Massachusetts Ciso Anthony O'Neill has been the highest cyber official of the state for almost three years and brought a background as a lawyer. Since new technologies such as artificial intelligence have developed quickly, the cyber threats that they represent also have. O'Neill and guide in all of Massachusetts are working hard to keep the state cyber safe.
1. How does your legal background help you in your role?
Legal training gave me the ability to look at every problem from the perspective of research. Research and analysis are some of the greatest skills that you get from the legal faculty and practice. These skills have made it possible for me to understand and understand me deeply in the understanding of the regulatory environment for different data classifications, according to which federal and state regulatory authorities or examination agencies are looking for.
As antitrust law, I also understand the nuances of the seller community. We rely on our security partners so strongly and have a robust risk program from third -party providers. It was inspired by my legal background.
2. How does Massachusetts reduce its well -known usable weaknesses?
A little more than a year and a half ago, we focused on investing our time, resources and people in what I bend as a curve of the weaknesses – especially critical and high weaknesses that represent the greatest threats to the applications and the infrastructure we have managed. The governor's cabinet and all cabinet secretaries increase their news about how important it is for their technology teams to work with our office. We could really formulate an organized approach to reducing critical weaknesses in the entire company.
Our secretary [of the Executive Office of Technology Services and Security] And Cio Jason Snyder really gave the sound at the top. We have followed an entire state approach in which we also included the legislative and judiciary. Afterwards we created a CISO council that was populated by risk and security-oriented experts in the landscape of the state government and quasi-government agencies. We wanted to open the door to get so many people who bring this work together to think through it, talk about it and promote our strategy to reduce risks and critical weaknesses.
3. Do you work with local and district governments?
What we did with our CISO Council in the entire executive department, we also did a region with a body that we call the City Councilor CISO Council. It combines all security and risk professions in our state at the local level and they meet on a fairly regular basis. We have also started to organize conferences every year – and possibly even twice two years, the municipalities in order to concentrate on success stories, threat information and in which we believe that proper cyber investments have to be made in the coming years. We also have the Mass cyber center, which focuses on the communities. This really made a difference and enables them to work more on where they should concentrate their time, dollars and resources. One of the new developments where we want to work through another organization called Cybertrust Massachusetts is a security center with which these municipal organizations can have access to recognition and reaction of the endpoints of around the clock, network discoveries, weakness ratings, software and asset inventories and more. The idea is to expand so well to take services with you that smaller organizations may not afford.
4. What new threats are states?
There are now more AI-capable threats. There is an internal risk, and these are employees who download any kind of AI tools without the tools being allowed for their use to deliver in this practice despite our best efforts, instructions and guidelines. There is a risk that government data is used or collected by these AI tools by third-party providers, which may not have been approved by the management of an organization.
The other AI-capable threats are on the external side. For threats, threat players are becoming increasingly easier to use Chatgpt and to develop a kind of campaign that contains a gradual roadmap, what to do to try to exploit a sacrificial organization. This information gets into the hands of the wrong people and it becomes more accessible. And then we will surely see around the corner of how Quantum Computing Cyber Security Dangers can escalate.
This story originally appeared in spring 2025 edition of Government technology Magazine. Click here to display the full problem online.