State

Arkansas governor orders technology dept. to centralize, improve cyber

Arkansas Gov. Sarah Huckabee Sanders issued an executive order requiring the state's IT division to reform as the Department of Shared Administrative Services, Office of State Technology.

By Colin Wood

June 12, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Arkansas Gov. Sarah Huckabee Sanders speaks before U.S. Agriculture Secretary Brooke Rollins signs three new SNAP food choice waivers for the states of Idaho, Utah, and Arkansas in her office at the United States Department of Agriculture Whitten Building on June 10, 2025 in Washington, D.C. (Andrew Harnik / Getty Images)

After an extensive effort last year to examine her state’s technological shortcomings, Arkansas Gov. Sarah Huckabee Sanders on Wednesday issued an executive order that will rearrange the state’s IT efforts and place a greater emphasis on cybersecurity.

The order outlines a plan that involves centralizing the state’s IT administration and governance, instating statewide management of technology projects, launching detailed assessments of the state’s IT systems, consolidating duplicative services and creating a new, centralized cybersecurity office.

It will also, starting in August, rename the Department of Transformation and Shared Services’ Division of Information Systems, or DTSS DIS, to the Department of Shared Administrative Services, Office of State Technology, or DSAS OST.

The governor’s order is largely modeled after work the state performed last year examining its technology governance. The investigation revealed the state could save between $65 million and $130 million annually through a series of reorganizations. The resulting 956-page report also found that agency chief information officers were chiefly challenged by the need to manage old systems, manage their IT programs, procure services from vendors and the state’s overall IT resiliency.

The report found that Arkansas spends between $680 million and $700 million annually on technology, which is below average, but also that it spends more on applications than other states, and relatively little on infrastructure. Most alarming, the state spends only $6 million on cybersecurity, compared to the roughly $60 million average spent by other states.

The plan outlined in the governor’s order follows a template familiar in many other states: consolidate management of services, eliminate duplicative work, negotiate better prices with vendors and instate stronger centralized governance of technology to prevent agencies from making wasteful ad-hoc decisions.

A new, centralized cybersecurity office, meanwhile, will be tasked with coordinating “all cyber risk management activities across the state.” The state’s research last year, which the governor said in her order was later “replicated” by President Donald Trump’s Department of Government Efficiency, recommends the state improve its use of data and analytics for managing cybersecurity and to do more to standardize the state’s cybersecurity practices.

Cybersecurity funding will likely continue to be an issue for the state, which underspends on its IT security and has trouble competing with the private sector for premier talent.

“During interviews, nearly all CIOs mentioned the need for improved cybersecurity capabilities,” the report reads. “In addition, the state has high levels of attrition from retirement and private industry, and typically cannot match salary for positions in the private sector, especially for technology roles.”