Create an effective strategy for handling cybersecurity incidents, minimize incident impacts, strengthen municipal defenses against future incidents, and understand your cybersecurity environment by engaging in cyber incident response planning.
Why Build a Cyber Incident Response Plan?
The National Cyber Incident Response Plan establishes that a cyber incident response plan “articulates the roles and responsibilities, capabilities, and coordinating structures that support how a municipality will respond to and recover from cyber incidents”. The MassCyberCenter recommends the best action a municipality can take to improve their cybersecurity resiliency is to develop a cyber incident response plan, because through the planning process cities and towns will:
- Prioritize the assets they need to protect;
- Build a cybersecurity team;
- Create processes to mitigate vulnerabilities; and
- Raise awareness internally about the importance of cybersecurity.
Get started with these materials
- Cyber Incident Response Planning Workshop Recording – July 2022
- Cyber Incident Response Planning Slides (PDF) – July 2022
- Cyber Incident Response Template – 2020 Workshops
- Cyber Incident Response Plan and Implementation Checklist – 2020 Workshops
- Cyber Incident Response Worksheet – 2020 Workshops
- Tabletop Exercise – 2020 Workshops
2020 Municipal Cyber Incident Response Plan Workshops
In 2019, the MassCyberCenter. in collaboration with the Cyber Resilient Massachusetts Working Group (CRMWG), developed the Municipal Cybersecurity Toolkit as a first step to help municipal leaders begin to understand the cybersecurity posture of their municipality and develop next steps for protecting municipal infrastructure against cyber threats.
The MassCyberCenter recognized the need to assist the Massachusetts’ 351 municipalities in building their cyber incident response plans; and in October 2019, Governor Baker announced funding for the MassCyberCenter to develop a series of statewide workshops to address that guidance and further strengthen regional collaboration around cybersecurity.
In 2020, the MassCyberCenter hired Robinson+Cole to develop a series of statewide workshops and provide municipalities with the tools to develop or review their cyber incident response plans. The series of 2, 2-hour workshops was conducted in collaboration with each of the five Homeland Security Regional Advisory Councils (Central, Metro Boston, Northeast, Southeast, and Western) and included attendees from municipality management, information security teams, and first responders.
Workshop 1 introduced the need for cyber incident response plans, provided self-assessment and planning guidance, and gave municipalities the tools and resources they need to create a cyber incident response plan.
Materials from Workshop 1:
- Workshop 1 Presentation
- Cyber Incident Response Template
- Cyber Incident Response Plan and Implementation Checklist
- Cyber Incident Response Worksheet
Workshop 2 pulled together the final details of the cyber incident response planning process, shared best cybersecurity practices for your municipality, and provided an opportunity for you to test your plan.
Third-Party Vendor Management Webinar
As a follow-up to Workshops 1 and 2, we hosted a webinar on Third-Party Vendor Management. The webinar presented how to identify high risk vendors, tips for monitoring and managing third-party vendors, and the practices municipalities can take when engaging and evaluating third-party vendors.
If you have any questions, contact us here.