Wellesley strengthening its cybersecurity

November 30, 2022 by Bob Brown Leave a Comment

Following a recommendation from the town’s Audit Committee, Wellesley underwent a review and risk assessment of its data security protocols this past spring and summer in an effort to better protect its digital assets.

Town of Wellesley IT Director Brian DuPont recently summarized key findings and recommendations from the cybersecurity assessment with the Select Board (see Wellesley Media recording of the Nov. 7 Board meeting at about the 35-minute mark), and replied to our follow-up questions. The assessment, funded by a $50K authorization from Town Meeting, was conducted in partnership with a tech consultancy and integrator called GreenPages. The presentation gave me flashbacks to my days as a reporter and editor for Network World fighting the good fight vs. tech acronyms and jargon.

“While the IT department has routinely internally evaluated our security posture for many years, we welcomed this opportunity to take a closer look at our systems because (A), COVID radically changed our operating environment overnight and (B), the threat landscape has changed so dramatically over the last several years as well,” DuPont told the Board.

The 8-phase assessment examined everything from vulnerability testing to data retention and remote access security to social engineering (bad people trying to trick town employees into allowing unapproved access). Technical reports and a summary delivered by GreenPages for now are being closely guarded under public records law to keep the town’s IT systems safe.

(Note: This assessment focused on the town’s core data network for business and financial operations, not those of Wellesley Public Schools, the Police Department, or the library. )

The town rated well in some areas and could use improvement in others. Its perimeter defense—firewalls for blocking unauthorized access from outside and web filters to prevent employees from inadvertently clicking on potentially malicious URLs from inside—is strong.

However, Wellesley could stand to formalize its risk and vulnerability management approach, which has been over-reliant on its institutional knowledge at a time when even the most expert IT professionals can’t be expected to stay up on all the new threats. DuPont cites the Mass Cyber Center, regional conferences and events such as Massachusetts Digital Government Summit and the Massachusetts Municipal Association Annual Meeting, and regular email conversations with counterparts in other communities as ways in which he stays current.

“A more sustainable approach to security requires an appropriate skill set either in-house or outsourced to deal with continuously changing threats,” DuPont said. The town already conducts regular phishing training and distributes cybersecurity reminders, but additional training will be needed when bringing staff on board and on a continuous basis, while IT security policies need to be better documented for current and future staff.

Maintaining certain standards is needed to qualify for and maintain cybersecurity liability insurance. To date, Wellesley’s hasn’t had to file a cybersecurity-related claim, DuPont said.

Wellesley also seeks to shore up its endpoint security, that is, safeguarding devices its employees use to protect against threats such as ransomware, where criminals seek compensation for allowing a target back into its own systems and files. This involves a combination of technologies, including threat monitoring services. (Wellesley suffered a ransomware attack in 2016, but thanks to good backup and other protocols did not pay ransom and was able to restore encrypted files.)

The town plans to boost its adoption of multi-factor authentication, which you may be familiar with as a requirement for something you know (like a password) and have (like a smartphone) before allowing access. Wellesley’s employees largely went remote during the pandemic, and their systems are protected using multi-factor authentication, but there are some challenges to address involving individuals uncomfortable with using personal devices to authenticate themselves.

Helping to make sure all of the above happens, the town is looking to fill a new cybersecurity administrator position, which replaces a long-vacant systems administrator position. The market for such talent is competitive.

The biggest immediate challenge for the IT department is its temporary relocation of the server room during the Town Hall’s interior renovation.

“I’m going to be perfectly honest with you here—we are going to be hard pressed to tackle any sort of larger scale initiatives here until probably at least the spring,” DuPont told the Select Board, terming the server room relocation as “the single most impactful project” in the department’s history.

None of this is going to be cheap. “The budget impact of these recommendations is significant,” DuPont told the Board. The IT department has a fiscal year ’23 operating budget of about $1.3M and the prospect of a new managed detection and response service that goes for some $50K a year, plus other rising software and service costs, is going to present new financial challenges in upcoming budgets. This holds true despite the existence of grant funding that should be available to cover at least some initial expenses.

The FY ’23 operating budget included a $41K line item for cybersecurity. Breaking the cost out is designed to help the town gauge its cybersecurity spending versus that of other organizations.

DuPont is a member of a state planning committee exploring development of a statewide cybersecurity plan and figuring out how some $3.2M in cybersecurity funds coming from the federal Infrastructure Investment and Jobs Act will be spent. So that should keep him very much in the loop about new grant opportunities as they arise.

Subscribe to Swellesley’s daily email
Please send tips, photos, ideas to theswellesleyreport@gmail.com

Town of Wellesley IT director hikes his way into White Mountains 4K-footer club

March 13, 2022 by Bob Brown Leave a Comment

Brian DuPont has handled many a challenge as information technology director for the Town of Wellesley, from enabling online Town Meeting to supporting an increasingly remote work force. That kind of job requires getting away from it all at times, and for DuPont this often means heading to the White Mountains.

Over the past 5 years, DuPont has bagged all 48 4,000-foot peaks in New Hampshire’s White Mountain range, qualifying him for the Appalachian Mountain Club (AMC) Four Thousand Footer Club. He finished in October, and recently submitted his application to the club.

In his application, DuPont wrote: “My White Mountain journey began in September of 2017, when a group of 3 friends took to the trails to remember and honor the life of another who left us too soon. With overly heavy packs, we left the parking lot at the Lincoln Woods Trailhead to start a Pemi Loop. Several hours later, with cramping legs and sore shoulders, we bailed on our original plans and hiked down the Liberty Springs Trail for a 6-mile road walk back to Lincoln! Thankfully, we salvaged the weekend the next day with a loop of the North and South Hancock summits.”

Hiking all of the 4,000-footers in New Hampshire wasn’t something that crossed DuPont’s mind at that time. “Forty-eight seems like a really big number at the start, but somewhere along the way you realize that completing the list is achievable,” he wrote to the club.

I asked DuPont if one attraction of the mountains is getting away from technology.

“Hiking is definitely an escape from the office,” according to DuPont. “That said, technology is starting to creep into the mountains, most notably for navigation purposes. Cell phones and online mapping apps (e.g. AllTrails, Gaia, Guthook) are common nowadays. But any good technology professional would tell you that it’s always good to have a backup plan, and these apps are no substitute for a good old-fashioned map and compass!”

While duplicating DuPont’s feat might seem daunting, he insists that anyone can do it. DuPont did many of his hikes with friend Daniel Elliott and was glad they were able to hike DuPont’s 48th summit—Wildcat D—with their sons.

Brian DuPont Wildcat D — Brian DuPont near the finish at Wildcat D with his son

DuPont’s advice to others: “Start by getting yourself a good guidebook like the AMC’s White Mountain Guide, or my personal favorite, the 4000-Footers of the White Mountains. Understand the risks posed by each route and know your own capacity for dealing with changing conditions. Start with a smaller peak and shorter route, like Mount Tecumseh or Mount Jackson, before tackling the Northern Presidentials.”

Referring to himself as a geographer by trade, DuPont says reaching a summit or viewpoint drives him on his hikes. “I love that feeling of standing on the world’s biggest topographical map and pointing out neighboring peaks and other faraway places. It’s that same feeling that drives me to the window seat every time I board an airplane,” he says.

Now that DuPont has knocked off all the 4,000 footers in New Hampshire, he’s not done. “I can’t wait to get back up into the White Mountains again… to help my friends finish their lists… to spend more time with the next generation of hikers… or to simply get away and gain some new perspective,” he wrote in his club application.

Someday he’d like to say that he’s hiked every mountain on the New England 4K list.

When DuPont does head back out to the Whites one way to recognize him will be by the 4K footer patches, which he plans to sew onto his hiking packs.

Please send tips, photos, ideas to theswellesleyreport@gmail.com

Wellesley MLP completes AT&T small cell antenna installation; T-Mobile up next

January 22, 2022 by admin 17 Comments

Special to The Swellesley Report from resident Cimarron Buser

This article was updated on Feb. 2, 2022 to reflect clarifications from AT&T.

The Wellesley Municipal Light Plant (WMLP) has completed its installation of AT&T’s antennas that boost coverage and provide 5G data service. The mounting of the small cell antennas began in June 2020, when the WMLP announced that boxes would be affixed to telephone poles around town.

In the end, there were 41 AT&T nodes installed. Based on the map provided by the WMLP, 36% of the boxes have been installed on or adjacent to Worcester St. (Route 9) or Washington St. (Route 16), and the remainder in neighborhoods.

Wellesley Municipal Light Plant Map of 41 AT&T Nodes and 35 T-Mobile nodes (10/28/21)

Don Newell, Director of the Municipal Light Plant, stated that the AT&T project was now completed. According to current plans, the MLP will be installing 35 small cell antenna attachments for T-Mobile over the next five months.

Newell added, “WMLP and T-Mobile will be holding an informational webinar in February 2022. The staff are in the process of finalizing the locations and installation schedules.” There was no mention of Verizon, however, coverage maps from industry sources show Verizon with 4G coverage along major travel routes in Wellesley.

I first became aware of the installation near my house in Wellesley Hills when I found my AT&T phone coverage showing “5 bars”. This was a striking improvement over the weak reception I’ve had in the past. By using the Speedtest app I was able to obtain download speeds of 150 Mbps+ on an iPhone SE second generation, which showed “5GE” service. When I used an iPhone 12, it showed “5G” with a download speed of over 200 Mbps, and I suspect it would be much faster nearer the antenna. According to AT&T the current network is a “4G LTE”, even if the phone icons show otherwise.

MLP Article - iPhone 12 Speed Test — Download speed from AT&T 5G cellular data connection from inside a Wellesley home, as measured by Ookla Speedtest app

When I investigated why my service was so much improved, I found that one of the “small cell” antennas had been installed about 2/10 of a mile from my house, and that the family room was “line of sight” to the pole with the AT&T node. All of this to say that most people, unless they are directly in view of the new AT&T boxes, will not see 200 Mbps downloads. I tested this theory by walking the street, as there are two of the small cells about 0.5 miles from each other. In between the two poles, the download rate dropped to about 40 Mbps, which is still not bad.

Although some may have concerns about the cosmetics of the new cell arrays, several neighbors I spoke with seem to have no such worries. Most commented that the gray rectangular nodes are no worse than the existing cable and transformer boxes that already festoon the poles. One neighbor whose house had a new box installed directly in front of them said that they switched to AT&T from their previous provider when the installation was completed – and now have great coverage.

MLP Article - ATT Small cell antenna Hampshire Road — Small cell antenna installed on Hampshire Road, Wellesley Hills

While Wellesley is continuing down the 5G path, there is still controversy at the national level with the technology. Just this week, major airlines warned of “catastrophic disruption” to travel and shipping from 5G installations by Verizon and AT&T near airports. Verizon and AT&T had agreed to delay activating 5G using the newly acquired C-band spectrum twice: originally from December 5 and then pushed back again from a planned January 5 launch date until two weeks later. The delays were meant to give the industries, Federal Aviation Administration (FAA), FCC and White House more time to address concerns.

Time will tell if the 5G rollout will be slowed down due to these concerns, but at least in Wellesley we will have the benefit of better reception and faster speeds from AT&T, and soon T-Mobile.

What is 5G and when does it arrive in Wellesley?

According to industry sources, “5G is a 5th generation mobile network. It is a new global wireless standard that enables a new kind of network.” There are many variations of 5G technology, some of which use existing 4G LTE infrastructure.

In Wellesley, AT&T’s small cell antenna installation is based on 4G LTE technology.

When asked about why some phones in Wellesley may show “5G” speeds an AT&T spokesman said: “The technology is 4G LTE currently, however 5G may display on devices due to overlapping coverage from nearby macro cells. The equipment is 5G capable which can be enabled in the future. And additional radio frequency equipment can be added for more speed, whether 4G or 5G.”

We’ll keep a close eye out to see if things speed up even more!

Cimarron Buser is a longtime resident of Wellesley, and is founder and CEO of TASBIA, an association for the appointment scheduling industry.

Private school listings in Wellesley (and beyond)

December 31, 2021 by admin Leave a Comment

Thanks to iCode, Wellesley’s premier comprehensive K-12 programs in computer science, for sponsoring The Swellesley Report’s Private Schools page.

iCode’s STEAM programs offer kids the opportunity to build soft skills and strengthen their academic skills, with options that fit their lifestyle and schedule. iCode’s dynamic, proprietary curriculum is designed to span disciplines: science, technology, engineering, arts, and math literacy are embedded throughout classes as kids learn skills that prepare them for school and beyond. Virtual and onsite classes available. REGISTER HERE.

Contact Deborah for more info on inclusion of your private school (grades K and up) located in Wellesley or elsewhere, or for advertising on Swellesley. Parents and guardians: Please let private schools know that you found them here, if you did…thanks.

Wellesley Temporary Main Library’s last day coming up

September 22, 2021 by Deborah Brown Leave a Comment

Wellesley Library, temporary location — Temporary Main Library, 50 Central St.

The Temporary Main Library at 50 Central Street will be open for its last day on Monday, September 27, 9am-8pm. Patrons can still access materials and pick up their holds at the Hills and Fells Branches. When placing holds online, select Hills or Fells as the pick-up location. Patrons will receive notifications when materials are ready to pick up. Both the Hills and Fells Branches will remain open and operating full hours (see below). In addition, those hours will be expanded as of October 3rd.

The Main Library is anticipated to reopen in late October.

Closed since April for a $2.8+ million renovation, the Main Library’s reopening date was planned for September, but slowdowns due to supply chain issues bumped that anticipated opening by several weeks.

When the Main Library’s 1k daily visitors are welcomed back into the building they can expect to see an expanded lobby area with more room for books, popular materials, and browsing; a larger and more open children’s area that will encourage learning through play; a commons area on the first floor for patrons to meet up in a casual atmosphere; a second floor area with more tables and soft seating, as well as 7 new meeting rooms and spaces for quiet study. A new roof caps off the improvements for the 17-year old library, which has the 7th highest public library circulation numbers in the state.

Wellesley Free Library redesign sounds nice

WELLESLEY LIBRARIES—LOCATIONS & HOURS

[Read more…]

Webinar hopes to inspire Wellesley residents to ditch gas-powered tools

June 16, 2021 by Deborah Brown 1 Comment

Sustainable Wellesley has partnered with the Electrify Coalition to present a webinar on electric outdoor power tools on June 23, 3pm-4pm. Experts in the in outdoor maintenance industry will be on hand to discuss the environmental advantages of transitioning away from gas-powered tools.

Agenda items:

How much air pollution and toxic solid waste is produced by gas powered tools
Why the noise and emissions from these tools is not just a nuisance
How battery-powered tools deliver performance and productivity that rivals gas
The advantages of electric: low operation and maintenance costs, ease of operation
Tips for homeowners wanting to make the switch
The transition happening in the commercial landscape maintenance industry
How cities, schools and communities can electrify their fleets
The concept of certified Green Zones – fossil fuel free public outdoor spaces

Where does all that Wellesley saliva end up, anyway?

April 19, 2021 by admin Leave a Comment

Wellesley Hackathons coming up for ages 5 – 14+

April 13, 2021 by admin Leave a Comment

The Wellesley Education Foundation has partnered with two Wellesley coding companies—iCode and Code Ninjas—who are offering Hackathons for students to enjoy. Hacks are broken into age groups and themes and students can participate in one hack per company.

DATES OF HACKATHONS: April 24th & 25th

ADDITIONAL DATES: To set everyone up for success, workshops and office hours take place before the Hackathon, April 13th – 23rd.