ARLINGTON, Va. — Virginia is a leader when it comes to cybersecurity; just ask Gov. Terry McAuliffe, who told the audience at the 2017 NASCIO Midyear conference on April 24 that as chair of the National Governors Association, he has “made cybersecurity the No. 1 signature issue for all 50 states.”
McAuliffe also told the more than 530 government and industry attendees, whose discussions revolved around agile development, and top strategies, management processes and solutions, that although cybersecurity is an issue for all levels of government, “Washington has done a very poor job of outlining a national strategy for how we take care of the states. We don’t even have a committee in Congress; we at the states are left to do that ourselves.”
And as a nation, he added, we are only as strong as our weakest link. Though we have made tremendous progress, there is still much to do, as several states have been hacked in the very recent past.
“If something happens in your state and your individual taxpayers’ information is taken from them, you are going to pay a price for that,” McAuliffe said. “And you should pay a price. My most important task as governor is protecting the data that we have in Virginia.”
And his CIO, Nelson Moe, elaborated in a later session, noting that Virginia is the first state to adopt a cyberplatform and move forward with its sharing organization for cyber. “The key in Virginia is to be prepared; Mike [Watson, state chief information security officer] and I work on our incident response plans all the time,” he said, and mentioned that Virginia gets attacked every three seconds. “And the Internet of Things makes a larger attack space and decreases cost for the bad guys; it costs them less to create a problem for us.”
In Michigan, CIO David Behen and his team are working to combine mobile first, big data and cybersecurity with MiPage — what he described as a personal concierge for government services in the state that is personalized and predictive.
“It’s personalized data for you,” he said. “How are we going to use data to fundamentally change how we do customer service? … If you don’t have cybersecurity, how are you going to be sure you're protecting that data?”
Because if there’s a breach, Behen said, constituents’ confidence in your system is gone. And the state intends to solve the problem through public-private partnerships. In fact, in a few weeks the state plans to release an RFP for the Michigan Threat Analytics Center, where predictive analytics will show officials what threats the state will face next. A playbook on the concept will be released simultaneously.
Mississippi CIO Craig Orgeron noted that when it comes to implementing projects and programs, the state utilizes public-private partnerships as well. “We try to do the things that we are good at, and we try to partner where we need to partner, exploit those relationships,” he said.
Also a high priority was agile development, which is making its way into many state-level projects. In California, for instance, Deputy CIO Chris Cruz mentioned the state’s history of developing “these big, monolithic projects” where halfway through, something unforeseen would occur or the budget was already blown. It was these situations that prompted state officials to look at the project delivery process and take a different approach.
And the approach taken for California’s Child Welfare Services-New System project, which Cruz said is the largest in the country, is agile.
Cruz was first introduced to agile in Health and Human Services. “We were taking a waterfall approach to an agile project, so I think that helped us expedite an agile approach,” he said, adding that a great benefit of this approach is that if vendor A is not working out, “we can hire vendor B within a week or two.”
Preliminary results of a NASCIO/Accenture study found that an agile approach helps states achieve more of the results they want. More specifically, 74 percent of respondents found that agile supports increased customer engagement and business ownership, 71 percent found improved customer satisfaction and 68 percent experienced improved quality when using agile development.
For Cruz, one statistic in particular resonated — 65 percent of respondents found that agile supports improved transparency. “A lot of project directors tend to over promise and under deliver; we want to under promise and over deliver, which is doable with agile.”
One thing that Minnesota CIO Tom Baden noted wasn’t included in the preliminary results of the study is that agile removes a lot of the friction between all of those accelerations; small increments are worked through, which he said makes the project less risky and of better quality.
“If we’re a little off course we can adjust quickly; there’s less risk and greater flexibility,” he said. “But if you don’t have great leadership the whole way, you won’t succeed.”
For Accenture’s Keir Buckhurst, there’s not necessarily less risk, “but what you’re risking is a lot smaller. It’s the flexibility that’s what’s most important.”
As for how states are approaching agile, it’s a bit of a mixed bag. “Some states are supporting agencies as they dip their toes in the water, some are more active advocates … while others start a grass-roots effort to grow it across the state,” Buckhurst said. “Then some CIOs have said to me candidly, ‘Waterfall isn’t working, but I haven’t figured out agile yet.'”
One thing to consider for those who’ve not yet gotten their feet wet with agile yet, he said, is to get some assistance.
“It is critical to have an agile coach particularly through the first few initiatives,” Buckhurst noted. “They’ve actually done it in the field and can tell them how to do it.”