For once, the biggest problem with engineering effective IT modernization may not boil down to a lack of money to tackle the job.
That conclusion was a top-line takeaway from Republicans, Democrats, and private sector experts at a hearing of the House Government Operations Subcommittee today on how the COVID-19 pandemic exposed state and local governments’ antiquated IT systems, and what governments should do about it now that pandemic conditions are easing in many areas.
Subcommittee members were united in recognizing the problem of outdated IT infrastructure at the state and local levels, but identified cultural, governance, and communications issues as the main impediments to improvement – rather than funding streams.
During today’s subcommittee hearing on state and local IT after the pandemic, Chairman Gerry Connolly, D-Va., noted how Federal COVID-19 relief funding was “nearly thwarted in delivering that lifesaving assistance due to outdated IT” at the Federal, state, and local levels of government.
“Unfortunately, many state and local governments’ IT infrastructure is outdated, causing severe gaps in access to digital services and undermining Federal public health and economic relief efforts,” Chairman Connolly said during the hearing. “Over the past year, the pandemic forced state and local governments to modernize IT systems quickly and embrace digital services. Yet aging and inadequate IT systems – and not a lack of political consensus or will – continue to hinder access to critical government services.”
Subcommittee Ranking Member Jody Hice, R-Ga., agreed with Rep. Connolly that state and local governments need to modernize their IT systems, but emphasized that additional Federal funding isn’t the answer. Instead, he urged state and local governments to put their own budgeting emphasis on prioritizing IT updates, and called for the committee to investigate the estimated $400 billion in pandemic unemployment benefits that were lost due to fraud.
“As we look for next steps, it is my firm conviction that additional Federal funding should not be the default answer. States, localities, territories, and tribes have received half a trillion dollars so far in COVID relief,” Rep. Hice said. “What needs to happen is for states to properly emphasize information technology and cybersecurity in their budgets, and, more importantly, they need to take steps to reduce fraud.”
Chairman Connolly agreed with Rep. Hice on the first point, saying, “I don’t think the issue right now is money.” He agreed that there are “a lot of resources available both at the state and local government” levels for investing in IT modernization.
Although some funding is available to state and local governments, Alan Shark, executive director of the Public Technology Institute, CompTIA, said there is a “governance issue,” as well as a communication gap, when it comes to investing in IT at the state and local level.
Shark noted that his organization does an annual survey of local government cybersecurity programs and last year when it asked, “How engaged are your elected officials with regards to cybersecurity efforts?” almost 54 percent of respondents said “not engaged” and about 24 percent said only “somewhat engaged.”
“That is a small portion,” Shark said. “And to me, what we see, for the professionals that are on the forefront of protecting our infrastructure, our digital infrastructure, we’re often lacking the support from those that these people report to. So, there’s a real governance issue. There’s a communications issue. There may not even be a funding issue as much, if this money is out there. There seems to be a gap, communicating, the importance, the need, and where to go for help.”
Doug Robinson, executive director of the National Association of State Chief Information Officers, agreed that funding is not the solution, and said the real issues are the leadership and culture of organizations in regards to their attention on IT.
“I’ve certainly noticed a discrepancy in the amount of funding and the amount of executive attention on the topic of cybersecurity,” Robinson said. “The challenge right now is essentially advancing the capabilities and disciplines of the states, but it’s not just about additional funding, there’s a lot more that has to happen…. it’s a culture.”
“I think states … we recognize that there might be actually requisite funding embedded in the state agencies that could be used in an enterprise-level, and that’s been one of our messages is ‘Let’s make sure that we have a very strong assessment of the posture of state governments before we spend additional dollars,’” he said.