“I’d really like to make Massachusetts the leader in the IT accessibility space,” Snyder told Government Technology.
And when it comes to local government, “I want to make it a hallmark of this administration that we do work directly with the municipalities, that we have outreach, that we find out what their concerns are, and then we act on those concerns.”
Snyder, who replaced Curtis Wood after his retirement earlier this year, is already familiar with the workings of the Executive Office of Technology Services and Security (EOTSS) that he now helms. He’d previously served in the department as chief technology officer under former Gov. Deval Patrick. That’s helped him hit the ground running.
“My awareness of how IT works in the commonwealth has been amazingly helpful,” Snyder said.
Snyder now returns to state government after serving as Harvard University’s CTO. In both government and higher ed, building consensus across different groups is an essential part of decision-making, he said: “There’s the saying at Harvard that it’s the only place where 99 to 1 is a tie.”
Snyder also brings a nuts-and-bolts understanding of IT, thanks to his many years in CTO roles. This lets him dig into the details to inform strategy decisions.
“I am possibly too comfortable with technology,” he joked. “I do begin with trying to understand how things work … and then, from there, we can establish the strategy going forward.”
Snyder said he aims to make digital services intuitive for all users. Achieving this means considering both physical limitations like vision difficulties and lack of tech familiarity among some constituents.
One prong of the approach is giving vendors guidance about IT accessibility. Another involves modernizing off of less-accessible legacy systems and shifting services to the cloud.
Aging systems are also coming under focus as Massachusetts looks to revamp how it handles resident identity and access.
Giving constituents a single identity they can use across all digital government services, rather than having to use a different ID for each, will be a “foundational” piece of improving their experiences, Snyder said. Residents should find this simpler and more convenient. Plus, updating identity and access management gives the commonwealth an opportunity to boost security by introducing multifactor authentication (MFA) features.
This initiative will likely take more than a year to fully roll out. The commonwealth aims to first pilot it with applications that have older, less secure identity access approaches, Snyder said.
Snyder is also looking to improve efficiencies for state agencies, by seeing EOTSS take over provision of some core, common services like service desks and email systems. This would not be a full IT centralization: agencies would continue to handle their own data analysis and the mission-specific tools.
“Nobody wants to manage their own network. And yet today, we have many that do,” Snyder said. “By providing it in the center, we can provide stronger services, more secure services, more efficient services at less cost.”
Labor and workforce development and education departments previously underwent this consolidation, and this year Snyder looks to do the same for several large agencies: health and human services, transportation and energy and environmental affairs.
Transparency and strong collaborations will be necessary to make the process go smoothly and ensure it truly does remove, rather than add, complexity, he said.
As CIO, Snyder now heads the newly minted Massachusetts Cyber Incident Response Team (MA-CIRT), launched a month before his appointment. The CIRT is made up of members from state cybersecurity and public safety entities and was designed to support state agencies in preparing against, responding to and recovering from significant cyber threats.
The team met in person for the first time last week, Snyder said, and is working to divide up responsibilities, organize activities, build out the team and determine the scope of its efforts. Private, quasi private-public and municipal entities are interested in receiving the group’s help, too, but doing so takes some planning, because the CIRT would need to respond differently based on the nuances particular to each sector, Snyder said.
All the while, the team’s been actively responding to cyber incidents.
And CIRT isn’t the only opportunity for municipal governments to get state IT and cyber help, and Snyder said he aims to make municipal outreach a priority.
“When I met with Worcester last week, the comment was that this was the first time they’d ever been visited by any secretary,” Snyder said.
It isn’t possible to meet with all of the commonwealth’s 351 municipalities, Snyder said, with scheduling constraints posing a particular challenge. But he hopes to do more to connect. One goal: to “revitalize” the EOTSS municipal outreach team and see it directly contact and build relationships with local government.
The commonwealth offers other supports, too. In February, it provided free cybersecurity trainings to successful public school district and local government applicants through its Municipal Cybersecurity Awareness Grant Program. A Cybersecurity Health Check Program also gives local government and school districts free “basic cybersecurity services,” to help identify gaps and priorities. The Community Compact IT Grant Program, meanwhile, provides on-time funding for IT needs.
Massachusetts is also slated receive $3.1 million in FY2023 under the State and Local Cybersecurity Grant Program. The commonwealth is still determining exactly how to use the money, which will be delivered once it submits and receives approval on its cybersecurity plan.
The commonwealth also needs to develop its data privacy approach, with Snyder calling its maturity level “very low.” Privacy policies have traditionally varied agency by agency, creating challenges when there are shared systems or data.
The commonwealth established the chief privacy officer role in 2019, and Snyder said he is now working with the CPO to create formal standards and rules for how all agencies handle and protect resident and employee data. Once that’s been hammered out, they’ll work to ensure agency leaders are aware of the policies.
A stronger privacy approach also includes piloting privacy impact assessments, as well as building out the state’s privacy team. The general counsel serves as CPO and many staff who handle privacy have additional roles, too. Snyder said the commonwealth is now looking to hire more professionals with privacy-specific skill sets.
