EOTSS Annual Report 2022: A Look Ahead for EOTSS

The role of the state CIO across the country has grown exponentially in importance these past two years given the significance of technology and resilience in the COVID-19 pandemic response.  

Never has the CIO been more influential with agency business leadership in shaping strategies for remote employee collaboration and support, business process redesign, and constituent service delivery. Moreover, the reemphasis on ensuring the continuity of government operations is expediting IT modernization efforts and the move to digital solutions at a rapid pace. State agencies are increasingly looking to emerging technologies in automation, artificial intelligence, and Human Centered Design concepts to encourage operational resilience and improve the citizen government experience.

The Commonwealth is no exception. The new COVID-19 reality, coupled with the collaborative approach fostered by the EOTSS Secretary and MA CIO, has renewed interest in digital service delivery and reignited IT modernization efforts here at home.  

Most importantly, the open dialogue, enhanced information sharing, and focus on collaboration has proved invaluable in driving the buildout out of a true 24x7x365 enterprise Security Operations Center (SOC) and the rollout of a revamped Cyber Incident Response & Reporting framework for all agencies. EOTSS continues to work with our state agency security teams, public safety, homeland security and cybersecurity organizations within Massachusetts (as well as nationally) to foster readiness and preparedness for cyber threats.  

We continue to invest and build out our security technology framework and capacity with aligned vendor partners, and organizations such as the Mass Cyber Center, the Advanced Cyber Security Center, National Association of Chief Information Officers, and State Ramp. These strategic alliances provide the Commonwealth and EOTSS additional expertise and capacity, training and awareness, and all-important communications around cyber threat management.  

EOTSS will also continue to focus on providing cybersecurity awareness training for state and local government through grant programs and other funding opportunities.  Additionally, we are working with state, higher education and local leaders to build out a regional shared-security services model in which our cities and towns can opt in to receive standardized security operation services such as active network monitoring, threat detection and threat mitigation.  

Finally, EOTSS in partnership with EOPSS will seek state and local cybersecurity grant funds via the federal infrastructure bill. We expect this program to kick-off in the Summer of 2022.

Looking out over the next 12-24 months, EOTSS sees the following three potential obstacles to successful completion of priority IT and cybersecurity programs and projects across the enterprise:  

1. Increased cybersecurity threats to government entities and vendor partners  

2. Recruiting and retaining appropriately skilled employees and contractors 

3. Global supply chain delays  

Cybersecurity Threats  

COVID-19 amplified many of the IT and cybersecurity challenges facing all levels of government, including a dramatic increase in threats and scams as governments transition to an increasingly remote and hybrid workforce. Preparation for cyber threats is an ongoing and hyper-focused effort. It is critical for the Commonwealth to remain in a state of readiness and preparedness to best position itself to mitigate potential cyber threats and maintain continuity of government services for the customers and constituents we serve.   

Government and industry best practices indicate that our enterprise cybersecurity approach improves agility, effectiveness, and efficiencies of state governments by promoting collaboration and breaking down silos across enterprise-level and agency-specific programs. Unified security operations, incident response, and reporting across all agencies is a huge step in the right direction, and EOTSS will continue to evolve on the cybersecurity front to remain ever vigilant to emerging threats.   

Recruiting and Retention  

A strong labor market (particularly in technology), spurred by the ongoing economic recovery, may make it increasingly difficult for the Commonwealth to recruit and retain top talent in cybersecurity, IT, and digital services. IT recruitment and employee retention has long been a challenge for state governments across the country, and historically, states could not compete with private sector salaries, bonuses, and benefits in these areas. With the increased focus on technology and digital solutions to power our everyday tasks, coupled with evolution of the remote and hybrid workplace, recruiting and retention may prove even more difficult moving forward.   

Global Supply Chain Delays  

The pandemic exposed and exacerbated inherent issues within the global supply chain infrastructure that companies, consumers, and citizens rely on for everyday products and services. Most relevant to EOTSS is the global microprocessor and “chip” shortage. Like other states and countries around the world, the Commonwealth is finding significant delays in the delivery of IT hardware and other products dependent on microprocessors. As a result, agencies and their end users are experiencing significant delays in the delivery of new laptops, servers, and network infrastructure (to name a few areas). EOTSS expects these delays to continue through 2022 and into 2023, which could potentially delay completion of priority enterprise programs and projects in certain areas.  

The Commonwealth finds itself at a transformational moment as technology becomes ever-more integrated into the way agencies conduct business.  

Now is the time to leverage the COVID-19 acceleration towards digital-centric services and a more resilient state government as EOTSS continues to lead the charge in modernizing our state-owned IT systems and services, strengthening the Commonwealth’s cybersecurity posture, and improving the constituent digital-government experience. 

Looking to FY2023 and beyond, cybersecurity, resiliency & continuity mobility, and accessibility remain the four cornerstones of the EOTSS enterprise cybersecurity framework and Standard Operating Environment approach.

For the first time in its history, the Commonwealth will close in on unified security operations, vulnerability management, and incident response protocols. Hybrid-cloud and third-party hosting solutions will provide more resilient and accessible options for agencies, residents, and businesses. The deployment of a standard operating environment, with a consistent technology stack across all agencies, will promote agility and efficiency across the entire Executive Branch. And, core network and IT infrastructure upgrades will lead to uniform, scalable, and secure connectivity for all agencies. 

With the establishment of EOTSS in 2017 as the Commonwealth’s lead technology organization, the focus has been and will remain on ensuring that the enterprise technology and digital investments are appropriately planned for and in line with business and technology strategic drivers. Continuing engagement and direction by EOTSS to guide and influence technology decision making is a cornerstone of the organization’s success.  Through continued engagement, we will work with agencies to prioritize, prepare and deliver successful technology and digital solutions. 

The path to today’s success in IT modernization and digital transformation was not an easy one, and new obstacles will no doubt impede the road ahead. However, the Commonwealth has proven equal to the task at hand and is ready to face tomorrow’s challenges.