It is still incomprehensible how the ongoing global pandemic has altered nearly every facet of our lives. But with more than 3 million COVID-19 vaccines being administered to Americans each day, a return to a new sense of normalcy seems to be imminent. What exactly does that return mean for the future of state government?
As commissioner and chief information officer of New Hampshire and president of the National Association of State Chief Information Officers, I firmly believe that now is the moment for transformational change. It is time for us to dream big and reimagine pre-pandemic business models and how our citizens interact with their governments. In my state, I have witnessed a palpable shift among government leadership that information technology and cybersecurity are not simply regarded as a technology problem but a key tenet to the continuity of our government.
With the recent passage of the American Rescue Plan, including $350 billion in flexible aid to state and local governments, Congress and the Biden administration have given us an opportunity to modernize legacy and outdated IT systems, improve our cybersecurity posture and invest in technologies to enhance how our citizens interact with their governments.
When COVID-19 spread across the country last March, my fellow state CIOs and I faced enormous challenges to ensure widespread remote work was manageable and secure. This was made even more difficult in states that did not have a culture of remote work. Working with our private sector partners, we adapted to a nearly universal remote environment almost overnight.
We expedited lengthy, bureaucratic acquisition processes, deployed AI-powered chatbots to assist overburdened state agencies and assisted school districts with virtual learning. We implemented numerous digital government initiatives to improve how citizens interact with their state government websites, a crucially important project as citizens relied more than ever on state services and authoritative information sources.
CIOs also implemented COVID-19 testing websites, contact and exposure notification applications and, now, vaccine websites.
The American Rescue Plan represents such a unique opportunity for state and local governments because it differs drastically from previous pandemic relief bills. While we await guidance from the Treasury Department, we expect the state and local funds included the American Rescue Plan to be broad and flexible, and usable over the next three years. This will allow for longer-term, more-strategic investments by state and local governments.
According to NASCIO’s 2020 State CIO Survey, CIOs overwhelmingly identified expanded work from home and remote work options, the expanded use of collaboration platforms and remote meetings, and the increased attention on digital government services and citizen experience as the top three business processes that are here to stay in a post-COVID world.
As states consider how best to invest additional federal funds, the following areas are essential:
Unlike the other allowable expenditures under the rescue package, it specifically enumerates broadband as an allowable expenditure. Combined with an additional $7.5 billion for the Federal Communications Commission to create an Emergency Connectivity Fund — and potentially another $100 billion in President Joe Biden’s infrastructure proposal — states should look to immediately implement wholesale broadband strategies through public-private partnerships to close the digital divide across the country. Accessibility and affordability in rural and disadvantaged communities should be the highest priority, and these efforts should not stop at simply providing coverage but establish speed goals of at least 100 Mbps download, 20 Mbps upload. The post-pandemic world will run on a more robust digital economy and expanded hybrid and remote work environments that demand greater bandwidth.
While the CARES Act provided an opportunity for some states to improve their cybersecurity posture — primarily for securing remote work, remote health and distance-learning programs — the pandemic amplified significant vulnerabilities in state and local government networks, especially those operating on outdated technologies. Since March 2020, we have seen an uptick in ransomware, an extraordinary amount of digital fraud, and the recent revelations of the SolarWinds hack and the Microsoft Exchange Server vulnerabilities. With only 36% of states having a line item in their budget for cybersecurity, according to the 2020 Deloitte-NASCIO Cybersecurity Study, combined with a growing shortage in public-sector cybersecurity personnel, states continue to be vulnerable.
State and local governments should look to invest in fraud detection technologies, identity and access management technologies and implement advanced cybersecurity frameworks like zero trust. States should also take advantage of cloud-based security services that continuously monitor vulnerabilities of servers, networks and physical networking devices. Meanwhile, legislatures should create dedicated cybersecurity line items in their annual budget process to address a continuous problem that cannot be solved with a one-time expenditure.
Too often during the pandemic, we saw massive failures of legacy government systems — including unemployment insurance systems — built on 50-year-old technology. A lack of funding to overhaul many of these systems was the primary reason they were unable to handle thousands of percent increases in traffic at the start of the pandemic. Across the country, these systems not only crashed but resulted in billions of dollars in fraudulent claims. Worse yet, many states are operating numerous health and human service and enterprise administrative systems that are in dire need of modernization.
States should invest in cloud services for these modernization efforts, which reduce complexity, enhance security and ensure that no unused services are kept active. While this may be more difficult in less centralized IT environments, operating systems that continue to rely on outdated technologies simply cannot meet the future demand for increased digital services and the delivery of critical services and benefits to our citizens.
A look to the future
Before the pandemic, state CIOs’ priorities included improving their cybersecurity postures, enhancing citizens’ interaction with government websites and expanding broadband access. We expected these changes to be implemented over time but certainly not overnight. The pandemic served as the catalyst for rapid deployment and expansion of these initiatives — at least temporarily. As we begin to enter this new sense of normalcy, I remain concerned that we could slide back into pre-pandemic approaches to IT. This would be disastrous after the progress we have made over this past year.
With the passage of the American Rescue Plan, we finally have an opportunity to ensure the future of state government is reliable, secure and agile. Let’s get to work.
Denis Goulet is the commissioner and chief information officer of the State of New Hampshire and president of the National Association of State Chief Information Officers.