While Oklahoma’s legislature is considering a bill that would splinter the state’s IT operations, about 1,000 miles to the north along Tornado Alley, North Dakota is contemplating the opposite: more centralization and unification.
North Dakota’s legislature will decide this year on a budget proposal from Gov. Doug Burgum for the 2019-21 fiscal cycle that would boost the state’s IT budget, unify the state’s IT service and centralize its approach to cybersecurity. Under the proposal, the state would unify its cybersecurity efforts for nearly all of North Dakota’s public institutions.
The budget proposal includes $174 million for technology investments, spread among 24 IT projects supporting 19 agencies, which the proposal says, “will improve public safety, citizen-government interactions and voting integrity.”
North Dakota Would Unify IT Functions
North Dakota CIO Shawn Riley tells the Bismark Tribune that the IT proposals have three goals: lowering costs, improving cybersecurity and streamlining online services to deliver an “Amazon experience” for residents.
Riley’s department has led a unification project to group state websites on one platform that so far serves 26 state agencies and has saved than $500,000, according to the Tribune. “Unification helps us bring systems together, helps us inventory systems, helps us do work processes together — tons and tons of things that really are necessary from a strategy standpoint,” Riley said.
The proposal says the state must incorporate innovative technologies to better serve residents, and enhance citizen experience and government performance. Under the IT unification plan, Burgum’s budget blueprint recommends aligning 145 full-time employees from 17 cabinet agencies into one shared IT service, “while maintaining their physical presence within the agencies.” This will reduce redundancy and streamline operations through standardization, the proposal argues.
"If we measure all FTEs and requested changes together — and adopt at least some unification practices — I believe fully funding our cyber security needs is completely possible this legislative session," Rep. Corey Mock, who chaired the state's interim IT Committee, told the Tribune.
North Dakota Aims to Bolster Cybersecurity
Over a six-month period last year, North Dakota’s IT systems and networks experienced 34 million vulnerability attacks directed at software, 3.3 million denial of service attacks and 88 million spam or phishing emails.
Last September, Riley told a bipartisan group of state lawmakers that his agency would ask for more than $11 million in software upgrades and 37 additional cybersecurity experts in the next two-year budget.
The budget proposal actually requests $16.4 million for cybersecurity and funding to hire 17 new full-time cybersecurity employees, most of whom would focus on the state’s educational institutions, according to StateScoop.
The budget request notes that cyberthreats to the state’s financial assets and residents’ data are growing daily, and that “attempted disruptions from hacktivists, organized criminal activity like ransomware and persistent attacks from foreign nation-states are the new status quo for states, university systems and large municipalities.”
The budget blueprint says it is “nearly impossible and full of risk for the over 400 organizations that touch our statewide network to each separately be responsible for their own cybersecurity.”
“A lot of different entities from K–12 to higher ed, state, political subdivisions are all landing on the same network, so it's a pretty large attack surface,” North Dakota CISO Sean Wiese tells local TV station KFYRTV.
The budget proposal vows to “centralize our approach to cybersecurity to be more coordinated, intelligent and effective in managing identities and protecting data.” Only 22 percent of the states’ executive branch is managed under a central cybersecurity defense, but the changes would boost that figure to 78 percent.
An internal review in September showed the state's security ranks average at 1.2 out of 5, but if the budget request goes through, the IT department estimates that figure could jump to a 3.1, according to KFYRTV. “So, it is a pretty big leap. It does move us much further in the scale and gives us a much better protection across the state,” Riley tells KFYRTV.