When a natural disaster strikes, state authorities swing into action to mitigate damage and clean up debris. But nationwide, officials increasingly recognize the importance of integrating IT agencies early in disaster response planning. Case in point: State CIOs, who manage a lot of critical data providing insights into citizens and infrastructure, have become more involved as resources for disaster response.
On May 21, the Federal Emergency Management Agency (FEMA) unveiled “a new requirement for greater involvement of state chief information officers and chief information security officers in the governance process. The program includes eight Department of Homeland Security grants totaling more than $1.6 billion,” says StateScoop.
To receive the 2018 State Homeland Security Program and Urban Area Security Initiative grants, recipients "must include" their CIOs and CISOs on their senior advisory committee and the Urban Area Working Group, which determine how federal homeland security funding is allocated within states and urban areas, Tom DiNanno, who administers FEMA’s grant programs, tells StateScoop.
State CIOs Actively Support Responses to Natural Disasters
The FEMA requirement makes a great deal of sense considering that state CIOs already are actively involved in disaster response. For example, Hawaii’s CIO office is responsible for ensuring communications during the state’s ongoing volcano disaster. Todd Nacapuy, Hawaii CIO, tells Government Technology that the Office of Enterprise Technology Services provides communication between state, federal, county and city agencies as the volcano’s fissures break open in unpredictable locations.
The importance of state CIO input into disaster response planning and execution was on display during the 2018 National Association of State Chief Information Officers (NASCIO) midyear conference, where the CIOs of the Virgin Islands and Puerto Rico shared lessons from their encounters with Hurricane Maria in 2017.
They emphasized the importance of ensuring vital systems and data could be protected or recovered from a disaster. Governments should back up data at a minimum of three locations and maintain a geospatial database of critical infrastructure ahead of disasters, the CIOs told the conference on April 24.
In some states like New Jersey, information technology and homeland security officials already work together to prepare for cybersecurity threats. New Jersey established the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), a fusion center that combines their disciplines, in 2016. The greater shift toward engaging CIOs in disaster response planning comes after their roles matured in disaster recovery, where they learned major lessons in continuity of operations planning in the wake of major disasters such as Hurricane Katrina in 2005 and Super Storm Sandy in 2012, StateTech reports.
Disaster Recovery Ranked a Top Concern of State and Local CIOs
Recent surveys of state and local CIOs place disaster recovery high on their list of priorities. The annual NASCIO survey of state CIOs’ Top 10 Technologies, Applications and Tools, released in November 2017, ranked “disaster recovery/business continuity” at No. 8.
Municipal CIOs also consider disaster recovery a top priority. At the end of last year, Hong Sae, CIO for the city of Roseville, Calif., asked fellow members of the Municipal Information Systems Association of California (MISAC) to rank their top five challenges and opportunities for 2018, according to Techwire. Disaster recovery and business continuity ranked No. 6 among the collective responses.
The findings of Sae’s poll were in line with the Center for Digital Government’s 2017 surveys of city and county CIOs’ priorities. “Disaster recovery/continuity of operations” was the fifth priority for municipal tech leaders, while county CIOs ranked it as the fourth most-pressing concern.
With state CIOs long aware of the importance of their participation in disaster recovery planning, officials also now recognize the need to involve them earlier, in response planning. In this way, everyone makes the best use of the data at the command of CIOs to minimize the consequences of disaster strikes.