As governors around the country prepare to work with state CIOs and legislatures on funding for their IT priorities in the coming fiscal year, cybersecurity will likely be one of the few areas that receive significant state technology dollars, according to government IT industry experts.
They also predict that the shift to outsourcing and managed services is likely to continue this year, as state governments’ embrace cloud computing.
In its December report, the National Association of State Budget Officers stated, “In fiscal 2016, general fund expenditures are projected to increase by 4.1 percent, a slower rate of growth than the estimated 4.6 percent increase in fiscal 2015.”
However, Doug Robinson, executive director of the National Association of State Chief Information Officers (NASCIO), tells StateTech that “things have turned a little bit more negative in recent weeks” with recent stock market volatility, as well as the drop in oil prices, which could hit the budgets of oil-dependent states such as Alaska, North Dakota and Texas. He also points to unfunded pension liabilities as a potential crimp on state budgets this year.
“Take all of those things and it takes dollars away from [the] general pool” of funds available for priorities like IT investments, Robinson says.
But one area where state agencies may invest new funds in 2016 is cybersecurity, Robinson says. State agencies’ investments in cyberdefenses, he explains, are a form of “risk protection.” Additionally, increased cybersecurity funding could be considered an “economic development opportunity or jobs generator.”
“Projections for growth in this space are really high, and I think every state wants to get a piece of that,” Robinson says. Indeed, President Barack Obama’s fiscal 2017 budget includes $19 billion for cybersecurity, a 35 percent increase from fiscal 2016. “States do not have an adequate level of funding for cybersecurity,” he observes, adding that the difference between federal and state cybersecurity funding is “dramatic.”
The issue is that, unlike when they sink dollars into physical infrastructure, governors, CIOs and other state IT officials often find it hard to demonstrate visible progress as a result of cybersecurity investments, Robinson says. “The consequences of not investing are clear,” though, — notably, data breaches in both the federal and state governments.
NASCIO named cybersecurity its top priority on its federal advocacy agenda for 2016. Security is also the main focus for city and county technology executives this year, according to a poll conducted by the Public Technology Institute (PTI).
And, at the highest state level, some governors have made it clear that they intend to make significant investments in cybersecurity personnel and infrastructure. “Since the start of my administration, improving Virginia’s state cybersecurity infrastructure has been a top priority,” Virginia Gov. Terry McAuliffe said last month in his State of the Commonwealth address. “This is one of the few areas where the federal government will be making a major investment in the coming years, and we have a chance to lead the way.”
In Iowa, Gov. Terry Branstad has tasked the top IT and emergency management agencies with developing a comprehensive strategy by July to defend the state from, and to respond to, cyberattacks.
Another trend is the shift to managed services. Alan Shark, the executive director and CEO of PTI, tells StateTech that outsourcing IT functions — as the city of San Diego and San Diego County have done — is one way for local governments to save money. They can also just outsource certain functions or move services to public cloud providers. Overall, these moves often lead to technology upgrades because of contractual commitments with third-party technology providers, Shark says.
“When you move to an [operating expense] situation where you are using other people’s equipment, which has all of the advantages and risks [of doing that], you are bound to keep paying,” he says. Otherwise, state and local governments may be tempted not to upgrade their IT systems until they face a critical situation.
“By moving to managed services, cloud services, now, suddenly, there is a budget obligation,” Shark explains, adding that it could be a shortcut to modernizing systems. “I think it’s a great strategy.”
According to the 2015 State CIO survey, conducted by NASCIO, CompTIA and Grant Thornton, 55 percent of state CIOs plan to outsource business applications through a Software-as-a-Service model in the next three years, and 26 percent plan to introduce a managed-services model.