I want students to know that cybersecurity is a vocational path that leads to good jobs and important work,” said Mackey.

(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); = id;
js.src = “//”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));


Click Here For The Original Source.

National Cyber Security