Somerville City Council approves $137K IT security assessment for network infrastructure

The Somerville City Council convened on March 12, 2025, to address a comprehensive agenda focused on financial appropriations and IT security assessments. The meeting commenced with the establishment of a quorum, confirming the presence of several councilors, including Councilor Emba, Councilor Klingen, and Councilor Wilson, while noting that Councilor Scott would join shortly.

The first item on the agenda was the approval of minutes from the previous finance committee meeting held on February 25, 2025. The council agreed to lay the minutes on the table for a single vote at the end of the meeting.

Next, the council discussed a request from the mayor for an appropriation of $137,288 from the unreserved fund balance to the IT department. This funding is intended for an independent assessment of the city’s security and network infrastructure, as well as an organizational review of all IT groups within the city. Director David Goodrich from the IT department presented the proposal, emphasizing the importance of conducting such assessments periodically, especially given the evolving nature of cybersecurity threats.

Director Goodrich explained that the assessment would include a comprehensive evaluation of the city’s network and security systems, identifying vulnerabilities and inefficiencies that could impact performance and compliance with industry regulations. He noted that the last significant assessment occurred around 2013, making this initiative particularly timely.

Councilor Klingen inquired about the independence of the assessment, to which Director Goodrich confirmed that an outside vendor would conduct the review, ensuring an unbiased evaluation. The council discussed the necessity of such measures, especially in light of increasing cyber threats targeting municipal governments.

Further discussions included the implementation of security awareness training for city staff, aimed at reducing vulnerabilities associated with human error, particularly in recognizing phishing attempts. Director Goodrich highlighted the importance of ongoing education and training to enhance the city’s cybersecurity posture.

The council concluded this segment of the meeting by agreeing to recommend the appropriation for approval at the end of the session. The discussions underscored the city’s commitment to enhancing its IT infrastructure and security measures, reflecting a proactive approach to safeguarding municipal operations against potential cyber threats.

The meeting proceeded to the next agenda item, continuing the structured review of city matters.