ARLINGTON, Va. — Whether it’s protecting critical infrastructure from hacktivists and bad actors, working to securely authenticate identity management for constituents or implementing emerging technologies that are poised to change the world, as one tech chief put it, the IT officials and private-sector partners who attended day two of the 2017 NASCIO Midyear conference on April 25 got real about what they’re facing.
In “learning lounges” designed to offer a more informal approach to important discussions, they shared experiences and challenges, and offered advice and support on how to move forward on the various issues.
Hacktivism has made headlines for its disruptive and highly personalized nature — and it’s something with which Oklahoma CIO Bo Reese is quite familiar. In 2015, a Republican lawmaker in the state introduced a bill that made it illegal to wear a hoodie in public, which got a lot of attention — including from hacktivists who pointed botnets at the state’s infrastructure.
And hacktivists, said Andre McGregor, director of security at Tanium, are constantly searching for vulnerabilities. “They’re looking for something they can use to take control,” he said. “They won’t go after your most important machines; they’ll go after the ones you don’t know about.”
Cybersecurity also was one of the four concrete examples CIOs pointed to as far as their partnerships with federal agencies that continue to benefit states. More specifically, Connecticut CIO Mark Raymond discussed that the Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) is a partnership all levels of government should consider, and not just for its threat monitoring and advisories.
“When we were developing our cybersecurity strategy,” Raymond said, “we had the MS-ISAC come in.”
Also cyber-related is Minnesota CISO Chris Buse’s use of the federal Scholarship for Service program, in which students studying for degrees in cybersecurity get their college expenses covered if they work in government. The general rule of thumb, Buse said, is one year of college is paid for by one year of service in government. And students can get credit for up to three years.
“This is a really big deal if you’re in the government space looking for cybersecurity, because you have a captive audience," he said. "This is a really nice way to get top talent into government.”
Switching gears, Ohio CIO Stu Davis shared his experience working with 18F to craft a data analytics RFP. 18F Director of State and Local Practice Robin Carnahan helped turn the RFP process upside down in the state, which Davis said was looking to get proposals from innovative firms that don’t normally do business with government. “It’s going to be an interesting process as we go through this,” he added.
And Deputy Associate Administrator Dominic Sale noted that the General Services Administration, which houses 18F, can help states in other ways. The Federal Risk and Authorization Management Program (FedRAMP), for instance, is something states can take advantage of today, as are the agency’s resources around identity management. For example, best practices at IDmanagement.gov are available to all states. Sale said that officials can take this system and apply it in their states.
Sale also noted that Login.gov — a single sign-on solution for government websites — launched this week for some federal partners, though he has not yet reached out to states on the effort. “Believe me,” he said, “I'm working on that.”
On the path to citizen-focused digital government, one significant challenge is how to securely authenticate the identity of those who want to conduct their public business online. Thanks to funding from a program called NSTIC, the National Strategy for Trusted Identities in Cyberspace, 15 states are currently engaged in pilot programs to test new technologies that can better protect against tax fraud — an expensive problem across the public sector.
Georgia Chief Technology Officer Steve Nichols was on hand at a NASCIO panel Tuesday, April 25, alongside vendor MorphoTrust, to talk about their ID management pilot program, which involves the Department of Revenue, Department of Driver Services and Georgia Technology Authority.
“One of the fundamental issues everyone has to grapple with is identify-proofing — your business process for proving that you’re you or I’m me,” Nichols said in an interview with Government Technology in advance of the panel.
Georgia’s pilot takes advantage of the identity proofing that already goes into getting a driver’s license — a system that happens to be from MorphoTrust. Taxpayers seeking to protect their tax return from getting into the wrong hands can opt into the system using an app, which requires authentication via selfie. The submitted picture is compared to the driver’s license photo the state has to ensure a citizen is who they say they are.
But Nichols cautions that many current pilots may not make it past the pilot stage. The costs are simply too high. “It’s pretty tough to make a business case for this stuff,” he said. “None of this would be happening without the NSTIC grants, that’s for sure.”
Lexington, Ky., CIO Aldona Valicenti sees great potential for emerging technology in local government. “IoT opportunities are driven by citizen needs,” she said, pointing to sensors as a relatively low-cost technology that can pinpoint services like garbage collection and leaf collection — a service that Lexington performs for its residents. “The very basic services that aggravate people … those will be the things that are going to drive IoT investment and it’s going to be at the city level.”
Among the other technologies discussed during the panel were drones, digital assistants, block chain, virtual and augmented reality, and connected and autonomous vehicles — all of which have potential in government and many of which are in use today. The conclusion attendees kept returning to, however, is that solid policy has to be in place to resolve the many issues presented by new tech.
But it can be tough to move at the speed of technology given the legislative constraints CIOs operate under. Texas CIO Todd Kimbriel described the state’s three-year budget process, adding that agile development methods are helping his agency be more responsive. Government Technology interviewees at the event unanimously agreed that CIOs should be at the center of the conversation on incorporating emerging tech into government. Its potential to upend how government does business can’t be overstated.
“Block chain will have the same disruptive effect as virtualization,” Kimbriel said, eventually enabling things like online voting. “Think about how that changes the world.”