Michael Leahy, Maryland Secretary of Information Technology, explains his approach to cybersecurity, the challenges of competing with the private sector for tech talent and how he’s handling privacy concerns.
Maryland Secretary of Information Technology Michael Leahy has been head of the state’s IT department since March 2017, first in an acting capacity and then permanently. In that time, he has established strong foundations for efficiency and interoperability across the enterprise. After consolidating agency IT and standardizing data governance and management, Leahy is now looking ahead to how to fine-tune the organization for both employees and the public.
Our principle concern goes to the questions that you have to answer by not knowing what you don’t know, so we’re looking at implementing tools on an enterprise basis that will give us a better picture of how folks are operating within the network and also finding ways to make sure our employees are more aware of the cyberconcerns out there. Fully half of the problems that people have with incidents and breaches are because their employees either succumb to a phishing attack or pick up a device and plug it into a USB port. A big piece of our concern goes to making certain the state workforce is aware of cyberhygiene and then making full use of the tools that we’ve brought in to protect our network.
We have a number of open positions, and because we’re in the D.C. area, it’s both a blessing and a curse. There is an immense amount of talent, but we have a hard time competing with the private sector and other parts of the state, federal and local governments in paying what those folks pay. A more fun challenge is there are lots of opportunities to make a difference and make our workforce and our work more customer-centric and citizen-centric.
The largest issue we’re going to have is the question of “Who owns the data?” I personally am sympathetic to the European model that data about a subject is the property of that subject. You get into all the arguments about is it really property, or just an attribute. If it’s just an attribute, there can’t be questions of ownership, so I think the attempts underway in California and New Jersey are going to be the first to deal with these issues in the United States. I’d like to see us deal with that issue in a way that gives people more control of their data and how they interact with the government based on that data.
I’m a big believer in the experimentation of democracy, and having 50 models gives one the opportunity to innovate and address very real questions that people don’t think about until they become an issue for them. It would be much easier to have a federal law that gave everyone exactly the same standards and the road map for dealing with data and data protection. But I think it’s a bit early to move in that direction.
When anyone asks me about 5G, I ask them what they mean by 5G. There are so many different definitions and avenues for possibility. But here in the state, we’re looking at using 5G principally to move data faster without worrying so much about backhaul. That’s going to open opportunities for smart cities and for things being more available to the public simply because we have a faster path to get there. There are some advantages to 5G that will come to the forefront for serving rural populations, but we’re a few years away from that becoming mainstream because the principle efficiencies can be found in urbanized areas.