Driven by the costly burden of maintaining outdated systems that are increasingly vulnerable to cyberattacks, as well as rising citizen expectations of online services, states are finding new ways to achieve modernization, even with limited budgets.
Louisiana, for instance, recently consolidated all IT departments across its 162 branch agencies under one roof — not only consolidating leadership and oversight, but upgrading its systems, which has saved the state more than $70 million in three years. Meanwhile, Hawaii has modified its internal approach to IT, switching to more commercial off-the-shelf products. It has also worked closely with partners like LinkedIn to attract IT talent capable of pursuing long-term IT goals.
Streamlining IT provides an opportunity to rethink business processes, eliminating redundant ones and enabling new capabilities while achieving operational efficiencies. In many states, IT officials are making cybersecurity a cornerstone of these modernization efforts.
States Pursue Modernization with an Eye on Cyber
Oregon is in the vanguard of states dealing with the risk posed by legacy systems: Some of its systems are 15 to 20 years old and costly to maintain. These legacy systems can be a cybersecurity risk, as they are difficult to patch and can often become targets for hackers.
Recent audits uncovered Oregon’s vulnerabilities, so the state’s governor, Kate Brown, signed an executive order, which is now a law, designed to centralize IT security to avoid the risks inherent in aging IT infrastructure and antiquated legacy information systems that are vulnerable to cyberattack.
“It’s ultimately about trust and raising the maturity of IT governance and security,” says Travis Miller, policy and communications strategist for the Oregon state government.
Massachusetts is also modernizing with an eye on cyber. It recently announced the creation of the Executive Office of Technology Services and Security in order to “… improve cybersecurity and better serve our constituents,” according to a press release.
“The rate and pace of change have forced all large organizations to rethink their digital service approach from a security, service, and structure perspective,” says EOTSS Secretary Mark Nunnelly in the release. “This reorganization will help equip the many talented IT professionals across the State with the right structure, tools, and platform to secure our information and provide better service to our constituents. We look forward to working with leaders from across the executive branch in making progress against these imperatives.”
Meanwhile, New Jersey’s statewide overhaul, the New Jersey Cybersecurity and Communications Integration Cell, puts security front and center.
While modernization comes with a high price tag, the savings, driven by eliminating silos and redundant systems, can be impressive. New Jersey’s $10 million investment over the past year resulted in millions of dollars in efficiency savings, as well as improved cyberdefense and reduced risk.
“Secure and efficient IT operations are of little value if they are not reliable, which is why we are engaging in multi-year projects to boost the dependability of the state’s network and hosting environment,” New Jersey Governor Chris Christie says in a statement.
Sourcing Cybersecurity Talent for Next-Generation Threats
But as many local governments move to upgrade their systems to improve government operations and resident experience, the systems themselves are becoming more complex. Hardware and software systems vary from agency to agency, making it difficult to get a holistic view across all IT systems. Moreover, the move toward efficient shared services and new paradigms such as cloud, Internet of Things and virtualization only increase the complexity.
With multiple platforms and solutions, finding and retaining skilled workers to patch and maintain these systems is a continuous problem for state and local government interviewees.
“We are in, I daresay, a crisis as it relates to human capital in the public sector to meet the cybersecurity challenges that we face. And the challenges are growing, both the threats and the vulnerabilities,” New Jersey CTO Dave Weinstein tells StateTech. With the aim to mitigate this issue, the state has put in place “mechanisms for sourcing human capital from elsewhere in the state.”
To help build a robust IT talent ecosystem, many states, such as Nevada, Indiana and Washington, D.C., are establishing training courses and internships for high school and college students that can train the future workforce in much-needed cybersecurity skill sets.
“We … are working diligently, looking at our internship programs in the state,” Nevada CIO Shanna Rahming tells StateTech. “Bringing students in from the local universities and community colleges and having them work in the state, and not only teaching them [cybersecurity] skills but truly learning from them.”