Top executives of the National Association of State Chief Information Officers (NASCIO) and CompTIA’s Public Technology Institute (PTI) briefed state and local government officials on July 28 about the latest trends in security, funding, and technology.
Recognizing the anomaly of their longevity as heads of their respective associations for the last 17 years, Doug Robinson, executive director of NASCIO, and Alan Shark, executive director of PTI, delivered the latest chapter in what has become a long-running and much-anticipated briefing for the SLG community. Two years ago, the briefing sessions moved to twice per year, one at the beginning of each year and then a mid-year talk.
Their presentation focused not only on the strategic and management trends that emerged over the last six months – including cybersecurity, mitigating risk, emerging technologies, and IT funding in the post-pandemic environment – but also an interesting summary of the duo’s rare opportunity to testify last month before the U.S. House of Representative’s Subcommittee on Government Operations.
Both NASCIO and PTI membership annual surveys are also in full swing, and both executive directors provided glimpses on major findings.
Unsurprisingly, cybersecurity continues to be the top issue for states. “The number one item on the state CIO priority list for eight consecutive years has been cybersecurity and risk management, and that continues today,” said Robinson. He also pointed out some new items on state officials’ minds including software and supply chain compromises, and especially the continued lack of IT funding, or investment commensurate with risk.
The last point on funding was raised at the June congressional hearing as well. “They’re interested because we have several bills that have been introduced over the last couple of sessions of Congress around funding for state and local IT. One of those – the State and Local Cyber Improvement Act –
is a $500 million grant program to support state and local government cyber improvement that has now been added into a larger infrastructure bill. “So, we’re going to monitor that closely,” Robinson pledged.
The House subcommittee was most interested in challenges that states have had with identity verification, and the dramatic amount of fraud that has been perpetrated on state benefit programs particularly unemployment insurance.
“UI has been the poster child for the amount of fraudulent activity, and there are wild estimates out there from a low number from the U.S. Department of Labor at 10 percent of the $800-plus billion paid out, while some have said it’s as high as $200 billion,” said Robinson. In fact, the subcommittee’s ranking member threw out a $400 billion figure – which was politely ignored by our intrepid duo.
Robinson was quick to point out to the subcommittee that while legacy UI IT applications were admittedly overwhelmed by the pandemic related surge in UI applicants, another leading aspect of the fraud was UI program integrity itself.
As he explained, “So much of that had to do with the relaxation of standard business rules and controls that were put in place. Many of the unemployment commissioners and secretaries of Labor in the states were under tremendous political pressure to get these dollars out the door, and so they relaxed their normal programmatic rules including things like the 10-day wait period, or verification of employment and things like that.” Thus, he concluded, it was not an IT failure alone that caused the record amount of fraud.
Robinson predicted that the fraud issue, and the whole area of identity authentication, will not be going away, and are receiving significant attention not only from Congress, but state legislatures as well.
From a cybersecurity perspective, there’s been an increased emphasis on the whole-of-state model. That model brings in all the different constituents – not only within the executive branch of emergency management, National Guard and state police – but also local governments and utilities, the healthcare sector and many others. “It’s a broader constituency recognizing that cybersecurity is a business risk for the continuity of government, it’s not an information technology issue alone,” Robinson said.
The NASCIO chief highlighted other aspects of the organization’s recent survey data showing that digital services rank just behind cybersecurity on the list of top issues.
Digital government shortcomings were clearly exposed during the pandemic, he explained. “It’s always been a high priority of the state CIOs, but I’m seeing a much higher priority now for the citizen experience,” he said. “Identity and access management and a streamlined citizen experience, that’s by far and away the number one area that they intend to focus on for improvement. And, not surprisingly, continued expansion and sustaining remote work,” Robinson said.
He admitted that to a great extent over the years states have been kicking the proverbial can down the road on modernizing many of these major platforms. “They didn’t quite frankly have the compelling business case to make those investments of $30 and $40 and $50 million to make those enhancements, and it’s difficult to get that funding support from the budget office, or from the state legislature,” Robinson said. Rather, he explained, it took a pandemic and an overwhelming media and public outcry to force the issue.
Broadband is also a priority among the states, he said. “It‘s not a surprise especially because of Federal funding. Broadband expansion, adoption, affordability, digital inclusion, digital literacy, all those things are being talked about by the state CIOs,” Robinson said.
PTI’s Shark chimed in with the local government perspective, telling Robinson, “Our survey, which comes out every year, [and covers] city and county CIO technological priorities, basically looks at things as you do, to see if there are questions that we should ask.”
Not surprisingly the number one issue for locals for the last nine years matches NASCIO’s survey results and identifies cybersecurity/data loss prevention as the top priority. That group of issues is followed by launching or updating digital services for citizens, innovation, and then modernizing outdated IT systems.
Perhaps the most interesting observation from Shark reflected his reaction to the congressional hearing in June. “My takeaway from the hearing was, I was grateful. This was one of the first times that I saw a hearing like that which put local and state governments together in an equal fashion,” he said.