IA, a trade and professional association based in Washington, D.C., boasting dozens of technology company members from Amazon to ZipRecruiter released its State, Local, Tribal, and Territorial Information Technology Advancing Reform Achievements (SITARA) map Tuesday, a state-by-state analysis of preparedness for the cybersecurity and civic tech challenges across all 50 states, the District of Columbia, and US territories.

IA’s SITARA map examines cloud-first initiatives, measures digital service innovation, and tracks cybersecurity efforts, among other valuable metrics.

According to IA’s press release SITARA uses an established baseline of participation in programs recommended by the Cybersecurity and Infrastructure Security Agency. The map provides examples and data that can be used to strengthen public sector IT infrastructure now and in the future, taking into account each state’s unique circumstances. It also shows where additional support, whether from the federal government or through the budgeting process, can help states and territories move beyond baseline metrics, to ultimately help them provide a modern and secure IT infrastructure to their employees and the general public.

Some states having harder time

“Whether because of under-resourced and under-funded information security programs, IT infrastructure based on legacy technology, or the lack of a digital service team or an innovation focused group, some US state and territories are having a harder time than others adapting to the digital and remote-first era we are in,” said IA Director of Cloud Policy Omid Ghaffari-Tabrizi. “SITARA allows us to identify the states and territories that need the most help and where we can lay out tangible examples of what other governments have done to address similar challenges, providing policymakers with a clear roadmap of nationally recognized best practices to ensure continuous improvement in a manner best suited for their state or territory.”

IA’s SITARA map analysis findings

Looking at IA’s map data, most states are preparing for cyber threats appropriately, but almost all are only getting started with their IT modernization plans. Three states achieved a score of “Very Good,” and 24 states achieved a score of “Good,” while 24 states and D.C. are still “Getting Started.” None achieved “Exceptional” or “Excellent.”

Additional support from the federal government can help states and territories improve their modern IT and cybersecurity preparedness. Among territories, only Puerto Rico scored “Good,” while two territories came in at “Getting Started” or “Baseline,” and one scored “Needs Help.” While states have made great progress since the start of the pandemic, federal support can make a difference for those states and territories that have had major impacts on their budget.

Most states lack a cloud-first statute that requires the prioritization of cloud solutions. While 32 states have a cloud-related strategy, only three have a cloud-first statute, leaving those strategy-only states without the support codification can bring to a modernization effort.

Most states are missing at least one of the three key components of a modern digital government experience. While 20 states are undergoing a modernization effort through a digital service team, innovation focused group, or other digital service plan, only seven states have a basic digital government experience with only one having the characteristics of a modern digital government experience.

Adoption of commercial cloud solutions is key

“Unemployment benefits, public transportation apps, and filing state tax returns or applications to start a new business are just a few services that would run more efficiently and securely if states modernized their IT infrastructure through increased adoption of commercial cloud solutions. Commercial cloud services allow state unemployment websites to be better equipped to deal with a sudden and unexpected usage increase—like what occurred early in the pandemic,” Ghaffari-Tabrizi. said.

He explained that states which are not using commercial cloud services leave sensitive information such as credit card information, location data input on mobile apps, and Social Security numbers on tax returns, vulnerable.

“Ultimately, IA’s SITARA analysis highlights how states and territories can improve their cybersecurity posture and IT modernization efforts, while expanding the availability of critically important services to Americans all across the country,” he said.

While the 2020 election appears to have potentially impacted far fewer state CIOs than in past years, the National Association of State Chief Information Officers’ (NASCIO) state CIO membership continues its “churn” as executive director Doug Robinson calls it in our interview this week on Federal News Radio, part of Federal News Network. “We have two states, Montana and Utah, that will both have new governors, as the incumbents were term limited. And we will certainly have a new CIO in Montana, because current CIO Tim Bottenfield has already announced his retirement at the end of the calendar year. So he’ll be leaving before the new governor comes on board.”

As for Utah CIO Mike Hussey, that’s unpredictable. Lt. Governor Spencer Cox is the new Governor, and a Republican like his predecessor, so no party flip. “It’s still to be determined what Mike’s situation is going to be and I’m not sure that he has any indication yet. The track record in Utah is to generally have a fairly long tenure, 10 years for their state CIOs unless something happens. Obviously, my hope is that Mike stays if he wishes to.”

State CIOs fortunes unpredictable

Robinson insists that he stopped long ago trying to predict the future on these matters “because you just never know what’s going to happen.” That includes the status of the incumbent CIOs. “There’s nothing to say, and I’ve seen this happen in the past, that come January, Governors make a decision after three or four years that they want a new CIO. So they may ask their CIO to not come back for whatever reason.”

Also it’s not unusual for the incumbent CIO to decide to move on as well. “They had said to the Governor that I will serve your first term, and I will help you get reelected. And then once that happens, I am out the door. Many of them have kept to that commitment, and they will leave at the end of the year,” Robinson said.

2018 election a bloodbath for state CIOs

Still, this election is a far cry from the Tuesday night massacre of two years ago that eventually led to 25 new CIOs appointed in transitions. “Plus, during 2019 and 2020 we’ve had 15 new CIOs as well. So 40 CIO transitions in the last two years. We have a healthy, healthy churn. I always kind of joke and say the one thing that NASCIO saves a lot of association money on is longevity awards, so we don’t give out too many.”

Impact of presidential election

Our conversation shifted to the impact of the presidential election on state IT and NASCIO’s 2021 plans. “After the presidential election of 2016, we released two documents. One was, since we were going into a new administration, we released policy papers for the new administration,” said Robinson. These papers are available on NASCIO’s web site where NASCIO outlined the role of the states and top IT priorities. “Not long after that, we released a policy paper early in the second week in January, which we’ve done for the last several years, where we talk about the NASCIO’s federal advocacy priorities for the year. So we’ll be doing that again.”

NASCIO’s previous position papers in recent years focused not surprisingly on the cybersecurity front and also around the need for harmonization of regulations between federal cybersecurity rules and the states’ own guidelines. “Unfortunately, we haven’t seen substantial or substantive progress on that since we raised it several years ago.” Robinson was however pleased with the progress in the relationship with the Department of Homeland Security and their focus on cybersecurity cooperation with state and local governments. “Plus, we had a very good relationship with Suzette Kent, the former federal CIO, whom I was just on a panel with a couple of weeks ago, so we maintained a good relationship with her and met with her several times during our visits to D.C.” Robinson hopes to have a similar relationship with the new federal CIO under the Biden administration.

Robinson conceded that NASCIO didn’t have any substantial or major policy progress during the last four years. “However, I would say our major platform of cybersecurity continues to get a lot of attention, and the pandemic impact has actually brought more of that to the forefront, particularly around legacy modernization, around broadband and around cybersecurity. So that has raised the stakes on a number of those topics with the administration currently and also with a number of congressional committees that have jurisdiction in those areas.”

Robinson says that NASCIO will be doing the same thing coming up for the new administration, preparing essentially a policy white paper, as many associations do, outlining its principal interests and concerns.

Pandemic impact on NASCIO conferences past and future

As 2020 draws to a close, we reflected on the pandemic’s impact on NASCIO conferences as both the spring mid-year and fall annual events had to be done virtually for the first time. “We’re scheduled to be back at National Harbor in May of 2021. And we will be looking at that and obviously making decisions in early 2021,” Robinson said.

Given what Robinson is seeing in the conference marketplace with other major groups and associations, a spring return to NASCIO’s traditional in person format is uncertain. “It’s definitely not forgotten that we’d like to do an in person event, but it’s difficult to speculate now on what that would take from a public health perspective.” He promised to keep us informed.

To put it mildly, 2020 has indeed been a year of disruption at so many levels, and the National Association of State Chief Information Officers (NASCIO) is not immune.

Unrelated to the COVID-19 pandemic, however, New Hampshire CIO Denis Goulet took over the reins as president, following outgoing President Eric Boyette, who was CIO of North Carolina until his governor appointed him transportation secretary back in February.

Consequently, Goulet began his NASCIO term just as the pandemic was about to metastasize around the globe. I asked Goulet about the effect on the Granite State.

“First of all, we were watching what was going on in China and thinking, ‘Hmm, what should we be getting ready for during the early days in China?’ and that kind of forward thinking helped us a lot,” Goulet said.

He asked his Department of Information Technology directors and key department heads to start thinking about what needed to be done to support a mass exodus of state workers from their offices to their homes.

“So we got planning on that early, which was very helpful. And so when the stay-at-home orders came out in New Hampshire, and the governor was advising that we have as many people as we possibly [can] working from home, we were just slightly ahead of that,” he said. And according to Goulet, New Hampshire government in terms of execution stayed ahead of it the whole time. “But just barely. Not only did we have to make sure that state employees had the tools to work in a secure fashion, protecting citizen data at home — but we had to scale our infrastructure for remote access very quickly to support many thousands more working remotely than we’d ever seen before.”

Pandemic reflects state CIOs’ finest hour

Based upon my conversations with dozens of state CIO and NASCIO officials, I related to Goulet my impression that states’ overall response to the pandemic challenges has been exemplary. The state CIOs and their teams have become essential workers just like first responders and health care workers.

It’s also one of the first times that a lot of CIOs have had such face to face opportunities to discuss their role with their governor as most state CIOs aren’t members of the cabinet like Goulet, and perhaps a dozen others who have regular access. Most state CIOs may only see their governor at retirements and Christmas parties.

So this is the first time in quite a while that so many CIOs have had that intense one-on-one conversation with their boss, the governor who asks them pointedly, “Will our state  government be able to continue operations?” And certainly I think overall, and from my discussions with state CIOs across the country and with our friend, Doug Robinson, NASCIO’s executive director, I certainly think it’s been state CIOs’ finest hour. I think we’re going to learn a lot more about that, of course, but I think they’ve really risen to the occasion.

Goulet was quick to concur.

“Absolutely. In my role at NASCIO, I’m exposed to a lot of what’s going on nationally. We saw that we really delivered the goods in New Hampshire and around the country with respect to continuing to provide important citizen services during the initial response, and now recovery parts of the pandemic,” he said.

Goulet added that in New Hampshire, the governor had very high expectations for all of the agencies, with respect to very quickly scaling services to deliver for our citizens.

“And that’s appropriate, that’s all of our job,” said, expecting that his peers across the country would echo this sentiment. “There are times when you have challenging situations, it brings out the best in people, and you collaborate more and better, to deliver on things. I saw that it was a human factor thing. And it really did come into play in New Hampshire and I think around the country with respect to adapting quickly, delivering the goods and IT solutions quickly.”

NASCIO’s events calendar disrupted by pandemic

NASCIO’s annual conference is next week and like last spring’s mid-year event it will be held virtually. As NASCIO president during both, Goulet will again preside over the proceedings. He was enthusiastic about it, and especially appreciative of all the work that the NASCIO staff and program committee had put in.

“First of all, I have to commend the NASCIO staff for their ability to rapidly pivot and be creative in these dynamic situations. Doug and his team have done a great job,” Goulet said.

He mentioned that one of the primary things which NASCIO has built its success upon is not only serving the state CIO community, but also serving the its vendor partners as well.

“So as we were planning for the October event, we engaged our vendor partner community on what would be valuable to them,” he said. During COVID, Goulet also spoke regularly with the states’ CIO community. “So we had a good sense for what they wanted. They really didn’t want eight or 10 hours a day in front of a computer.”

So NASCIO has adapted in the ways to engage with CIOs and with sponsors and the entire community.

“But like all of us, I really miss being with my fellow CIOs, all of the friends I developed in the vendor community, as well as the folks in the press, whom we speak to regularly. So I really miss that,” Goulet said.

However, he anticipates a very engaging event next week and really looks forward to it, with an interesting twist. Usually the president is no longer emceeing the conference on the last day because a new president is elected. However, since Goulet will have served for less than a year following Boyett’s resignation, Goulet has expressed an interest in staying in the post for another, in this case, full-year term. NASCIO officials will consider this development next week, so stay tuned.

South Dakota CIO Jeff Clines began his job in Pierre this past April, right in the middle of the COVID-19 pandemic outbreak — and even in to the new fiscal year, COVID response is front and center.

Speaking with him recently we learned that even with the start of the new fiscal on July 1^st, usually the opportunity to kick-off new IT initiatives, the Mount Rushmore State IT operations like in most others continue to be concentrated around the COVID impact.

“Things right now are very much focused on the COVID response. So there’s obviously the initial response where you’ve got websites to stand up, you got communications, we’re getting out and making sure people have the information and devices they need, and a lot of work with the Department of Health,” Clines said.

Still, on the horizon, Clines described a major project which will retire analog telephone lines, leveraging voice solutions, like Microsoft Teams, statewide. South Dakota will also be modernizing its legacy technology applications. “We’re trying to get away from those technologies where the skill set to maintain and run them is quickly vanishing as people retire,” he said.

Speaking of legacy systems I asked about South Dakota’s unemployment insurance system since so many states have encountered major problems due to the unemployment surge resulting from the pandemic. “We were able to handle it all right, but there were definitely spikes. There was definitely a surge. It was an all hands on deck type of approach,” Clines said.

Fortunately, the state was able to leverage support from various agencies to help answer the calls and get the forms filled out and processed.

“So you didn’t hear a lot about unemployment issues in the state of South Dakota, because really the team stepped up and helped each other and we were able to handle the surge.”

Some silver lining from pandemic

Clines also believes that there may be some silver lining to the pandemic.

“As I look back at the lessons learned and look at ways that we can modernize systems, I personally think that’s going to be one of the greatest values as we come out of COVID.”

He said that he wasn’t sure if modernized is the right word, but there has to be more of a transformation. “We need to take a look at the current practices and the underlying technology, and really try to align the two to deliver faster, easier processes for the people that need them.”

Prior to his South Dakota appointment, Clines was CIO for the Secretary of State in Illinois, and before that he worked in the private sector for a decade with the American Heart Association. He spoke of how that experience prepared him for his state CIO role.

“My management style is very much guided by my love for the theory of servant leadership, being out there and leading by example. I think the experiences I have with the American Heart Association, and others that are more service oriented really lead to developing that perspective,” he said.

He was also fortunate to have worked with a lot of amazing leaders in his career. “My hope is that I can live up to their examples over the years and really help people learn and grow themselves as well in technology, personal and professional categories as well.”

South Dakota’s CIO governance model

The CIO governance model being of particular interest among state CIOs, we discussed South Dakota’s approach. “We really don’t have a centralized model. The relationship with the different organizations and other cabinet members is more of the business relationship management model,” Clines said.

His team within his Bureau of Information & Telecommunications includes point of contacts who interact with other departments. “They are there, at the departments, helping them through their strategic plans, understanding technical requirements, and making sure we’re taking care of all issues from an audit perspective, compliance perspective, and things like that.”

With only four months into his job, Clines admits there are definitely challenges, increasing lines of communication and focusing on delivering customer service, and meeting those requirements has been a priority to get set up.

I mentioned Clines counterpart in neighboring North Dakota, CIO Shawn Riley, who with Arkansas CIO Yessica Jones, has embarked on an innovative interstate initiative involving mainframe backup, I asked Clines about similar activity in South Dakota.

“I’m definitely looking for opportunities to collaborate. South Dakota collaborated with North Dakota for a COVID-19 application that we put out, and we’re working with North Dakota and other surrounding states on cybersecurity initiatives.”

Such interstate cooperation is definitely something Clines is open to, and he is excited to explore with different states and CIOs the ways to enhance services to citizens and save money by collaborating.

IT – business alignment critical

Finally, on the always important relationship between the state CIOs and the state business programs, the so called IT–business alignment, Clines was effusive. He knows it is critical to impress upon his business program colleagues in other agencies the importance of information technology, and aligning it with business program strategy.

“What I’ve been doing, as I go out and visit with different secretariats, is just trying to help them get an understanding of what technology can do. I think sometimes the biggest trap is people get so focused in the day to day nitty-gritty that we don’t take time to step back and see how can we leverage technology to be able to drive efficiencies and streamline operations,” he said.

Pandemic forces new business model

On the same topic, Clines suggested there’s another benefit of the lessons learned from COVID. “The pandemic has really forced people that have been operating under the same model for years, just trying to drive services, now to take a step back and look at how can we be more efficient, and more efficient using technology.”

He calls this a natural discussion point because this old model is so prevalent in the industry or in the world today. “I think people, especially citizens, are expecting to be able to use a new model going forward to really interact with government agencies across the board.”

They say timing is everything, and for South Dakota’s chief information officer, Jeff Clines, it couldn’t be more significant. He was appointed by his boss, Governor Kristi Noem, taking office as Commissioner of the South Dakota Bureau of Information and Telecommunications, on April 6, 2020, smack in the middle of the COVID-19 pandemic outbreak in the U.S.

While his timing may not have been fortuitous, he had two things going for him right from the start. First, like only a dozen or so of his state CIO colleagues across the country, he is a member of the governor’s cabinet, and second, he oversees a consolidated CIO governance model in South Dakota with complete IT policy, budget and operational authority.

Cabinet member with operational authority

As often remarked in this column, everything is a lot easier to do as a CIO when the position and the authority are properly aligned, with a seat at the cabinet executive table and consolidated IT operational control.

Like so many of his state CIO peers, Cline’s road to his job in Pierre was an interesting one. From his youth he recalled his father’s role introducing him to technology. “He was the type where he brought computers home from work and let us play with them and take them apart and really understand how they work. And that developed a passion for understanding how technology works, and then how to get it to do certain things,” he said. That along with a passion for helping others inspired his professional path. “So I started my career really in technology in the nonprofit world. I worked for the American Heart Association for about 15 years in various roles, and I really enjoyed the opportunity to make a difference in that world.” Much of that experience coincidentally was in a remote, virtual environment.

Moving to Illinois, he had the opportunity to make the transition to public service as the CIO for the Illinois Secretary of State in 2018. Then two years later he got the call regarding the South Dakota job, winding up as CIO in 2020.

Found appointment timing an acceptable challenge

I had to ask him about the timing, if it gave him some pause to take the job one month in to a hundred year pandemic, as it must have been part of the calculation in making his decision to accept the appointment. “I think in technology, we face challenges all the time. But I saw it as an opportunity to leverage some of my skill set and experience working in a virtual environment as well. Trying to help lead the technology organization in the different culture that working from home can be,” Clines said.

While South Dakota is the fifth smallest state by population at just shy of 900,000, it’s still remarkable that COVID-19 related deaths stand at only 53, while the unemployment rate of 7.2%, according to the South Dakota Department of Labor and Regulation, is significantly below the national unemployment rate for June of 11.1%.

“I think the big issue for the way South Dakota is handling COVID-19 goes to the people of South Dakota. I really appreciate Governor Noem’s approach where she has been very proactive and saying, ‘This is our responsibility. We all have responsibilities to do the right thing.’ She did not dictate a lot of directions to people, but encourage personal responsibility. And I think the culture here has been where people just stepped up to that, and recognized their responsibility,” Clines said.

Culture led pandemic reaction success

Like all states South Dakota government faced challenges when abruptly so many state workers

were forced into this work from home environment. “But we stepped up, and we had a lot of the underlying technology already in place. So it was a matter of just trying to get a few tweaks here and there to get people set up and working effectively from home,” according to Clines.

Cline’s emphasis on South Dakota’s culture being a positive driver in the state’s effectiveness during this pandemic was an interesting viewpoint on something that is normally not so positive. In fact, cultural environments are often the bête noire of leadership across so many sectors, particularly in the public sector, as summarized so succinctly by Peter Drucker’s, “Culture eats Strategy for Breakfast.” The reason for government’s notorious reputation for resistance to change and reform can be often laid at the feet of this cultural barrier.

Cline described his reasoning on this issue, and not surprisingly, it starts at the top. “This was one of the reasons I really like this job. The governor has been out there and one of her priorities is cybersecurity; building the skill set out but also positioning the state of South Dakota to be a national leader.” He admitted that in many areas in the cybersecurity world, you don’t really see that a lot. For many elected officials technology can be more of a burden than a driver. “So I really like working with Governor Noem, she’s definitely passionate about leveraging technology to improve the services for the citizens of the state of South Dakota,” he said.

This is the continuation of an interview which aired July 9.

Organizationally, like most states, Montana’s State Information Technology Services Division (SITSD) is situated in the state’s department of administration — the most common chief information officer governance model in the country.

In fact, that’s the one that I had when I was CIO in Massachusetts. My boss then was the director of the department of administration and finance, Charlie Baker, who’s now governor of Massachusetts.

That model is evolving, however, as National Association of State CIO’s executive director Doug Robinson has explained, with a dozen or more states having CIOs with their own cabinet agency. Each election seems to augur additional CIO elevations and many feel the enhanced role and accomplishments of state CIOs during the coronavirus will expedite this trend.

Appointed to governor’s cabinet

Interestingly, I learned that in Montana both CIO Tim Bottenfield and his boss, department of administration director, John Lewis, are listed as members of Gov. Steve Bullock’s cabinet.

“I do answer directly to department director Lewis, but I’m also appointed by the governor, which means I serve on the cabinet, and thus have a dual reporting role, with Lewis and with the governor’s chief of staff, Ali Bovingdon,” Bottenfield said. SITSD has about 180 FTE’s and he describes it as the central IT group within the state. “We’re fully consolidated on the infrastructure side. But we’re still distributed as a state when it comes to personnel.”

All of the various agencies still have IT staff, so it’s a hybrid model from a centralization standpoint.

As we have often said, a state CIO’s success depends on having control and authority over the IT budget, operations and policy. Bottenfield agreed.

“Yes, that’s absolutely true. I think that position is well suited for the state of Montana, organizationally. And functionally, there is a considerable amount of authority in terms of project oversight and spending authority,” he said. “All IT purchases have to go through my office, statewide.”

SITSD does have some statutory authority that was granted through the Montana Information Technology Act (MITA).

“That’s been great to be able to have that in place. But you know, just having something like that — that doesn’t solve all your problems,” Bottenfield acknowledged. “You really have to be out there and partner with the agencies to function. And I think that’s always the challenge.”

Retiring mainframe infrastructure this fiscal year

Montana has garnered national recognition for its decision several years ago to plan to retire its mainframe infrastructure

“For at least one CIO before me and maybe two, I think the writing was on the wall that it was not going to be sustainable for us to maintain our mainframe services,” Bottenfield said. Being a small state resource-wise, many agencies were beginning to divest themselves of the requirements to keep their mainframe services. “So, as that started to come to fruition, maybe going back 10 years ago, each year there’d be somebody that’s dropping off the mainframe and moving their services to some other platform.”

It became apparent that it was not going to be cost effective. There was a concerted effort put in place by Bottenfield’s predecessor, Ron Baldwin.

“I’ve been kind of carrying the football here for two years on that project. And we’re on target to have the two remaining agencies have their systems off in one year; it’ll be at the end of this next fiscal year in June 2021,” Bottenfield said.

Like most successful state CIOs, he credits his success to his ability to build bridges with his agency customers. He had a half dozen years or so to refine that approach and relationship building when he worked at the Montana Department of Revenue (DOR) prior to his appointment as state CIO.

“That time at DOR certainly enabled me to hone those skills at a smaller scale within a department, but I was also pretty keen to observe the landscape within the larger state government here in Montana.”

Bottenfield had a plan from day one as state CIO to really engage the agencies. He admits he probably wore out several pairs of shoes the first year as he visited each agency every month.

“I had 30-plus meetings a month where I was going to the agency’s turf, and we were talking IT and business initiatives,” he said. During that first year he was meeting primarily with IT staff, the CIO or director of IT operations in an agency or organization. “So it’s super beneficial. But it really helped me gather that information and really get it to my folks and share those ideas with them within my own organization, and kind of get them on board and have them understand what’s going on from the agency’s perspective.”

The second year Bottenfield changed the process around.

“I changed up because I couldn’t afford buying shoes anymore. And I actually invited the agencies to come over to my office. And we did it on a quarterly basis, but this time, I invited not only the IT staff, but I also invited the program director and deputy directors,” he said.

He wanted the business owners to be there to get the flavor from a business perspective, not just from the IT perspective.

“And that was a next level of engagement that has really been beneficial,” he said.

Besides Bottenfield, these meetings included his executive staff as well: His chief financial officer, chief information security officer, chief technology officer, plus communications and an executive support person as well.

“So that really is what we’ve done,” he said. “And that’s enabled us to really get that sense of what’s going on in the agencies and how we can best help them.”

Listen to part 2 of this interview here.

While state CIOs come in all shapes and sizes, it was interesting that the last two CIOs we interviewed on Federal News Network have both been IT leaders at universities prior to their state appointment.

Tim Bottenfield made the longest journey, traveling over 2,000 miles from Auburn University in Alabama to his post as Montana CIO in Helena, appointed by Gov. Steve Bullock in 2018. However, what really caught my eye was the fact that Bottenfield’s primary background prior to his IT career involved a far different field, or so I thought.

Early career in forestry at Auburn

“Indeed, I started out in forestry and I went to a great institution in Michigan, the Michigan Tech University and was able to get two degrees there, a Bachelor of Science degree in forest management, and a Master of Science in forest bio-metrics,” he said. He explained that often when he mentions his background in forestry to his CIO colleagues, he gets a raised eyebrow look from many people. “And I remind them that forestry is a science and very data driven. And I think that’s really how I got connected to it, just kind of morphing into more of an IT role supporting my education.”

After college Bottenfield went to work for Auburn University as a research associate performing forest research, and ultimately ended up as an IT manager. He left the university in 2011 venturing to far off Montana and began what he calls his second career with the Montana Department of Revenue (DOR). After seven years at the DOR, Bullock asked Bottenfield to serve as the state CIO in 2018.

He attributes his appointment and his continued success to his experience at DOR and his emphasis on relationship management, no mean feat in a CIO’s role.

“The seven years at DOR was great training ground, and I was able to build a lot of relationships, and gain a real good understanding of state government and how it worked,” he said. “But I think the thing that probably prepared me the most was something that I’m very passionate about. That’s business relationship management.”

At the DOR, Bottenfield was able to hone his skills, internally working with the various divisions in the department.

“I really felt like that’s the best way that I could be successful in the job that I’m in, was in providing IT services to a department,” he said. That worked out very well and he was able to solidify good partnerships there while providing leadership within that department.

He was also well connected to the broader picture of the enterprise, the Montana state government, through various other means. The state had an information technology board as well as an information technology managers’ council.

“Those were areas that I could participate in, and develop partnerships and an appreciation for what was going on across the landscape in Montana when it came to IT supporting the business,” he said. That was how he was poised to move into the state CIO role, working through business relationship skills. “And that, I think, is the most important thing that I brought to the job.”

COVID-19 response in Montana

As with all state CIOs, Bottenfield has been at the epicenter of the state’s efforts to continue operations during the coronavirus, teleworking for the most part from his beloved cabin just outside Glacier National Park, about 200 miles north of Helena.

“I’m really proud of the fact that Montana was really ready for this. After about the first week, we were able to have everybody that needed to be working remotely connected and working appropriately,” he said.

He believes this was due to the fact that the state had multiple solutions available, whether that was via VPN or VDI, plus utilizing 365 and the cloud. Bottenfield stated that Montana was fully suited for licensing and related issues.

“There were a few things that we had to shore up on. But we were able to do that in pretty short order,” he said. Their networking infrastructure was sound and capable of handling the numbers of employees that went remote. “And let’s remember, we have a very small workforce compared to some of the other states. So we had that as a huge advantage.”

What Montana lacks in sheer workforce numbers at only about 16,000 state employees, it makes up for in terms of size.

“Our challenge at times is the breadth and scope and the size of our state. We’re the fourth largest in the nation. So that’s where we have some logistical challenges,” Bottenfield said, giving past state CIOs and his current staff credit. “I take my hat off to my predecessors. Some of the folks that are currently on my staff — Chief Technology Officer Matt Van Syckle, and Chief Information Security Officer Andy Hanks, and many of the leadership folks that we have — because they really were able to create an environment over the years to where we were able to do this.”

He also credits the legislature for the modernization of the state data centers.

“I’m appreciative of the fact that the legislature 10 plus years ago not only appropriated funds for us to build those, but they’ve enabled us to keep them state of the art,” he said, boasting that Montana’s current private cloud environment rivals any other state in the nation.

This is a continuation of Carlos Rivero’s interview with Ask the CIO: SLED Edition on June 25.

Last week during my interview with Carlos Rivero, the Commonwealth of Virginia’s first chief data officer (CDO), I opined that the growing establishment of state CDO positions across the country reminded me somewhat of the creation of the state chief information officer position back in the mid-1990s. It’s gradually becoming commonplace as half the states now have a CDO.

In addition, the position’s placement within the state organizational hierarchy also continues to evolve with about half reporting to the state CIO while the other half are located within the states’ “administration secretariat.” Not unlike the state CIO.

CDO’s first objective: Inventory of applications

Rivero’s initial task as CDO likewise reminded me of the role that I and other state CIOs faced during the Y2K drill some two decades ago. That remediation of the two-digit date code in hundreds, even thousands of state application systems began with development of an inventory of these systems. Once applications were identified an analysis of each was made to determine if it contained a date code element which needed to be enlarged to four digits. As one can imagine date codes are ubiquitous in computer applications, and in California we catalogued more than 3,000 apps which needed to be fixed.

Oy vey! I asked Rivero to confirm my assessment.

“That’s a great question, John. And yes, absolutely. We need to have an understanding of what our data assets,” he said. “We need to have a data inventory for us to even be able to call it an asset. I mean, how do you have something that’s an asset that you’ve never inventoried? And you don’t know exists?”

Having that data inventory and classification in a catalog of state data assets was critically important to support data discovery across all of the different applications within the state enterprise.

“And like you said, we have thousands of applications in production across the Commonwealth right now that are all generating data on a regular basis. And we can derive additional value from those data assets, but only if we know they exist,” Rivero said.

Obviously, with thousands of state applications in the Commonwealth’s inventory, a serious challenge presents itself in terms of resources at the disposal of the CDO. In Rivero’s case this challenge is compounded by the fact that the CDO office in Virginia consists of one FTE: Him.

Relationship building with agencies key

One of the challenges of being successful whether you’re a CIO or a CDO is your ability to garner the cooperation of other departments, gaining confidence and acceptance of what you’re trying to do across various intergovernmental levels. One of the things we say in state government circles is that if you want to get something done, get it in statute or have the governor promise it in the state of the state speech.

The Defense Department for example has legislation that created its CDO position and it also created a legal mandate for DoD agencies to share their data with the chief data officer. Unfortunately, neither the legislation nor the speech are options available to facilitate Rivero’s mission, so he has to do it the old fashion way.

“Right now, that’s relationship building,” Rivero said. “We have not legislated that agencies must share their data with the chief data officer because there are a variety of different data types and data classifications that are in use across the Commonwealth, and to make a blanket statement like that is very difficult because of the variety and diversity of data assets that we have.”

Legal framework for data sharing

In any case, he said that all of the agencies are strongly encouraged to work with the CDO in identifying data assets that are suitable, not just for open data, but also for sharing on very specific projects.

“So as we identify different projects that are amenable for data sharing, or support data sharing, that’s where a lot of the focus has been,” he said.

Read more: Ask the CIO: SLED Edition

Currently, the Commonwealth is moving towards a more holistic view of data sharing across the state by creating the Commonwealth of Virginia Data Trust. This is a legal framework that facilitates data sharing among agencies by clearly identifying and articulating the roles and responsibilities of each of the individual entities involved in a data sharing relationship.

So while Rivero doesn’t have authority over individual employees across the Commonwealth, he does have several tools at his disposal.

“What I do have is the authority to establish business rules, guidelines and best practices for the use of data, including open data in the Commonwealth,” he said. In addition, through his management style, he encourages and persuades agencies to participate in data sharing and creating not just the technical infrastructure, but also the legal and governance framework necessary to support data sharing. “And that’s where the Commonwealth Data Trust comes into play.”

This persuasion and encouragement he fosters is also the most rewarding part of his job.

“Working with people, and being able, like we said earlier, to build those relationships, and start creating that foundation for how the organization needs to operate, from a personnel perspective, influencing the culture of that organization, to be more data driven and to be more data aware,” Rivero said.

That’s why the CDOs web based training program is so important.

“It’s being able to provide training to every member of the organization, regardless of their role or title, on the importance of data, data governance, and just having a better understanding of the value of data within the decision making of the organization,” he explained.

Since its inception during the last decade, the chief data officer (CDO) position in state government has matured whereby half of the states now boast one.

It reminds me somewhat of the creation of the chief information officer position back in the mid 1990s, when I became arguably the first state CIO via my appointment by Massachusetts Gov. Bill Weld. Within five years it had become so commonplace that the state IT leadership association changed its name from the garbled National Association of State Information Resource Executives  to the National Association of State Chief Information Officers (NASCIO).

While the original CIOs were primarily embedded within the states’ “administrative” agencies, over the last several years more and more have been set up as heads of cabinet agencies. Over a dozen states now have a state CIO in their governors’ cabinets, and that trend appears to grow with each new election.

CDOs on the other hand are not portraying a perceptual formula for organizational establishment, other than the fact that the position appears to primarily reside either within those same administrative agencies or within the office of the CIO.

CDO governance model: It’s complicated

We spoke this week about the position’s placement within the state bureaucracy with the Commonwealth of Virginia’s CDO Carlos Rivero who reports to the Commonwealth’s secretary for administration.

“It’s all mixed. There are some that report to the CIO, there are some that report to the chief management officer, the chief performance officer. There are some that report to administrative officers,” he said. However, Rivero felt strongly that the chief data officer should report to whoever is responsible for managing the operations and performance of an organization. “And in some for-profit organizations that happens to be the chief financial officer. In some organizations, it’s the chief performance officer or secretary of administration, in my case.”

Rivero explained that his rationale was simple.

“I personally believe that data is a business asset or a mission asset. It is not a technology asset. It’s something that’s developed and implemented through technology, but its true value is harnessed in the mission and business of the organization,” he said. Therefore, the CDO should not be part of the CIO office.

Interestingly, for further evidence to back up his position Rivero cited the federal government’s Digital Accountability and Transparency (DATA) Act of 2014. The DATA Act requires federal agencies to increase the transparency of their $4+ trillion in annual spending by improving the quality of data available to Congress, federal managers, and the public.

“With the DATA Act, it’s very difficult for a chief data officer to report on the chief information officer’s compliance with the IT dashboard, and some of the other federal reporting requirements. If the CDO is a subordinate of the CIO, I see this puts you in a very difficult position.”

Virginia CDO created during health crisis; not COVID

Beyond the governance issue, Rivero explained the rationale for creating the CDO position in the first place. Ironically, it involved a health crisis; however, in this case it was not the coronavirus. It was opioids. The Virginia legislature in 2018 created the Data Sharing and Analytics Advisory Committee and established the CDO position.

“I would definitely say the opioid crisis did have a role to play in the creation of the Data Sharing and Analytics Advisory Committee, and also focusing our efforts on an initial project that is primarily concentrated on the opioid crisis,” he said.

The primary purpose of the Advisory Committee was to execute that pilot opioid project and evaluate the use or the validity of data sharing to address multi-disciplinary complex problems. However, it was also to submit a report to the governor and the Virginia General Assembly for a permanent governance structure of the state’s data assets.

“So the creation of a data governance framework for the Commonwealth was, in my opinion, one of the critical priorities for the Data Sharing and Analytics Advisory Committee,” Rivero said.

Discussing the actual role of the CDO, I recalled that as CIO in California I oversaw the Y2K remediation efforts. Our first task in that enterprise initiative was to inventory the state’s applications across 150 departments to determine the scope of our work. We discovered over 3,000 applications. I assumed the CDO’s responsibilities involved similar initial efforts, and Rivero concurred.

“We needed to have an understanding of what are our data assets, we needed to have a data inventory for us to even be able to call it an asset,” he said.

Being able to have that data inventory was incredibly important for being able to support data discovery across all of the different applications in state government.

“Like you said, we have thousands of applications in production across the Commonwealth right now that are all generating data on a regular basis. And we can derive additional value from those data assets, but only if we know they exist,” he said.

Relationships with program agencies key

With those thousands of applications to analyze, with data quality issues, and often a recalcitrant state bureaucracy to build working relationships, the CDO position has its challenges.

However, in Virginia Rivero has cited his successful collaboration with program agencies as his greatest accomplishment because lack of engagement and participation by key stakeholders are the primary reasons data governance projects fail.

“That’s why I focus a large amount of effort on building those relationships. I’m proud of the relationships we’ve built in a short amount of time. We’ve brought a lot of people together and this has helped facilitate the success of the Commonwealth’s data governance and analytics program.”

State IT leadership across the country has for the most part been widely praised for stepping up during this coronavirus pandemic and successfully implementing continuity of operations plans almost seamlessly. However, one area of concern which affected scores of states has been the surge of unemployment insurance (UI) claims and its devastating impact on legacy applications.

States from California to New Jersey have seen their 30-40-year-old UI systems grind to a virtual halt in some cases under the weight of the 40 million new unemployment claims over the last three months. In fact, according to Bloomberg this week, “There’s a roughly $67 billion gap between what unemployed Americans are owed and what they have received so far.” The root of this gap certainly includes state legacy UI systems being simply overwhelmed.

Massachusetts all in for UI modernization

However, there is at least one state whose fortuitous UI modernization effort a few years ago has spared it from much of the turmoil affecting so many others. We spoke this week with Anthony Fantasia, the chief information officer for the executive office of labor and workforce development (EOLWD) in my old stomping grounds, the Commonwealth of Massachusetts. EOLWD manages the unemployment programs in the Bay State and related computer systems.

Massachusetts’ modernization effort began about three years ago when it was determined that the UI system was on its last legs.

“Like many state infrastructure and applications, you see things that are what I call, ‘build and forget.’ So the infrastructure gets stale, and the application support gets stale,” Fantasia said.

However, rather than investing in new infrastructure, the decision was made jointly by EOLWD and the executive office of technology services, the state CIO Curt Wood’s shop, to go to the AWS public cloud.

“We did a modernization effort of the application running all brand new Oracle RDS back end, a stack, elastic load balancing capabilities, whatever functionality and technology that we could do, from an infrastructure point of view, to make our system more modern and reliable,” Fantasia said.

Budget funding internal, not federal funds

I was curious where Massachusetts found the money for the new system. While CIO in Massachusetts and California I was very aware that many of our major computer systems were actually funded to a large extent — 80%, 90% even 100% by the federal government. These IT projects, however, were in the social services programs: Welfare eligibility, child support systems, child welfare systems and so on. They all came with a big chunk of money from the feds to actually develop the systems. But apparently, the Labor Department which provides federal funds for state UI programs does not have the same type of IT funding process for state UI computer systems.

“You’re right. There is no federal money to do infrastructure,” Fantasia concurred. “All of the Department of Labor federal money that we received is for business programs and business grants.”

Consequently, Massachusetts had to basically carve out some state funding to do this modernization effort.

“We’re now tapping into all of those fed grants to do a 10% cut off the top for operational and technology improvements for each year, but back then we had no budget,” he said. They went to the administration and finance agency who controlled the budget and made their business case for modernization. “We told them the problems that we were facing and the cost of it, and everybody agreed that this was the right choice to go forward.”

Implementation challenges from feds over public cloud

The modernization implementation itself was revealing as well with customary hiccups along the way. Not so much technology-wise as could be expected, but the usual change management issues, in this case with the federal government. Fantasia described it euphemistically as “learning opportunities”.

Massachusetts like all states obtains data from the IRS and from the Social Security Administration to determine claimant eligibility. There are strict federal guidelines to ensure that Massachusetts provides the proper paperwork, and meets other requirements involved as they were moving from an on premise data set to the cloud.

“The feds had some verification, they had their own testing. They wanted to do the old fashioned on site audit,” Fantasia said.

They had to convince the feds that they couldn’t tell them the location of the Amazon Web Services data center. The people who were managing and auditing state solutions were still considering states to be legacy controlled, brick and mortar data centers. Massachusetts even called in their AWS partners to help make their case with the feds. AWS demonstrated that there were many federal solutions that are successfully operating in the AWS environment.

“So it took the IRS and the SSA some convincing to understand what the cloud data center was really all about,” he said.

Overall the new system was about a year in development and cost around $6 million. There were a number of external partners involved like the bank and the Labor Department’s icon hub for SSA verification.

“So we did most of our testing for those interchanges back and forth on a date of validity point of view, making sure that we could set up the right secure methods for access, making sure the changes there were obviously from a client inside as well as some external partner, making sure all that activity was there safe and secure,” Fantasia said.

Advice to other states: Don’t fear change

Finally, I asked Fantasia’s advice for other states which will no doubt be revisiting their plans to modernize their UI systems given the pandemic’s impact. He said the biggest key is not to be afraid of change. Massachusetts took the effort to not only modernize its infrastructure for UI Online, but also to modernize its call center.

“We’re changing the way we think about doing business. And the advantage of doing something in a cloud solution is literally that if you don’t like it, you can do it all over again,” he said. “Tear it down and go over again. It’s the servers and the infrastructure and not your children.”

It seems that all this effort has paid off for the Commonwealth of Massachusetts. It will be interesting to see what the reaction will be among other states as well as whether the Labor Department may wish to reassess its position with regards to funding UI system modernization efforts.

Listen to the first part of this interview here.

If the Great Recession of 2008-2009 when millions of local public sector workers lost their jobs is any indication, the pandemic’s impact on this sector in 2020 will be staggering.

The latest national figures estimate the last two-month total to be around 36.5 million unemployed and the Federal Reserve Chair Jerome Powell this week warned that the unemployment rate could soar to 25%, a number not seen since the 1930s.

While Powell did go on to say the recovery should be far more rapid than during the Great Depression, the near term effects on state and local employment will be devastating.

We discussed the developments with Alan Shark, the long-time executive director of the Public Technology Institute (PTI) in Washington, D.C., which is the premier technology organization created by and for cities and counties, actively supporting local government executives and elected officials through research, education, executive-level consulting services. It also hosts national recognition programs.

20%-35% staff, spending cuts predicted

“Well, I kind of hear two questions. One is what will be the overall impact and what will be the priorities. I’m one like you who survived the 2008 recession. And we can learn a lot by that in terms of what was cut, we lost thousands, in fact, I would say millions of public workers across the United States,” Shark said. He added that was mild compared to now. “In this case, we’re hearing from many people that there may be overall cutbacks of anywhere from 20% to 35%. And that’s going to come at the cost of both people as well as other kinds of capital spending and other things.”

Shark admitted this development will put a real crimp on things for years to come.

“And there’s a second question in all of this, which is how long is this really going to last? In other words, what will the new normal look like?” he said. Local government perhaps won’t need as much real estate anymore. “I’m not sure we need as many offices as we thought we needed. This is where we’re demonstrating that we can do a heck of a job working remotely. And that’s never been proven before.”

Telework has traditionally, at least in government, been viewed with somewhat of a jaundiced eye. Are people really working? Are they really?

“So I think it’s proving that wow, people are actually stepping up. They’re working longer hours. I know, I am,” Shark said. He also predicted that along with the significant cutbacks in staff, unfortunately, there will be reductions in travel, training, and virtually ever sector of local government including IT. There should be little appetite for major technology efforts in light of layoffs at schools.

Mobility and cloud rising while desktop’s time is over

“On the other hand, I think the priorities are going to be anything to do with public safety, which is always is the case. And then I think anything geared towards a mobile environment, because  the idea of a desktop is over,” Shark said.

People are focused on mobility. They’re thinking smaller. Managers are going to be thinking that their staff can get by with maybe an iPad pro, Chromebook or the equivalent.

“So I think we’re going to be thinking very differently in terms of what are the tools that our public workers really need to be productive? How do we best support that?” he said. “And we may be able to do that because of the advancements, including security of the cloud.”

Speaking of the cloud, Shark said it was fortuitous that its popularity and acceptance comes during this pandemic.

“The cloud came at a good time, because the cloud can be anywhere. Our access is easier. We can probably save an awful lot of money rather than the duplication of everybody having their own network,” Shark said.

In the same vein, he warned that smaller cities and counties will be hit particularly hard because they can barely keep up with the duties, services and responsibilities they have now.

“All the obligations of regulations, HIPAA, privacy, and all the security threats being laid upon them, they’re going to have the biggest issues. They’re going to have to move to the cloud, they’re going to have to accept shared services. It’s going to be more important than ever,” he said.

PTI and NASCIO pilots for local governments?

Shark hopes that by working with Doug Robinson, executive director at the National Association of State CIOs (NASCIO), they can cooperate on pilot projects that could really jump start this move along.

Many of the smaller cities and townships in New England are a great example.

“I mean, no one would build a state or organize it as they are today, because they were organized in the 1700s. Now, many of these little communities are being operated as much as a homeowners associations as local government,” said Shark. They really need to have the same infrastructure duplicated. “They’re all these small hamlet localities. There needs to be governance and there needs to be elected leaders, but do they need to have separate little mainframes here and there that they can barely protect, and support?”

So there’s change a-comin.

“And what we saw in 2008 is going to happen now on steroids. And that is, when you have a scarcity of resources, you have unbelievable innovation,” Shark said. “And remember, innovation isn’t always solved by technology. But it is all about how do we do things differently, and better. Technology is going to play a big role for sure.”

Alan Shark is amazed at the difference a few months can make.

Before the coronavirus turned the world upside down, in January his organization, the Public Technology Institute (PTI) and the National Association of State CIOs (NASCIO) coordinated on a webinar on the 2020 technology forecast for state and local officials.

Given what has transpired over the ensuing months, those prognostications are being reconstituted due to the virus’ impact on state and local government IT priorities and spending.

Shark, the long-time PTI executive director, gave a fairly positive forecast in January for the growth rate of expenditures, as well as for hiring in cybersecurity, artificial intelligence, cloud, training and workforce development.

“It was one of the more happy pictures that I’ve witnessed in my nearly 16 years at the helm at PTI,” he said. “I agree now, however, what we’re hearing and we’re in daily touch with CIOs from cities and counties across the country, it’s a different picture.”

PTI describes local government impact and resilience

PTI, based in Washington, D.C., is the premier technology organization created by and for cities and counties, actively supporting local government executives and elected officials through research, education, executive-level consulting services. It also hosts national recognition programs.

I asked Shark the degree of disruption from the pandemic that his local government IT leaders were experiencing on a one to 10 basis. “If 10 is the end of the scale being the most disruptive, they’re at a 12,” according to Shark. However, there is some good news that Shark is hearing as well.  He speaks with these people every hour of the day. They are putting in incredible hours. The good news is that they’re being recognized by their leadership as never before. They’re  being brought in by their program and elected officials to sit at the table. They are now a critical part of planning, not just an afterthought. A very similar situation we’re seeing at hthe state level as well. “They are now, I think city leaders, public managers are realizing the important role that these people play and how they had to switch from a work-based organization with physical locations to a virtual environment, including trying to figure out how do we bring the public into this picture through digital services, through meetings in ways that they never ever had to do before,” Shark said.

This switch for local government employees from the central office campus to a remote/telework environment during this pandemic has all come down to how effectively their organizations have been able to deploy disaster recovery (DR) and continuity of operations plans (COOP). That is, if they have them at all, an issue that has been challenging especially for state and local governments for years.

Shark admitted that some local government PTI members have experienced deficiencies in the DR/COOP areas. “Nobody from all the plans and I’ve been teaching this for years, I don’t think anybody contemplated being away from a physical structure as long as we have,” Shark said. The time factor is what’s really critical here. Most plans seven or eight years ago only contemplated a ‘three day away’ kind of status. They could still resume operations, but these things that they envisioned would never take more than a few days. But now it’s more like two months and counting. That is a totally different paradigm, and local governments have had to adopt new strategies to function under these circumstances.

Marriage licenses issued online

According to Shark, even the smallest local government organization delivers approximately 200 lines of business.

“I think one of the more lighthearted things is how quickly local governments have had to adapt into figuring out ways to allow people to get married online,” he said. “Who would have thought? Now they haven’t figured out divorce, John — divorce is another issue. But marriage, yes.”

The challenge, especially for most of the smaller and medium-size localities, has been that they’re not able to keep up with the digitization movement that began several years ago. Those who didn’t invest enough are hurting right now, Shark said.

Similar to state government, locals were challenged by the need to gear up for telework infrastructure: Devices, networks, virtual private network (VPN) licenses, cybersecurity and software. That raised the issue of volume, demand and capacity.

“Suddenly you had people who would not normally be considered as a candidate or likely candidate for telework. I mean, normally you would assign certain people, the heads of public safety, fire and health, but this situation today goes down the line,” Shark said.

Local CIOs facing remote infrastructure challenges

The sheer volume of people suddenly finding themselves on their own, working at home did create some significant communication challenges.

“Many people are in Microsoft shops and they hadn’t really turned on Microsoft Teams just as one example. But the bigger issue is getting into VPNs. But how do you secure the enterprise and what if there’s not enough equipment to go around?” Shark asked. “So we’ve found that collectively, there were not enough laptops to be distributed, laptop inventory is like minus a million.”

And configured laptops are even more scarce. That’s also the case for headsets, for decent cameras, and other equipment. Due to this situation people wanted to use their own equipment at home, raising device management issues.

“Very often these things were never intended to be work in a government situation. So they had to load the right protections,” he said. “All of this in a matter of days or hours and most of this ad hoc —  they weren’t prepared.”

IT Vendor community steps up

Next, they realized that employees didn’t have decent broadband at home. They didn’t think they needed it.

“This is where the vendor community, God bless them, they came through in many cases with donated equipment, vendors helping  with VPN licenses,” Shark exclaimed. “This has been one of the most interesting, moments of collaboration between the private sector, the vendor community and local government CIOs. It’s been amazing and amazingly positive.”

Next week we’ll continue this conversation with Part 2, and discuss some of the significant best practices and lessons learned for local governments resulting from this crucible of the 100-year pandemic.

Editor’s note: This interview was recorded prior to the NASCIO Midyear 2020 Webcast Series events.

Our friend, Doug Robinson, the National Association of State Chief Information Officers (NASCIO) executive director for the last 16 years, spoke with us last week about his organization, the effect of the pandemic on its membership, and most importantly, plans to substitute a virtual meeting for this spring’s conference entitled the NASCIO Midyear 2020 Webcast Series.

This week should have capped off NASCIO’s 50^th anniversary year with its Midyear Conference taking place just outside of Washington, D.C. The coronavirus had other ideas, however, and forced NASCIO leadership to switch over to a virtual event. Fortunately, the NASCIO program committee which takes the lead in organizing the conference agenda and speakers was able to pivot fairly quickly to a virtual environment for this Monday and Tuesday, May 4-5, featuring many of the planned speakers and panelists previously scheduled for the in-person event.

NASCIO midyear conference goes virtual

And apparently, it looked like a very popular affair. Robinson said they planned to have about 600 to 700 registered. While NASCIO in-person events are truly invaluable, particularly from the networking side, certainly the remote, virtual aspect is an attractive alternative, given the times.

In addition to NASCIO’s midyear conference activities, it’s always enlightening to hear from Robinson about the ever changing roles, impacts, and even the numbers in the state CIO ranks. One thing is certain, for better or worse, the pandemic has certainly raised the visibility of state government IT leadership. Robinson and I both agree that it has been the former. While there is an ever growing cadre of state CIOs who are members of their governors’ cabinet, probably only a dozen or so have this particular distinction. While all state CIOs are appointed by their governor, cabinet rank remains elusive. Although with each gubernatorial election this seems to change, and from what Robinson and I have both seen over the last three months, we expect this trend to accelerate.

State CIOs visibility elevated

The reason for this goes back to the state CIO visibility issue I mentioned earlier. Since the shelter-in-place proclamations were first being considered by governors across the country back in March, you can bet that that decision followed an intense meeting with the governor and the state CIO. The question was simple. Could the government still function with the majority of state employees working at home?

Remember while those dozen cabinet level CIOs see their governor on a regular basis, unfortunately, most would have to admit that such personal meetings with their CEO were confined to retirements and Christmas parties. The vast majority just don’t have access, particularly on a regular basis.

However, this pandemic has forced the governors to rely on their CIOs for nothing short of keeping their ship of state afloat, a daunting challenge. State CIOs and in fact their entire IT staff have been designated as essential employees just like first responders and healthcare professionals. And from all reports they have performed most admirably.

This calamity as we know is far from over. There will be after action reports which will further detail the extraordinarily efforts of state CIOs. Unquestionably though, there will also be continuity of operations planning weaknesses exposed, lessons learned the hard way, and copious examples of “better” practices. And legacy app weaknesses like unemployment systems which were laid low by the jobless surge come to mind as well. However, on the whole, as Robinson has attested, most states have performed extraordinarily well.

State CIOs’ finest hour

As a result, there will be opportunities for governors, particularly those who in the past only dealt with their CIO briefly and occasionally, to re-evaluate their state’s IT leadership. The states able to galvanize their telework infrastructure, to quickly procure the necessary devices, networking software and cybersecurity tools to successfully continue operations under the leadership of the state CIO will not go unheralded. In fact, they’re heroes, and this has been their finest hour.

I would expect that as a result of this experience we will see a number of governors come to the conclusion that state CIOs belong in their administrations’ leadership ranks, not retired again back into bureaucratic oblivion. The cabinet level position for the state CIO will become the norm.

One final note, on the lighter side, among this entire coronavirus experience, Robinson pointed out that several state CIOs actually were just appointed in the last few months.

“You have to kind of reflect and realize that we have CIOs that came on board in January and February and one as late as early April,” he said.

Well, I think we can assure them that this is a black swan, a hundred year pandemic, a once in a century nightmare, an extraordinarily challenging experience which will not be repeated on a regular basis. We hope. Otherwise, heroes or not, their resignations might be coming.

For only the second time since its founding in 1969 the National Association of State Chief Information Officers (NASCIO) has been forced to cancel its premier midyear conference that had been scheduled to meet next week just outside Washington, D.C. The last time NASCIO cancelled its annual conference was in New Orleans following the Sept. 11, 2001, terrorist attacks.

NASCIO represents state chief information officers and information technology executives from the states, territories, and the District of Columbia. This year their event, like similar gatherings large and small across the country, fell victim to the impact of the novel coronavirus.

Nonetheless, the intrepid Doug Robinson, NASCIO’s executive director for the last 16 years, spoke with us this week about his organization, the effect of the pandemic on its membership, and most importantly, plans to substitute a virtual meeting for this spring’s conference on May 4-5 entitled the NASCIO Midyear 2020 Webcast Series. Registration closes today, April 30.

NASCIO organization and growth

“We have 54 active CIO members in the public sector, those are our prime members. And we represent them and other IT executives and organizations within state governments who are focused on the public sector,” Robinson said. He was quick to point out, however, that NASCIO also has more than 100 corporate members, as well as nonprofits and other organizations that focus on IT. “State governments are our clear focus, but we advocate for IT in the public sector broadly,” he said.

Those 54 prime members, and their many CTO and CISO colleagues from all 50 states, plus DC, Guam and the Virgin Islands, along with 500 or more of their close corporate IT vendor friends were scheduled to gather the first week of May at the Gaylord National Harbor Resort & Convention Center just across the Potomac River from D.C. proper. Last year’s midyear conference was held at the same locale, and celebrated the association’s 50th anniversary. Robinson expected a new attendance record beating the more than 650 who went last year.

Within a matter of days following NASCIO midyear cancellation announcement on March 17, Robinson and his crack team huddled with executive committee officials headed up by its then president, North Carolina CIO Eric Boyette, to determine next steps. In early April it was announced the midyear conference would go virtual.

Webcast Series scheduled

“We can’t replicate the kind of a live conference, because obviously the huge value for our members is the networking and the collaboration and just the collegial nature, as you know, of the organization. It’s been its hallmark for many years,” Robinson said.

He explained that the organization, particularly through its programming committee’s work, had already developed significant content and confirmed speakers for the conference prior to cancellation.

“We pivoted and flipped pretty quickly and with executive committee leadership, the association decided to deliver content virtually,” Robinson said.

NASCIO will be hosting the Midyear 2020 Webcast Series beginning on Monday, May 4. The first three of the series are going to be focused on the COVID-19 pandemic, examining the CIO experience with one set of panelists from a number of states. It will include a diverse group of states and CIOs, presenting their perspectives on their experiences, best practices and lessons learned. Cybersecurity issues will be a key part of that, particularly interacting with local governments.

“We’re also going to focus on some other topics. I think one of the things that we’re going to talk about on Tuesday, May 5 is the fact that it’s not business as usual,” Robinson said. There have been significant process and technology innovations that have been brought forward during these challenging times. “So what are states doing, bringing in different stacks or redesigning very, very quickly?”

Future of life, work post-COVID

The webcast will be focused on what Robinson calls ‘the big return’. What will life and work really look like, post-COVID-19, when we all get back to that? It’s going to be very different depending on what state you’re in.

“What are the implications? What we’re hearing, on our weekly calls with our leadership, all states calls with CIOs, chief security officers and CTOs and others is that they see the return being much more difficult than the push out to remote work,” Robinson said.

He reports that these state CIOs and colleagues expect a very long returning-to-work process.

“I think there’s loads of uncertainty about how to bring back employees. We expect the technology organizations and the IT staff components to be some of the first state government folks back in a physical space. But is that really feasible right now? And how would they do that protocol?” Robinson queried.

NASCIO’s midyear web series will hopefully shed some light on these major questions.

Schedule of Events Midyear Webcast Series

Monday, May 4 | 11 a.m. – 12:30 p.m. EST | Welcome & The State CIO Experience: Perspectives on COVID-19

• Panel: Stephanie Dedmon, CIO, Tennessee | Jim Weaver, CIO, Washington | Curtis Wood, CIO, Massachusetts

Monday, May 4 | 4 – 5 p.m. EST | Stronger Together: State & Local Cybersecurity Collaboration

• Panel: Maria Thompson, State Chief Risk Officer, North Carolina | Randy Cress, CIO, Rowan County, North Carolina | Maggie Brunner, Program Director, National Governors Association (NGA) | Meredith Ward, Director of Policy & Research, NASCIO

Tuesday, May 5 | 11 a.m. – 12 p.m. EST | Not Business as Usual: Technology and Process Innovations

• Panel: Michael Leahy, CIO, Maryland | Nelson Moe, CIO, Virginia | Ed Toner, CIO, Nebraska | Jeff Wann, CIO, Missouri

Tuesday, May 5 | 3- 4 p.m. | The Path Forward: Life and Work After COVID-19

• Panel: Mike Hussey, CIO, Utah | Calvin Rhodes, CIO, GAeorgia | Ervan Rodgers, CIO, Ohio | Rob Atkinson, President, Information Technology and Innovation Foundation (ITIF)

Corporate Member Session

Monday, May 4 | 2 – 3 p.m. EST | Corporate Member Exchange (all corporate members welcome)

• State CIO Top Ten Priorities & State CIO Transitions with Doug Robinson, Executive Director, NASCIO
• The View from a New State CIO with Tracy Doaks, CIO, North Carolina; Brom Stibitz, CIO, Michigan; and Jeff Wann, CIO, Missouri

Midyear Registration

• Registration is open to all members in good standing
• No registration fee
• No limit on the number of participants per state/company/organization
• Must register by Thursday, April 30

Listen to the first part of this interview here.

Although this interview with Kevin Plexico, senior vice president of information solutions at Deltek, who runs their market intelligence business, occurred prior to the full impact of the coronavirus pandemic, it set the stage for the significant budget revisions leading up to the new fiscal year on July 1, just 10 weeks from now.

While we focused previously on national budgeting and spending trends, Plexico narrowed his perspective to New York and Texas. He sees a pattern of state and local governments creating innovation officer positions, focusing on citizen services, and all the while increasing spending on cybersecurity.

“In Texas and New York, the idea of driving digital services and citizen access is crucial. And, of course, cybersecurity is something that’s on the front of the mind of every [chief information officer], trying to drive risk reduction,” Plexico said.

There are so many vulnerabilities that are being exposed, people trying to get in through malware, and employees not paying sufficient attention to phishing activity.

“Consequently, there’s a lot of investment that’s really counting on state budgets to really devote more and more to the protection of their resources from an IT point of view,” he said.

Plexico emphasized the fact that Texas is a leader in terms of governance, with ownership of IT centralized in one organization: the Department of Information Resources (DIR).

“Their DIR is a much more command and control model than what you’re seeing in California. They went through an effort a few years ago to really consolidate their data centers down to two main data centers, but now they’re realizing these data standards are so big, they need more than one vendor to help them out,” he said.

Read more: Ask the CIO: SLED Edition

Consequently, they’re now in the process of multiple procurements to break out the work into separate pieces. Unsurprisingly, IT vendors in Austin are very excited about the prospects according to Plexico.

In New York’s case, things are a bit more complicated. State CIO Bob Samson, our friend and former guest on Ask the CIO: SLED Edition, resigned last August and a permanent successor has not been appointed. Jeremy Goldberg was named acting CIO by Gov. Andrew Cuomo back in December. In any event, one of the developments Plexico has observed in New York is a budget constraint even before the coronavirus.

“We’re seeing that it is one of the few states that seems to be having a bit more of a budget challenge despite the healthy economic environment. Their Medicaid costs have been growing pretty dramatically and now represent an outsized portion versus the rest of their budget,” he said.

This is the first year in five years that they’ve had a shortfall. As a result Cuomo put in place a budget request to reduce the amount of state IT investment that was going into operating expenses, keeping it to 2% year over year.

“So they’re a bit more challenged than some of the other states that we looked at,” Plexico said.

One-third of SLED IT budgets are federal dollars

Finally, he raised the issue that’s one of the largest and most misunderstood components of state and local government IT spending: The impact of federal funding on IT investment. Up to one-third or more of total state spending is composed of federal government funds, particularly budgets for health care and social services. The portions of IT budgets represented by federal dollars are similar. With Deltek’s total state and local IT spending estimated at $130 billion annually, that’s a portion of money that IT vendors can’t ignore. As a result, Deltek investigates the effect of grants that flow down from the federal level into state and local governments.

“It does have a huge impact on things like investment in school technology. Vendors must pay attention to grants that come down from the federal government to get access to some of those funds to help a state agency or an educational institution shore up their technology,” Plexico said.

In fact, many of state and local governments’ largest and most complex IT project are funded 80%-90% as the result of federal legislation and the accompanying budget dollars. The federal funds support virtually all of the major eligibility and case management IT projects involving welfare, Medicaid, child support, child welfare and so on, plus billions more in public safety, transportation, and environment IT as well.

Read more: Technology News

“If you think about things like Medicaid, the federal government has a huge role in supporting and paying for that. For K-12, the Department of Education provides a huge amount of money,” Plexico said.

At the federal level for agencies like the Homeland Security or Defense departments, most of the money they spend is spent with contractors.

“However, if you look at an agency like the Department of Education or Department of Housing and Urban Development, they’re much more redirecting money that they get from the federal level down to state and local governments where it gets executed,” he said.

If all this was not complicated enough, there is no universal way that state and local governments account for, track and report their grant funding receipts and spending. Thus making the identification of related IT budget plans all the more difficult.

I’ll close by repeating the sage advice from Doug Robinson, National Association of State Chief Information Officers executive director and long-time friend: “If you know one state, well, you know one state.”