Massachusetts could be getting ready to open its wallet in a major way when it comes to IT modernization.
Last month, Massachusetts Gov. Charlie Baker filed legislation authorizing more than $1.1 billion in capital funding for public safety and IT investments, including for cybersecurity. More than half of the funding, $600 million, would be put toward the state’s technology infrastructure needs, IT security and improving services for residents.
“It is critically important that the Commonwealth make these capital investments to strengthen defenses against cyber threats and continue modernizing and securing our digital assets,” Baker said in a statement. “This bill will also help us to partner with local agencies and provide additional capital support to better serve the residents of Massachusetts.”
Funding for Digital Services, Cybersecurity to Get a Boost
The state’s Executive Office of Technology Services and Security, which Baker elevated to the cabinet level in 2017, is prioritizing capital IT projects that are reliable over the long term and deliver maximum return on investment, according to Baker’s office.
The funding in the proposed bill would increase the state’s cybersecurity, “advance strategic IT initiatives, modernize digital and telecommunications infrastructure and improve the user experience” for a wide range of services.
Specifically, the bill calls for $195 million in funding to improve resident services, including in the areas of “healthcare, housing, education, employment assistance, public safety and emergency management, transportation and the environment.”
Another $165 million would be earmarked for “strategic initiatives related to the efficiency of state IT resources,” including new human resources, financial and background check systems.
Baker also wants $135 million for upgrades to cybersecurity for the state’s digital assets, including a new Security Operations Center. SOCs are the facilities where agency websites, applications, databases, data centers and servers, networks, desktops and other endpoints are monitored, assessed and defended.
The cybersecurity funding would also cover vulnerability testing of state IT infrastructure and statewide IT systems, as well as improvements to access security for state systems, according to the release.
And the bill calls for $105 million to be spent on the modernization of Massachusetts’ digital and telecommunications infrastructure.
“[The goal is to be] really comfortable with our security infrastructure,” he said, according to the website My Tech Decisions. “One of the things that happens when you don’t have a center of gravity with respect to how you think about technology is that there’s a lot of people out there doing a lot of their own things. What they buy, what their security protocols are, and all the rest. It creates a really interesting-looking house with a lot of doors and windows.”
Massachusetts is focused on setting one set of security standards for how the state purchases and manages technology. Massachusetts CIO Curtis Wood said last week at the NASCIO Midyear 2019 conference in National Harbor, Md., that the state plans to release a comprehensive cybersecurity roadmap sometime this summer.
Baker also said that if the state is “doing really big projects, they have to be run centrally, and we need people that know how to run big projects running those. You can’t do those as one-offs at the agency level with a couple people that have four other jobs.”
The state also must think more holistically about applications and look to streamline them where possible, Baker said. “There are a lot of case management software packages operating in state government, and there probably needs to be more than one, but I bet there needs to be less than 50,” he said. “The opportunities to think more enterprisewide about how to use technology generally is a new idea, and I think, over the long run, will give us much better insights.”