StateTech Magazine - Technology Solutions That Drive Government en How Storage Can Help Stop Ransomware Attacks <p>Ransomware attacks have dominated the headlines for several years. Rising far beyond the level of nuisance, cyberattacks are now <a href="" target="_blank">identified by the World Economic Forum</a> as one of the top five economic risks we face, putting this hacker-driven activity at a risk level comparable to global warming. </p> <p>While these attacks target a variety of organizations, government entities face disproportionate risk. Cities and state agencies <a href="">across the country</a> have recently suffered costly major ransomware attacks. </p> <h2 id="toc_0">Anatomy of a Ransomware Attack</h2> <p><strong>Ransomware attacks tend to follow a familiar path</strong>: An unauthorized party encrypts an organization’s data assets, then demands that the victim pay a ransom — often in a hard-to-trace cryptocurrency such as bitcoin — to obtain the encryption key. The organization faces a dilemma: pay and get its data back or hold out and potentially lose it forever. There are many different types of ransomware, such as <a href="">SamSam</a>, <a href="" target="_blank">WannaCry</a> and <a href="" target="_blank">NotPetya</a>, but the basic template remains the same.</p> <p><a href="" target="_blank">According to data from Recorded Future,</a> governments are less inclined to pay ransoms than nongovernment organizations: <strong>Forty-five percent</strong> of all organizations hit by ransomware attacks in 2019 paid the ransom, compared to<strong> just 17 percent </strong>of state and local governments. Since paying ransoms is rarely an option due to either budgetary or policy constraints<strong>, governments must be prepared to defend against attacks and quickly recover if defenses fail</strong>.</p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>What are the downsides of paying after a ransomware attack? </em></a></p> <h2 id="toc_1">How Typical Ransomware Strategies Are Ineffective</h2> <p>Organizations generally take two approaches to ransomware: <strong>either actively try to prevent attacks or focus on containing an attack’s impact</strong>. In the former scenario, there are several common types of approaches for proactively preventing a ransomware attack. </p> <p>For one, security firms can be brought in to <strong>train employees to recognize phishing emails</strong>. Also, organizations can purchase software that<strong> inspects email for common signatures of malware</strong>. Finally, organizations can turn to <strong>firewalls </strong>and password software that limit user and program access.</p> <p><strong>These solutions tend to be minimally effective</strong>, however. Fatigue sets in and users become complacent. Technologies intended to detect and stop malware <strong>quickly become obsolete as signatures evolve</strong>. Onerous password schemes and other blockades tend to irritate users, who ultimately work around them for convenience.</p> <p>If attacks cannot be completely prevented, some organizations take a complementary approach to <strong>minimize the impact of a breach</strong>. One strategy here is to<strong> encrypt data </strong>as a hedge against ransomware. However, this approach misunderstands the intent and modus operandi of ransomware. Encrypting data in advance of an attack might be useful against other types of hacks in which data is copied and shared with unauthorized parties or disclosed publicly, but it is mostly ineffective against ransomware, which simply re-encrypts data to prevent access to its rightful owner.</p> <p><strong>A robust backup strategy</strong> can certainly help by keeping a data copy separate from the live data, potentially providing a clean copy for restore. The problem is that hackers also know this. Consequently, they specifically target backup data in attacks. An airgap solution, such as tape-based backup, provides further assurance by keeping a data copy physically separate from the network. But the tape backup model is labor-intensive, requiring tapes to be moved to a location outside of a tape library to ensure separation. </p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out how to defeat the latest state and local government cybercrime trends. </em></a></p> <h2 id="toc_2">WORM and Object Lock Are Better at Countering Ransomware</h2> <p>The above strategies against ransomware are ineffective at worst and inconvenient and unreliable at best. But there’s another way to fight these attacks: <strong>WORM (write once, read many) storage is the easiest and most effective strategy against ransomware</strong>.</p> <p>With WORM storage, the data is made immutable: Once written, the data cannot be either changed or deleted for a specific period. This <strong>prevents malware from being able to encrypt the data and lock the victim out</strong>. In the event of a malware attack, organizations can restore the data through a simple recovery process. </p> <p>Previously, WORM storage required specialized storage devices and a workflow that accommodated them. Now, object storage systems equipped with a new feature called “object lock” provide WORM functionality on enterprise storage systems. Data is protected at the device level, rather than being dependent on an external layer for defense. </p> <p>A further benefit is <strong>using object lock as a standardized feature</strong>, supported by multiple data protection software platforms. IT managers can therefore capitalize on this feature within an automated workflow, with no need to separately manage protected copies of data. </p> <p>When it comes to minimizing ransomware threats, storage is the last, best line of defense. And unlike other strategies, WORM is the only option that <strong>delivers protection right where the data resides</strong>. The object lock feature now makes WORM functionality accessible and easy to manage within an automated workflow. As the threat of ransomware increases for local governments, WORM and object lock are the closest things to a foolproof solution — and the best options for mitigating damage from these attacks.</p> Jon Toor Government Agencies Broadcast Official Meetings to Boost Visibility <p><a href="" target="_blank">Vicksburg, Miss.</a>, is a historic city of <strong>22,000</strong> people on the east bank of the Mississippi River. A three-person team at <a href="" target="_blank">Vicksburg TV</a>, the city’s government access cable television station, is responsible for<strong> live broadcasts of city board meetings, budget hearings and other public events</strong> held in the City Council board room and area offices.</p> <p>Despite the team’s small size, a powerful video production system allows it to <strong>create professional-quality productions that bring city meetings to life for the viewing publi</strong>c, VTV Director Alvin Coleman says.</p> <p>A <a href="" target="_blank">TriCaster TC1</a> video production system from <a href=";searchscope=all&amp;sr=1" target="_blank">NewTek</a> brings a broader appeal to the meetings and sparks the interest of others about what’s possible, because the viewer is not looking at just one person on the screen, Coleman says. “When you have an interaction with other people who are in the meetings — and sometimes those meetings get a little heated — and you have cameras going back and forth, it’s almost like you’re <strong>putting the viewer right there in the meeting through the use of the different camera angles</strong>.”</p> <p>Acquiring the TriCaster system was critical to providing wider public access to council meetings, and the resulting interest in those paved the way for broadcasts of other municipal happenings, such as interviews with aldermen, a tour of the local water treatment plant and the opening of a new airport. The video production system provides <strong>a powerful means for a budget-conscious jurisdiction to widely open government functions to the public</strong>, who can view meetings from the comfort of home.</p> <p>Technology changes so quickly that government media centers <strong>may not always clearly understand which investments to make</strong>, says Mike Wassenaar, president and CEO of the <a href="" target="_blank">Alliance for Community Media</a>, an organization that advocates for cable access TV organizations and community media centers.</p> <p>“When technology is changing so rapidly, it makes things hard if you have to capitalize the investment over a five-year period as a durable asset,” says Wassenaar. If agencies work in a public setting with semiprofessional users, they can be rough on equipment, especially in the field, he adds. </p> <p>That puts a premium on purchasing durable equipment. </p> David Raths When Is VDI the Best Fit for Local Governments in 2020? <p>Although <strong>virtual desktop infrastructure </strong>existed for more than a decade, VDI is only now starting to take off for state and local governments. Interest in VDI among government agencies <a href="">is finally widespread and growing.</a> </p> <p>“Traditionally, a lot of us are used to having a laptop in front of us or a physical desktop in front of us to do our work,” says Sachin Sharma, senior product line marketing manager at <a href="" target="_blank">VMware</a>. </p> <p>That’s often still the case with VDI, but instead of data, licenses and software being housed on physical machines, <strong>they’re located in an on-premises server</strong>. As such, they can be <strong>accessed from almost any device (provided the user can log in with the right credentials)</strong>. </p> <p>This demand for virtual desktops has also led to an increased interest in using an interest in using flexible infrastructure rather than keeping data localized, including using <strong>Desktop as a Service (DaaS)</strong>, which operates on the same concept of moving information off physical machines, storing it and deploying it from the cloud.</p> Jen A. Miller How States Overcome Big Data Analytics Challenges <p>According to the National Association of State CIO’s <a href="" target="_blank">2020 Top 10 Priorities list</a>, <strong>data management and analytics</strong> land at No. 8 for state IT leaders. That includes data governance, data architecture, strategic business intelligence, predictive analytics, Big Data and related roles and responsibilities.</p> <p>According to <a href="" target="_blank">a 2018 Center for Digital Government survey</a>, when asked to identify their biggest workforce needs, <strong>87 percent </strong>of states cited<strong> “business intelligence and data analytics” </strong>— second only to cybersecurity.</p> <p>As state and local governments strive to improve services for residents, they are making use of data analytics and Big Data. Technology platforms that take advantage of such tools can <strong>gather information otherwise locked away in silos and identify trends in real time</strong>.</p> <p>In some cases, as with <a href="" target="_blank">Michigan’s Department of Health and Human Services</a>, states are using analytics to solve back-end issues and <a href="">gain insight into how critical benefits applications</a><a href=""> are performing</a> so they remain available for residents to access. Data analytics tools are <a href="">helping police departments spot patterns to predict crimes</a>.</p> <p>Jane Wiseman, a fellow at the Ash Center for Democratic Governance and Innovation at Harvard's Kennedy School of Government, <a href="" target="_blank">notes that</a> data analytics tools can help government agencies detect fraud, enhance efficiency and reduce costs, and improve the accuracy of government compliance and billing, among other benefits. </p> <p>Yet government agencies face barriers to effective use of data analytics tools, including<strong> aging infrastructure, constricted budgets, technical complexity, data governance issues and a lack of a skilled workforce</strong>. </p> Matt Parnofiello Street Smarts: In Chattanooga, Tenn., Connectivity Paves the Way for Safety Improvements <p><em>Editor's Note: This is the fourth article in "Street Smarts," an ongoing </em>StateTech <em>series that highlights local stories of smart city projects, from development to execution. Check out <a href="">the first article in the series on Montgomery, Ala.</a>, <a href="">the second on Colorado Springs, Colo</a>, <a href="">the third article on Racine, Wis</a>., and <a href="">the fourth article on Columbus, Ohio.</a> </em></p> <p>In spring 2019, the University of Tennessee at Chattanooga’s <a href="" target="_blank">Center for Urban Informatics and Progress</a> (CUIP) began using cameras and lidar, radar and other sensors, along with various networking capabilities, to <strong>test pedestrian safety conditions, traffic flow and air quality elements along a 1.2-mile portion of the city’s Martin Luther King Boulevard</strong>.</p> <p>Thanks to the resources provided by utilities supplier <a href="" target="_blank">EPB</a>, city government and other members of the Chattanooga Smart Community Collaborative, <strong>setting up the smart technology-enabled test bed only took a few months</strong>, according to Mina Sartipi, CUIP director and a professor in the UTC Department of Computer Science and Engineering.</p> <p>Nine hundred miles of fiber, laid between 2008 and 2010 to help create an advanced smart grid to distribute electricity, serves as a backbone to support the project’s physical infrastructure.</p> <p>While CUIP added some cameras used to detect roadway elements — models such as the <a href="" target="_blank">Axis P1448-LE</a> and <a href="" target="_blank">M2025-LE</a> — on 11 poles along the highway, researchers have also been able to<strong> tap into cameras the city previously installed</strong>.</p> <p>“The fact that we were able to have the test bed up and running so quickly and relatively inexpensively is because of the collaboration,” Sartipi says. “We were able to take advantage of some of the previous efforts; it helped us do this much faster and more efficiently.”</p> Erin Brereton 4 Steps to Prepare for Unified Endpoint Management <p>Most IT leaders understand the benefits of tools. They see that <strong>unified endpoint management</strong> can streamline management across different device types and allow push-based and instant delivery of policies and updates. UEM can lead to t<strong>ime savings that accelerate gains in other parts of the enterprise</strong>.</p> <p>But these IT leaders often say they’re simply not ready to implement UEM ­— and they’re right. While UEM is clearly the future of device management — and it has significant benefits to offer today — organizations must take certain steps within their existing IT environments to take full advantage of the model. Here are four things organizations should do to get ready for UEM.</p> <h2 id="toc_0">1. Move to a Modern Operating System</h2> <p>The first step to prepare for UEM is to <strong>adopt a recent operating system</strong>, such as <a href="" target="_blank">Windows 10</a> and the latest versions of macOS, iOS, Android and Chrome OS. These systems <strong>allow applications to be pushed out centrally</strong>. </p> <p>Without this capability, an IT department must touch every device running in its environment to manage them. Embracing modern operating systems is the first step for UEM capabilities.</p> <h2 id="toc_1">2. Embrace Cloud Identity and Access Management</h2> <p>Many organizations, especially those that haven’t yet made significant strides with cloud software, still use on-premises Active Directory. On-premises identity and access management tools don’t authenticate well against cloud services and aren’t a great fit for UEM solutions. <strong>By embracing cloud IAM tools, companies make their directories more dynamic </strong>and make it easier for users to request access to cloud-based resources.</p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Here is what agencies need to know now that Windows 7’s end of life is here. </em></a></p> <h2 id="toc_2">3. Adopt CASBs to Help with Device Security </h2> <p>Some organizations consider security a factor that prevents them from moving to a UEM model, often because they approach security at the level of anti-virus tools without embracing next-generation solutions. </p> <p>Agencies should <a href="" target="_blank">consider a cloud access security broker</a>. A <strong>CASB</strong> works hand in hand with a UEM solution as the UEM tool <strong>validates users’ identities and pulls applications from the cloud</strong>.</p> <h2 id="toc_3">4. Use Automated Device Enrollment to Streamline Provisioning </h2> <p>By embracing <strong>automated, zero-touch device enrollment programs</strong>, such as the <a href="" target="_blank">Apple Device Enrollment Program</a> or <a href="" target="_blank">Windows Autopilot</a>, agencies can skip individually provisioning devices. Automated device enrollment <strong>delivers devices ready to instantly connect to UEM tools</strong>.</p> Mike Elrod Windows 7's End of Life Is Here <p>After years of warnings, <a href="" target="_blank">Microsoft</a> will <strong>no longer provide regular support for its Windows 7</strong> operating system. Unlike in the federal government, where there has been a concerted push — and in some cases, mandates — to get agencies to upgrade to <a href="" target="_blank">Windows 10</a>, there is no similar force pushing state and local agencies to do the same. </p> <p>State and local government IT leaders <strong>face cybersecurity risks every day they continue to run Windows 7</strong>. “If you continue to use Windows 7 after support has ended, your PC will still work, but it will become more vulnerable to security risks and viruses,” <a href="" target="_blank">Microsoft notes</a>. “Your PC will continue to start and run, but you will no longer receive software updates, including security updates, from Microsoft.”</p> <p>The exception involves Windows 7 users who pay to enroll in <a href="" target="_blank">Microsoft’s Extended Security Update program</a>. But Microsoft describes that program as a “last resort option” that will only provide updates “if and when available,” and the company plans to offer it for just three years.</p> <p>Local government’s Windows migration efforts were in good shape as of the middle of last year, <a href="" target="_blank">Public Technology Institute</a> Executive Director Alan Shark <a href="">told <em>StateTech</em> at the time</a>. </p> <p><strong>“Many already had a refresh schedule for PCs and laptops and are taking the date very seriously,”</strong> Shark said. “Most people have thought it through well in advance of the deadline.”</p> <p>State and local agencies could face migration challenges if in-house developers do not possess the expertise needed to update legacy applications that agencies sometimes use, or if the vendor that created a particular application no longer exists.</p> <p>In addition to performing a comprehensive software audit to try to assess potential application issues, counties may also want to consider offering instruction to help employees become comfortable with the features of the newer version of Windows once it’s installed, according to Shark. “People tend to overlook the human factor sometimes — such as people saying, ‘I don't like touch screens.’ Windows 10 gives you that option; it’s more graphic than 7,” Shark said. “You have to allow for training, whether it’s online or in person, because not everybody is a quick adapter.” </p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH:</strong> What are the top 2020 priorities for state CIOs? </em></a></p> <h2 id="toc_0">The Key Advantages of Windows 10 Over Windows 7</h2> <p>What are the key differences between Windows 7 and Windows 10?</p> <p>Functionally, <strong>both Windows 7 and Windows 10 offer a familiar Microsoft experience</strong>. One key difference is the Start Menu: Removed in Windows 8 in favor of a “tile” system,<strong> the Start Menu is back in Windows 10</strong>, but with a twist. While the Start Menu still offers quick access to applications, it also includes Live Tiles that show relevant, real-time data.</p> <p>In addition, Windows 10 <strong>streamlines search and notification functions</strong> with a dedicated search bar at the bottom of the desktop and a notification center in the bottom right corner, making it easier for users to find what they want, schedule upgrades or make system changes.</p> <p>Windows 10 offers key advantages over Windows 7, including:</p> <ul><li><strong>Virtual desktops: </strong>Windows 10 natively includes virtual desktop functionality to streamline business workloads.</li> <li><strong>Improved data security: </strong>Using tools such as Windows Defender, BitLocker and Advanced Threat Detection, Windows 10 offers better defense against threat actors.</li> <li><strong>Automatic updates:</strong> Instead of cumbersome, time-consuming updates, Windows 10 handles the updating process automatically to minimize downtime.</li> <li><strong>Windows Sandbox: </strong>Users can easily test unknown software in a safe and secure environment.</li> <li><strong>Windows Timeline:</strong> Using the Task View button or pressing the Windows key + Tab brings up the timeline, which shows recent activity in supported apps. This is a great feature for business users working across multiple devices in the Windows 10 environment.</li> </ul><p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover why cybersecurity planning should be a top priority for local agencies. </em></a></p> <h2 id="toc_1">How Windows 10 Enhances Security</h2> <p>Rita Reynolds, CTO of the National Association of Counties, notes that newer operating systems like Windows 10 “are, of course, going to have more security; the manufacturer is going to continue to patch them. It can be costly, for some, to do an upgrade, but in the long run, it will make the county more secure.”</p> <p>Microsoft’s decision to <strong>build security features into the kernel of the operating system</strong> is something that appeals to government IT officials looking to boost endpoint security. </p> <p>“On top of a secure operating system, customers also need the added defense of endpoint protection and detection, which is why we built Microsoft Defender Advanced Threat Protection into Windows 10,” Rob Lefferts, corporate vice president of security at Microsoft, <a href="" target="_blank">tells <em>FedTech</em></a>. </p> <p><strong>Windows Defende</strong>r offers a suite of cybersecurity protections and is built into Windows 10. It includes several different technologies that deliver superior protection, including System Guard, Credential Guard, Application Control, Application Guard, Exploit Guard and Advanced Threat Protection.</p> <p><strong>Microsoft Defender ATP</strong> is a unified platform for preventative protection, post-breach detection, automated investigation and response, Lefferts notes. The platform helps agencies “reduce their overall risk by eliminating threats before they get to users and helping already strained IT departments prioritize and remediate threats.” Defender ATP is also powered by the cloud, so it is constantly updated and exchanging signals with the <a href="" target="_blank">Microsoft Intelligent Security Graph</a>, and it “shares detection and exploration insights across devices, identities and information to speed up response and recovery,” Lefferts says.</p> <p>Here is <a href="">a more detailed look at the different elements of Windows Defender</a>. </p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Find out how Windows 10 makes cloud backups easier for agencies concerned about ransomware attacks.</em></a></p> <h2 id="toc_2">Accelerating the Shift to Windows 10</h2> <p>The first and most important migration task for IT leaders is to <strong>conduct an inventory of every PC, endpoint and piece of software</strong> (including those applications users have downloaded without your knowledge) to determine which pieces of IT equipment need to be migrated to Windows 10. Some PCs can be upgraded to Windows 10, but some will be so old the agency will need to purchase new equipment with Windows 10 already installed. </p> <p>IT leaders need to determine <strong>how many Windows 7 users they have, how capable they will be of moving to Windows 10</strong> and whether their roles are so critical their work cannot be interrupted by the migration. <a href="" target="_blank">Microsoft offers toolkits and other analytics</a> to assist IT teams with this task. After that, IT leaders should select and create a pilot group of users who can start testing how Windows 10 performs and how they interact with it.</p> <p>Once all of the kinks have been ironed out and agency staff feels comfortable using the platform, IT leaders can start plans for actual deployments. The rollouts should be <strong>staggered so IT experts and hardcore beta users go first, followed by less experienced users</strong>. Crucially, you should avoid deploying Windows 10 to mission-critical staff in the middle of a project. Another best practice Microsoft recommends is the <a href="" target="_blank">use of deployment rings</a>, which can make the rollout process smoother. Under this methodology, each ring includes users from a variety of departments so that problems limited to one department can be seen more quickly and affect only a few people at a time. </p> <p>State and local government agencies have made some progress in migrating to Windows 10. Now that Windows 7 support has ended, though, those that have not yet made the switch need to get moving to avoid cybersecurity risks.</p> Phil Goldstein Q&A: How Philadelphia CIO's Breaks Down Silos <p>In January 2018, Mark Wheeler became CIO of Philadelphia. Prior to helming the city’s <a href="" target="_blank">Office of Innovation and Technology</a>, he served as deputy CIO and chief geographic information officer. In that role, Wheeler revitalized Philadelphia's geospatial data operations and fostered collaboration across departments for sharing location-based data.</p> <p>Philadelphia initially hired Wheeler in 2010 as a city planner for the <a href="" target="_blank">Philadelphia City Planning Commission</a>, where he contributed to public outreach, land use and public facility planning. In an interview, <em>StateTech</em> asked Wheeler about Philadelphia’s smart city planning and the importance of geographic information systems in all city IT operations.</p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover how LoRa and LoRaWAN can help smart cities.</em></a></p> <h2><span style="color: #c74037;">STATETECH: </span>You’ve been CIO of Philadelphia for two years now. What’s been your focus so far? </h2> <p><strong>WHEELER: </strong>My main focus has been on <strong>improving our security posture</strong> in the city and making sure that we’re investing in that and coordinating properly with all of our departments on necessary change control measures as well as new investments we require.</p> <p>For example, this year <strong>we completely replaced our firewall and our VPN platform</strong>. We were not on bad footing, but it was time to look at the marketplace and look at new vendors, assess situations and modernize. We’re very happy that it was a highly successful process to switch and replace. Like many other cities, the security of systems and security of data is top of mind for our team members.</p> <p>Also, we can be better in terms of delivering projects on time and within budget by <strong>looking at more agile procurement and implementation methods</strong> instead of going all-in with a single monolithic approach, then trying to just turn that on one day and turn the old system off.</p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>What are the best practices for smart city success?</em></a></p> <h2><span style="color: #c74037;">STATETECH: </span>It’s fascinating that you specialized in geographic information before you became CIO. Everything that happens in a city is driven by geospatial intelligence. How much better prepared are you because of your background? </h2> <p><strong>WHEELER: </strong>Cities have to be able to make decisions that are informed by good data, and they have a wealth of data that sometimes gets siloed in departments. The biggest struggle I hear my counterparts<strong> dealing with is unlocking the silos and making that data available for informing decision-making and raising awareness</strong>.</p> <p>In Philadelphia, we unlocked our location data among departments a very long time ago. And we have an <strong>outstanding level of cooperation</strong> by people on the technical side and the business operations side when it comes to spatial data. They understand that at their core, geographic information systems are about<strong> data integration and revealing new ways of looking at a problem or a situation</strong>.</p> Mickey McCarter LoRa and LoRaWAN: How the Technology Helps Smart Cities <p>Smart city networks power everything from <a href="">autonomous vehicles</a> to <a href="">traffic monitoring</a>, <a href="">services for first responders</a> and <a href="">intelligent streetlights</a>. </p> <p><strong>Long-range (LoRa) wireless technology</strong> can help cities overcome network coverage challenges and enable them to widely deploy Internet of Things solutions in smart cities, providing coverage where traditional Wi-Fi solutions may not.</p> <p>Sensors that measure and monitor the environment and enhance services require both a great deal of network bandwidth and, just as important, coverage. After all, if a sensor cannot connect to a city’s wireless networks, what good is it? Getting that coverage deployed throughout a city can be <strong>challenging and expensive</strong>.</p> <p>“<strong>LoRa devices and the open LoRaWAN protocol</strong> enable smart IoT applications that solve some of the biggest challenges facing our planet: energy management, natural resource reduction, pollution control, infrastructure efficiency, disaster prevention, and more,” <a href="" target="_blank">notes Semtech</a>, a founding member of the <a href="" target="_blank">LoRa Alliance</a> and the developer of LoRa technology.</p> <p>The <strong>LoRaWAN specification</strong> is a low-power, wide area networking protocol designed to wirelessly connect IoT devices. <a href="" target="_blank">As the LoRa Alliance notes</a>, it meets key IoT requirements, such as “bi-directional communication, end-to-end security, mobility and localization services.”</p> Phil Goldstein What Are State CIOs’ Top 2020 Priorities? <p>The National Association of State Chief Information Officers’ annual <a href="" target="_blank">State CIO Top 10 Priorities list,</a> which NASCIO released in December, is usually consistent from year to year. Cybersecurity is perennially the No.1 priority, and it was again on the 2020 list. It’s the changes, however, that give an indication of how state CIOs’ technology priorities are shifting. </p> <p><a href="" target="_blank">As <em>Government Technology</em> notes</a>, <strong>digital government jumped from the No. 4 spot in 2019 to second place</strong>, after cybersecurity.</p> <p>There were other minor changes as well. Broadband and wireless connectivity fell from No. 5 to ninth place, legacy modernization was No. 7 after not ranking in 2019, and<strong> innovation and transformation rounded out the list at No. 10 as a new addition</strong>. </p> <p>Meanwhile, enterprise IT governance and identity and access management fell off the list completely.</p> <p>“I definitely thought it was interesting that innovation was on there for the first time,” Meredith Ward, NASCIO’s policy and research director, <a href="" target="_blank">told StateScoop</a>. “I really like the phrase<strong> ‘drive a culture of innovation.’</strong> CIOs are looking ahead to what the next thing is they’re having to face.”</p> <p><a href="" target="_blank"><em><b>MORE FROM STATETECH: </b>These are the key state and local government IT trends to stay on top of in 2020. </em></a></p> <h2 id="toc_0">State CIOs Shift Toward Customer Relationship Management</h2> <p>Over the past several years, the role of a state CIO has been shifting in NASCIO’s view as the position has evolved beyond being merely a provider of technology. Today, state CIOs are not just <a href="">brokers of IT services</a>; they are also <strong>customer relationship managers.</strong> </p> <p>State CIOs agree they need to understand how the state agencies they serve are using technology and want to modernize their IT to achieve their missions.</p> <p>Speaking to <em>StateTech</em> at the NASCIO 2019 Annual Conference in October, state IT leaders said that CIOs need to <strong>market IT services to state agencies and need to develop and maintain close relationships to do so effectively</strong>. They also noted that establishing and building trust is critical to the relationship between IT leaders and state agencies. Customer relationship management has allowed state CIOs to communicate better to agency customers about the services that the IT department offers, they argued.</p> <p>“It’s the progression toward ‘we need someone who understands the business risk and the business cases,’” Ward told StateScoop. “A lot of people have this image of ‘oh this is the person who comes to fix my computer,’ but that’s not who the CIO is.”</p> <p>Customer relationship management — which NASCIO defines as “internal customer service strategies; building customer agency confidence, trust and collaboration; service level agreements (demand planning)” — <strong>rose from No. 7 to the No. 5 slot on the list</strong>, StateScoop notes. </p> <script type="text/javascript" src="//;widget_id=1079419060&amp;width=640&amp;height=360"></script><p>At the NASCIO conference, several state CIOs <a href="">outlined to <em>StateTech</em></a> specific programs and initiatives they plan to tackle this year. Ohio CIO Ervan Rodgers said that the state will focus on going from “cloud first” to “cloud smart” with cloud security in place. The state wants to <strong>create a Cloud Center of Excellence to streamline migration</strong>.</p> <p>“One of the ideas that I have is to create, in partnership with the <a href="">Innovate Ohio</a> team, a Cloud Center of Excellence for the state of Ohio, so that we have the appropriate resources and we’re not trying to do this 50 different ways,” he said. “We can do it centrally and take advantage of the investment.” </p> <p>Meanwhile, North Carolina wants to <strong>update its identity management solutions </strong>so residents can more easily <strong>get access to government services with a single ID</strong>. “How can blockchain play a part of our identity, and how can we push our identity out to the citizen, so they have the option of choosing and selecting when they are a part of a program and when they’re not?” said North Carolina CIO Eric Boyette (who also now serves as NASCIO’s president). </p> <p>“If you’re a citizen, you live in a municipality, you live in a county and you live in a state. So why should you have three different IDs to transact?” Boyette added. “The citizen doesn’t care which piece of government they’re dealing with. They have a service they need and they want to apply that service and they’re trying to figure out how to get there. And we’re trying to make that easier. So, we’re partnering, we’re trying to do some pilots with our counties and municipalities on how to create one ID for our citizens.”</p> Phil Goldstein