Tech lobby map rates states’ cybersecurity and digital efforts
A new interactive map published Tuesday by the Internet Association scores every state government’s cybersecurity, digital government and modernization efforts in an attempt to evaluate their IT readiness.
The Internet Association, a trade group representing tech giants like Amazon, Facebook, Google, Microsoft and major online commerce companies, evaluated states and the District of Columbia on categories including their adoption of cloud architecture, the availability of digital services, whether there’s a dedicated cybersecurity budget and the prevalence of ransomware incidents.
The group calls the map State, Local, Tribal, and Territorial Information Technology Advancing Reform Achievements, or SITARA, an obvious nod to the Federal IT Acquisition Reform Act, or FITARA.
States were given a score based out of a possible total of 21 points — one for each metric on which they were evaluated, distributed across three categories: cybersecurity, modern IT infrastructure and modernization efficiency.
Minnesota scored highest overall, with 14 out of 21, enough for a rating of “very good,” followed closely by California and Florida, which both scored 13. Twenty-five states received scores rated as “good,” while the remaining 23 and D.C. were judged to be “getting started” on their IT journeys in the Internet Association’s eyes.
Minnesota, for example, got high marks for having a “cloud-first” statute in its state code that formally prioritizes cloud architecture over other formats, and for the Minnesota IT Services agency maintaining a publicly available inventory of all government applications.
And Florida, while earning just two of seven possible points on cybersecurity, made up ground in categories related to modernization. Despite the fact that the state has reorganized its IT governance several times — most recently earlier this year — the Internet Association praised the creation of the Florida Digital Service, a new agency focused on application development, while mainline technology functions have been consigned to a different government branch.
The Internet Association praised several states for developing digital services agencies, especially those modeled after federal-level efforts like the U.S. Digital Service or 18F. Along with Florida, digital services in Colorado, New York and Georgia buffed up those states’ scores.
Some states scored low on cloud adoption but high on cybersecurity. Ohio only got two of six possible points for modern infrastructure, but five in cybersecurity. During a conference call with reporters, Omid Ghaffari-Tabrizi, the Internet Association’s director of cloud policy, praised the state’s cyber range, use of the National Guard to respond to cyberattacks and the vulnerability disclosure policy created this year by the secretary of state’s office.
Still, the map may not align with how IT officials in these states have described their work. Many states, Ohio included, were docked a point if, say, the chief information officer does not report directly to the governor. But Ohio CIO Ervan Rodgers told StateScoop this month that — at least this year — he’s had more direct contact with Gov. Mike DeWine than at any other point in his career. And Rodgers and other state CIOs have said that the COVID-19 pandemic has elevated the roles IT leaders play in statewide decision-making.
Ghaffari-Tabrizi conceded that the SITARA map is not meant as a one-size-fits-all edict to states.
“There is no one right way to modernize,” he said.