After a year during which the response to a raging pandemic stretched out their workforces, drained their budgets and overwhelmed their other priorities, state IT leaders are hoping 2021 is when the federal government finally delivers long-awaited support for cybersecurity and modernization efforts. This is according to the list of legislative goals released Thursday by the National Association of State Chief Information Officers.
The annual list includes five priorities, including familiar topics like a cybersecurity grant program and harmonization of regulations surrounding federally mandated audits, as well as new focuses on modernization funding and the Federal Communications Commission’s oversight of broadband internet service. NASCIO also said it wants to work with the federal government to implement the DOTGOV Online Trust in Government Act, which was signed into law last month as part of a massive year-end spending package.
As states continue to grapple with the effects of COVID-19, many with tattered budgets, NASCIO is eyeing greater support for modernization efforts, especially as tech agencies remain tasked with supporting remote workforces and scaling up unemployment insurance programs that continue to see record levels of demand, increasing states’ need to invest in virtual assistants and new IT architecture capable of handling the surges.
“The problem is a lot of states have not had the resources to provide funding to do the multi-year high-cost projects,” said Matt Pincus, NASCIO’s director of government affairs. “If you look at the budgetary outlook, I’m not sure states are looking to invest $50 million in a new unemployment system.”
Although many states’ budget shortfalls were not as grim as initially feared, the NASCIO release came a few days after Doug Robinson, the group’s executive director, said he expects to see “reduced spending models” in 2021.
Another try at cyber grants
While NASCIO is one of many intergovernmental groups that have been clamoring for the federal government to shore up state and local budgets since the pandemic’s start, Pincus said any future IT modernization grant program will most likely be separate from the relief package that President-elect Joe Biden plans to introduce after he takes office next week. That bill, which Biden previewed Thursday, is expected to include money that state and local governments can use flexibly, after the CARES Act enacted last March restricted state and local aid to programs directly tied to pandemic response.
NASCIO also hopes Congress takes another run at establishing a sustained cybersecurity grant program, after the Senate and House each approved bipartisan versions of such legislation during the last term. The organization was a strong backer of the House-passed State and Local Cybersecurity Improvement Act — creating a $400 million annual grant program overseen by the Cybersecurity and Infrastructure Security Agency — and though that bill never advanced any further, Pincus said it may find success with a Democratic-led Senate and Biden administration.
“Given that there’s a Democratic majority in the House and Senate and incoming administration that’s put a real emphasis on cyber, I feel this is something that should get done,” he said. “This is a collaborative effort with a lot of stakeholders.”
Pincus added that NASCIO’s long-running goal of reforming cybersecurity regulations could potentially be packaged with a grant program. The group has repeatedly argued that the rules imposed on states in administering federally funded programs like Medicaid often conflict with each other and result in disruptive audits that distract CIOs.
“If you’re going to give states and locals federal funding for cybersecurity and we know how much money they’ve had to invest in compliance with these regulations, you can certainly make the argument you need to streamline these,” Pincus said.
The regulatory reform is a “10- to 15-year” project for NASCIO, he said, though some progress was made last May when the General Accounting Office, Congress’ investigative branch, found that between 49% and 79% of cybersecurity regulations at four key federal agencies were in conflict with each other.
Focus on broadband
Meanwhile, NASCIO also wants to take aggressive steps on broadband. Pincus said this attention is not just about funding but focused on the FCC’s plans to change how it draws its coverage maps, which are based on information supplied by internet providers that have been found to overstate their service areas. While the commission last year approved a switch to a more granular method of coverage mapping, the new process still relies on ISPs.
In its legislative priorities, NASCIO argues that Congress and the FCC should look to state programs, such as Georgia’s Broadband Deployment Initiative, that more precisely measure where high-speed service is available. The top goal of this work, Pincus said, is to make broadband affordable and accessible, especially as telework and distance learning remain popular.
“As long as we’re in this remote or hybrid world, it’s going to be incredibly important to make sure we don’t see scenes of kids doing schoolwork in the parking lot outside McDonald’s,” he said.