For the Commonwealth of Massachusetts, an ongoing investment in cybersecurity is also an investment in economic recovery.
“Cybersecurity is really critical for our innovation economy,” said Mike Kennealy, Massachusetts’ housing and economic development secretary, in an RSA Conference panel session examining how the state is making cyber resources available to its 351 cities and towns, while also collaborating with the private industry.
“Generally, we are one of the top states for innovation – one of the top places for innovation anywhere in the world. In my account, we are the world's leading life sciences ecosystem, we're a global leader in software and advanced manufacturing and digital health and lots of exciting areas – and we are a leader in cybersecurity as well.”
Under the administration of Governor Charlie Baker, Massachusetts in September 2017 launched the MassCyberCenter as part of the greater Massachusetts Technology Collaborative, a public agency that supports business development in the tech and digital space. Among its programs is a monthly working group centered around cyber resiliency. And continuing to innovate and forge public-private collaboration in the field of cyber remains an important policy, Kennealy noted.
“Not only is this a strategy we have to make sure we employ across our municipalities to help them stay safe, we also think about this as an important part of the innovation economy as a sector we want to grow and maintain a leadership position. And it's also critical to our economic recovery,” he said.
Last year, Massachusetts rolled out a strategy called Partnerships for Recovery. One of its tenets was helping state resident find new work after unemployment numbers during COVID surged to over 17%. One of its initiatives, developed in collaboration with the state’s Executive Office of Labor and Workforce Development, is Mass Internet Connect, a program that launched in January 2021 and offers job seekers internet and connected device subsidies as well as digital literacy support programs.
“We need robust cybersecurity to make sure they have access to those tools, and it's going to be very important to people get back to work,” said Kennealy.
Meanwhile, the MassCyberCenter has also been trying to grow the local tech workforce in the cyber space while improving diversity, through training, working groups and mentorship opportunities, Kennealy explained.
“This is an exciting place to build a career. And if we get more people ready for those careers, and make sure the talent pipeline is as diverse as possible, such that those careers are open to really everybody in the Commonwealth that wants to embark on that, I think that's going to serve us well, both in terms of a cyber safety standpoint if you will, but also in terms of growing the society part of the innovation economy.”
Fellow panelist Stephanie Helm, director of the MassCyberCenter at the Mass Tech Collaborative, echoed Kennealy’s sentiments, emphasizing the importance of working with various industries on cyber innovation.
“I know that we often are invited to participate with health care organizations and financial technology organizations to help think about how cybersecurity can be better integrated to some of the efforts that they're making,” Helm noted. “And that's just going to continue.”
The session also featured the viewpoints of two additional cyber-focused state agencies: the Executive Office of Technology Services and Security (EOTSS), which offers digital services and productivity tools to state employees and local businesses, and the Executive Office of Public Safety and Security (EOPSS).
The EOTSS was created in 2017 with a focus on investing in the modernization of enterprise technology services and cybersecurity across the state’s executive branch, while also helping hundreds of municipalities through information and resource sharing, said panelist Curtis Wood, EOTSS secretary. “For the last several years we've really focused on several areas including certainly security operations, vulnerability management programs, threat monitoring, threat hunting,” as well as a security awareness program for employees – “all to strengthen our DNA our security fabric across the executive branch of government,” said Wood.
Meanwhile, through its Office of Grants and Research agency, EOPSS allocates federal funding toward efforts to bolster cyber programs in municipalities around the state. Using these funds, for example, “we've hired a cybersecurity director that goes out to the communities, that meets with some of these municipalities,” said Jeanne Benincasa Thorpe, EOPSS undersecretary. Also, “we've created a cyber incident coordination policy working with our partners over at EOTSS to help us understand what is needed, through our 13 agencies… if there's a cyber event. How do we help? How do we mitigate? How do we prepare for it?”
Additionally, EOPSS has started an academy for training state and local law enforcement on cybersecurity forensics and investigatory procedures, so state personnel can serve as a bench team to supplement federal efforts in the event of a large cyber event. “That's been very, very, very successful,” said Thorpe.