MA Executive Order Confronts Increasing Cybersecurity Threats

December 21, 2022 - Massachusetts Governor Charlie Baker has signed an executive order aiming to protect infrastructure organizations from the overall increase in cybersecurity threats.

Led by the Secretary of the Executive Office of Technology Services and Security (EOTSS), the newly established Massachusetts Cyber Incident Response Team (MA-CIRT) is intended to help organizations prepare, respond, mitigate, and recover from cyberattacks and vulnerabilities.

“State governments and other organizations across the country are increasingly being targeted by bad actors aiming to disrupt operations and compromise information systems,” Governor Baker said in a press release. “This executive order will further strengthen the Commonwealth’s policies, procedures, and resources required to prevent potential threats and appropriately respond to attacks on government infrastructure and services.

“As state governments expand their digital footprints, moving more services online and allowing for a more connected workforce, it’s critical that we make the necessary investments to protect this critical technology infrastructure from acts of terrorism and criminal, organized crime and gang activity,” the governor continued.

A 2021 Accenture survey of over 4,700 infrastructure executives discovered that cyberattacks per company had increased by 31 percent. Additionally, 80 percent of respondents said that staying ahead of hackers is a constant battle and incurs unsustainable costs.

This increase in cyberattacks poses an additional threat to healthcare organizations that must ensure patient safety.

“Cybersecurity attacks threaten Commonwealth technology networks and the continuity of essential government services we provide to the constituents we serve,” said Lt. Governor Karyn Polito. “With the establishment of MA-CIRT, the Baker-Polito Administration continues to invest and prioritize the delivery of effective and reliable government services to the people of the Commonwealth.”

The MA-CIRT will bring together cybersecurity and public safety throughout the state to bolster cybersecurity enhancement efforts.

Primarily, the executive order highlights the need for preparing for and organizing a coordinated response, mitigation, and recovery effort.

Additionally, the order will create cybersecurity policies to manage the outcome of cyberattacks for state agencies and executive departments such as the Massachusetts Department of Public Health.

EOTSS and MA-CIRT will also consult with the Massachusetts Cyber Center and assist the Center in adopting cybersecurity resiliency through communications, collaboration, and outreach to state agencies, municipalities, educational institutions, and industry partners.

Lastly, the response team will strongly encourage other governmental entities not served by EOTSS to disclose cybersecurity threats or incidents to the Commonwealth Security Operations Center.

Although this move might not impact the healthcare industry directly, it signals that the government is further prioritizing critical infrastructure security.

“I know the importance that leadership buy-in plays in swift, organized and effective response to an external threat,” said Secretary of Technology Services and Security Curt Wood. 

“The Baker-Polito Administration is once again leading from the front on government cybersecurity, and I thank Governor Baker, Lt. Governor Polito and my fellow leaders in cybersecurity and public safety for their partnership on the issuance of this critical executive order that will serve the Commonwealth for years to come.”

This move follows Biden Administration’s recent increased investments in cybersecurity across critical infrastructure.

The budget will support the Cybersecurity and Infrastructure Security Agency (CISA) with $2.5 billion to “maintain critical cybersecurity capabilities.”

In addition, the proposal emphasized the importance of IT infrastructure by funneling billions into IT modernization and growing the IT and cybersecurity workforce.

“Dedicated base funding for a cybersecurity program will allow for FDA to hire additional staff to recruit and develop greater cyber expertise within the devices program, as well as administer grants and contracts to develop infrastructure geared towards addressing emerging cybersecurity challenges,” the proposal stated.