NASCIO, PTI Talk State of Cybersecurity, AI and Cloud

A recent webcast tackled the challenges facing IT shops at the state and local level and national trends in fighting ransomware, migrating applications to the cloud and adopting artificial intelligence technologies.

by / July 22, 2019

The National Association of State Chief Information Officers (NASCIO) partnered with the Public Technology Institute (PTI) to address member concerns surrounding cybersecurity, cloud migration and AI during a webcast late last week.

The video conference recapped NASCIO’s top 10 state CIO priorities for 2019 and showcased PTI’s top 10 technology priorities for local government, which included security and risk management; budget, cost control and fiscal management; customer relationship management; consolidation/optimization; enterprise IT; identity and access management; broadband/wireless connectivity; cloud services; digital government; data management and analytics.


NASCIO Executive Director Doug Robinson said cybersecurity has moved to the No. 1 spot in a list of state CIO concerns since the threat of ransomware appeared on the organization’s radar a few years ago.

“Certainly, I think what we’re seeing right now in the public sector is ransomware, particularly in local government, has been dramatically and increasingly problematic,” Robinson said. “I think it comes from a couple of different reasons. One, it’s relatively easily executed for the bad guys and the bad actors and it can be monetized in terms of the criminal activity much easier than the stealing of data and the theft of data."

"As states and other organizations have really begun to optimize their security posture in making data theft and breaches much more challenging, it seems to be easier to affect local governments with ransomware attacks,” he continued.

Robinson applauded the recent communal vow made by the mayor members of the U.S. Conference of Mayors that they will not submit to ransomware demands.

Alan Shark, executive director of PTI, said he is frustrated by the way cybercrime flips the adage “crime doesn’t pay” on its head, and criminals’ ransom demands keep rising in cost.

“We see a real problem, but here’s the newest thing that concerns me about ransomware: There’s nothing new here except the ransom prices, the demands made by the bad actors, continue to go up, even to the point of six figures,” Shark said. “And for the first time we had a city in Florida that basically held a public meeting and said, ‘Yeah, we’ll pay $600,000.’ That’s the first time it reached [six] figures. That really concerns me.’”

At the local government level, funding for ongoing employee cyberawareness programs continues to be a challenge, he said, which exposes localities to ransomware attacks. Shark said he used to recommend cyberinsurance to local CIOs, but the requirements for coverage are now more difficult to meet and policy costs have become steep.

“I think we’re in a crisis and I think many local governments don’t have the capabilities. They have the desire, but they don’t have the capability and they need external help,” Shark said.

Robinson said CIOs should pitch cybersecurity concerns as business risks to decision-makers to keep the problem from being relegated to an IT issue.

According to data from Symantec, there was a 600 percent increase in attacks on IoT devices between 2016-2017. Research from the Center for Digital Government* reveals that about 50 percent of states have a cyberinsurance policy, 70 percent of counties are covered and 60 percent of cities have a policy.

“This is going to continue, it’s not a project,” Robinson said. “It’s something that we have to live with as part of the digital world and that’s challenging when you’re trying to communicate that to appointees and elected officials.”


AI, robotic process automation (RPA) and chatbot deployment are now top priorities for state CIOs, Robinson said. The goal of the technology, from a CIO perspective, is to enhance people’s experiences with government, streamline traditional methods of communication and enable more meaningful work for employees.

“About 60 percent or so of our state CIOs say that they see [artificial intelligence] as the most impactful emerging technology over the next two to three years, meaning, again, enhanced productivity and efficiency,” he said. “They don’t believe there is going to be a huge impact on workforce reduction. I think they see it augmenting mundane tasks and transferring those, perhaps, to a scripted bot. We’ve seen that in states.”

He said 25 percent of states have some form of AI in production, mostly RPA. Another 25 percent of the respondents are in pilot or test programs to explore uses for the technology. He said the agencies deploying chatbots and RPA usually reside outside of the CIO’s office. It is mostly being used in finance departments, human resources application screenings and tax and revenue divisions.

“AI is an exploded term that is way too general, like cloud computing,” Shark said during the webcast. “If that’s what gets us the funding and the interest, I’m all for it, but essentially it is augmented decision-making, it is improvements in business processes, it’s true innovation, but it sits on data. We’ve moved from open data, to big data, and now this technology brings all these buckets together and makes more sense of things at a speed which no human could possibly compete with and give us information that we could never have before.”

State and local governments must feed AI programs quality data and instill core ethics so that the program behaves as anticipated when deployed, Robinson said.

“I don’t think it’s going to replace us in this field, government,” Shark said, “but it will make us better decision-makers when we look at what the data suggests and tells us, assuming the data is adequate.”


NASCIO has seen about 25 states adopt a cloud-broker concept where the use of services is orchestrated by the CIO’s office, Robinson said. There has been a movement to vendor cloud solutions and there have also been assessments of which programs can be migrated and which legacy systems must stay on more traditional mainframe systems.

Surveys from The Center for Digital Government* confirm continued movement toward cloud technologies from states and local governments over the past several years.  

“There are many little applications, I always say do the low-hanging fruit first, and in places where you have more of a federated approach to technology, which seems to be a preferred model moving forward as opposed to investing everything into just one central location, except for the most important forms of data,” Shark said. “That’s a trend, whether it’s good or not.”

Robinson said local governments could partner with state agencies to share infrastructure and colocate to cut costs on cloud services.

*The Center for Digital Government is part of e.Republic, Government Technology's parent company.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

Patrick Groves Staff Writer

Patrick Groves was a staff writer for Government Technology from 2019 to 2020.

Platforms & Programs