This year, the National Association of State Chief Information Officers (NASCIO) celebrated its 50th year anniversary at its annual conference. There, GovLoop spoke with top state tech officials about the trends they’re focusing on in 2020. Here’s what the state CIOs had to say about their plans and priorities for the new year.
1. Identity and access management
States are focusing on creating more enhanced and sophisticated digital services for their constituents. But to do so, they need better identity and access management (IAM) programs to ensure proper data management, privacy and security.
For Tracy Doaks, Chief Deputy State CIO for the state of North Carolina, IAM is the number one priority for 2020.
In time-sensitive and high-risk situations, such as a wildfire or a school shooting, a 15-year-old identity authentication system is too bulky for public safety officials to quickly access.
“When you go into something like that once a year, you’re not going to remember your password, your five security questions, and those pictures that are really difficult to discern what a traffic light is,” Doaks said about clunky IAM processes.
To tackle the bulky identity authentication process, the state executed a successful pilot project that allowed public safety officials to have secure identity access in their back pockets. The digital wallet enables police officers to quickly open up and sign into, for example, a school safety app, so they can have timely access to floor plans and determine location if there is an active shooter on site.
With this success and others in hand, Doaks hopes to establish more secure and efficient IAM practices in the future.
“Decentralized identity would be wonderful, in allowing citizens and employees to hold onto their own identities,” Doaks said. “It really is a dream of mine.”
This year, there have been 140 cyberattacks to date targeting state and local governments and health care providers, according to Nancy Rainoseck, Chief Information Security Officer (CISO) for the state of Texas. Many municipalities — and some less well-funded states — are struggling to prevent and respond to these attacks. This is particularly true when it comes to ransomware, a malicious software that blocks access to victims’ systems or data, usually using encryption until a sum of money is paid.
Ransomware is especially a challenge for local governments, which are more vulnerable to attacks and have the most impact with constituents, Rainoseck said.
Local government security is thus one of the state’s top priorities for 2020.
“Right now, we don’t have any statutory authority or responsibility towards the locals,” Rainoseck said. “But with the rash of ransomware that’s been happening lately, it’s just something that’s very important to us.”
When 23 municipalities were hit with ransomware attacks in August, the state quickly responded in assistance. And the quick response was owed to good preparation.
With legislative support that allowed the state’s operation center to respond as it would to a natural disaster and a statewide cyber response plan established ahead of time, the state was prepared to respond to and address the attack in seven days’ time.
“We basically act as firefighters,” Rainoseck said. “We’ll put out your fire, we’ll board up your house, we’ll shore it up, but then we leave the rest for you to rebuild.”
3. Data centers
Here is a classic data center modernization trap: States need something new, but can’t afford it. States want to modernize and create more effective backups, but moving to the cloud costs a lot of money — money that some states don’t have.
This is the case for West Virginia, where investment in data centers hasn’t happened in years. When faced with major revenue difficulties, one of the first things that got cut was IT modernization.
“We knew we needed to fix it,” said Joshua Spence, Chief Technology Officer in West Virginia’s Office of Technology.
Infrastructure-as-a-service (IaaS), which is a flexible cloud computing model that allows users to buy computing, storage and other infrastructure resources as needed. That way, users can only spend on what they need and save on what they don’t.
However, a big concern with an outsourced, IT service model, Spence said, was that it can put the state in a position where their data center could get shut off if the bill isn’t paid.
But according to Spence, this may not necessarily be a bad thing.
“This could be good though because it would force the state to say on top of IT,” Spence said. In other words, IT would no longer be the first thing to get sidelined in a tightened budget. It would be a farewell to 20 to 30-year-old data systems.
With the right exit strategy in place, Spence is optimistic about this data modernization.
“It’s risky, but I am hopeful,” Spence said.
The workforce is retiring in record numbers, and states are scrambling to hire enough employees to assume new roles in cloud, cybersecurity and data. To fill them, some states have launched successful pilot programs that have begun to close the tech workforce gap.
Vermont, for example, has created a program to bring students from nearby Norwich University, a private military college. Students work in the state’s security operations center (SOC), which was an initiative started by the governor.
The program gives the students real work experience and gives the state an open pipeline for graduates to enter their workforce.
“We have a great dedicated staff,” said John Quinn, Vermont’s Secretary of Digital Services and CIO. “But we do have an aging workforce, and it has been challenging to find new people.”
Especially with a low unemployment rate, it has been difficult for the state to hire new employees. The internship program was a solution, and many of the interns have converted to full-time staff, Quinn said.
“I’m excited about the program,” he added. “Some of our best and brightest are newly graduated Norwich people.”
5. Data Management
Agencies are now collecting and storing more data than ever, but they are struggling to use that data to make insights and take action. They need better ways to clean, store and share data internally as well as with the public.
Indiana has been on the leading edge of using data analytics to combat the opioid epidemic, but it hasn’t stopped there. Recently, the Indiana Management Performance Hub (MPH) partnered with the Secretary for Career Connections and Talent to help county officials with workforce and economic development or improving the education and workforce pipelines.
The data these officials were utilizing came from multiple, disaggregate sources. So creating a unified, comprehensive data dashboard was transformative.
“Being able to interact with the data and look at other counties from a regional level has become extremely valuable for those organizations,” said Joshua Martin, Chief of Staff at MPH.
For 2020, improving data literacy statewide is a priority, Martin said. He is working with officials such as Indiana’s chief technology officer and a big data leader at one of the larger state agencies to create a high-level data strategy that can be used statewide.
“We’re figuring out how we can get a one-pager in different agency heads’ hands, that they can look at and understand easily why data is important and why we need to effectively manage it,” Martin said.