Each state government develops hundreds of new technology projects each year, ranging from governor’s initiatives to harden cybersecurity defenses to new apps that make it easier for residents to renew a license or find a job. On Tuesday, 30 of these projects were named as award finalists by the National Association of State Chief Information Officers, a group that’s been advising state IT offices and recognizing the best of their work for the last 50 years.
Among 19 states named as finalists, North Carolina and Tennessee are featured most prominently in NASCIO’s 2019 State IT Recognition Awards, each taking four slots in different categories. Finalists are grouped into 10 categories, including data management, digital government and cybersecurity, which association has as the top priority of state CIOs for several years.
One of the three cybersecurity finalists is Iowa’s Election Cybersecurity Partnership Project. The four-year-old initiative, led by the state CIO’s office and Secretary of State Paul Pate, is designed to get all 99 of the state’s counties communicating about and working on securing their election systems.
“I made it a personal mission and reached out to these counties,” Pate told StateScoop. “We told them the bad actors are catching on. They know it’s harder to get into the state level and the federal level, so they’re looking at the local level more.”
Since Iowa’s program launched in 2015, officials say the progress in bolstering the security of the state’s election systems — particularly the statewide voter registration system — has been extensive, despite technical challenges and resource shortages. Each county was running on a different computer network, using different infrastructures and organizational structures. Some had their own IT staff, some outsourced IT and others had no dedicated IT staff at all.
Pate’s office and its partners — which include the Department of Homeland Security, the FBI and the Iowa National Guard — managed to get all 99 of the state’s counties enrolled in cybersecurity training offered by the office of the CIO office’s information security division, which is led by state chief information security officer Jeff Franklin.
Pate’s office convened county commissioners, state agencies and private vendors to conduct tabletop exercises, encouraged participation in conferences, and toured the state to build relationships with local officials and educate about the latest technologies and threats. His office also shared security tools with jurisdictions with IT offices that were frequently underfunded and understaffed.
“The biggest one was bringing in our own cyber navigator office to work one-on-one with all of these counties so they could have an IT person they could lean on,” said Pate, who is also the president of the National Association of Secretaries of State.
Outreach efforts to local election officials that Franklin’s office initially described as slow going are now zipping along, according to Pate. Not only are all counties’ election officials now enrolled in his office’s cybersecurity training, but 80 counties are now being monitored by the state’s security operations center and 66 are using intrusion detection systems.
Attitudes around cybersecurity in those offices are changing, too, Pate said.
“They were dealing with the crisis in front of them, not the crisis around the corner. And we were trying to tell them we don’t want this crisis at our doorstep,” he said. Looking ahead to the 2020 election, though, Pate said he feels “very confident” in his state’s election systems.
The next step, he said, is to shore up network defenses of the county governments and schools, noting the July ransomware attacks against school districts in Louisiana that led Gov. John Bel Edwards to declare a statewide emergency.
In Texas, which NASCIO has also named a cybersecurity finalist for its Managed Security Services program, election security is just one piece of a broader effort to share cybersecurity resources with agencies, universities and local governments. The program was launched in March 2018 as an extension of the Texas Department of Information Resources’ shared-services platform, which allows other government entities in the state to use DIR’s contracts to buy services at bulk rates and without needing to put up a retainer.
The program offers technical services for security monitoring and device management, incident response services including “boots on the ground” assistance, and risk and compliance services like penetration testing, assessments and network vulnerability scanning. Suzi Hilliard, Texas’ statewide security manager, said DIR is still the program’s biggest customer but that “a lot” of local governments are picking up the program.
“With the past [legislative] session that just wrapped up in June, we’re starting to see the lines between state and local governments blur a little bit,” Hilliard said.
Where previously state and county governments managed cybersecurity independently, she said DIR has seen a shift both in legislative requirements and cooperation across jurisdictions indicating a desire for various levels of government to work more closely together. It saves higher-education institutions and local governments money to bundle their services with the state government’s, but it also provides more centralized management, she said, ensuring that no one is duplicating efforts or missing out on strategic opportunities.
The result, she said, has been an improvement in cybersecurity across the state. And as for being a finalist in NASCIO’s award program, she said “it’s encouraging.”
“It shows we’re on the right track and we’re making strides to improve cybersecurity for the state of Texas — for the big guys and the little guys,” Hilliard said. “Any way we can get the word out is helpful.”
NASCIO’s 2019 State IT Recognition Awards finalists:
Business Process Innovations
- State of Michigan: JobNet: Road to the Future
- State of North Carolina: Modernizing Estuarine Habitat Mapping with Unmanned Aerial Vehicles
- State of Tennessee: MHSAS’s Electronic Clinical Record, Using IT to Provide Better Patient Care
Cross-Boundary Collaboration & Partnerships
- State of Georgia: Georgia Cyber Center
- State of Indiana: Connecting Indiana’s Medicaid and Corrections Data to Improve Hoosier Health
- State of North Carolina: Improving Emergency Response Precision with the State Emergency Response Application
- State of Iowa: Election Cybersecurity Partnership Project
- State of Ohio: Digital Identity: Providing a Secure Customer Experience
- State of Texas: Managed Security Services – Provided by Texas for Texas Governments
Data Management, Analytics & Visualization
- State of Connecticut: Cross Agency Data Sharing to Drive Value and Save Money
- State of Illinois: Winning Against Tax Fraud with Data Analytics
- State of Utah: Intergenerational Poverty Initiative Data Driven Solutions
Digital Government: Government to Business
- State of Minnesota: Preparing for Emergencies: Medical PreCheck & Locator App
- State of North Carolina: Improving Health Outcomes through the State Health Information Exchange
- State of Tennessee: Rip, Replace, Revitalize! Project TR3
Digital Government: Government to Citizen
- State of North Carolina: Women, Infants and Children Benefits in the Mobile Application Age
- Commonwealth of Pennsylvania: Child Support Enforcement System (PACSES) and JobGateway Integration Initiative
- State of Tennessee: TennCare Connect: A Multi-Channel Gateway Elevating the Member Experience
Emerging & Innovative Technologies
- State of New Jersey: Integrated Drug Awareness Dashboard (IDAD)
- State of Tennessee: Halt, Who Goes There? Tennessee’s Facial Recognition System (FRS) Project
- State of Washington: Using UAS Technology in Collision and Crime Scene Reconstruction
Enterprise IT Management Initiatives
- State of Arizona: Building the Governance Model
- State of California: Examination and Certification Online System (ECOS)
- Commonwealth of Pennsylvania: Pennsylvania IT and HR Shared Services Transformation
Information Communications Technology (ICT) Innovations
- State of California: Identification and Removal of Hazardous Materials During Wildfire Response
- State of Georgia: Mobile Field Data Collection for Food Emergency Response
- State of Oklahoma: Oklahoma Videoconferencing Solution Saves Time for Citizens and State Employees
State CIO Office Special Recognition
- State of California: Licensing Medicinal Adult-Use Cannabis
- State of Idaho: Instant Invoice Payments by Text Message and/or Email
- State of Washington: Sexual Assault Kit Tracking System