Privacy is a new standard -- The nature of privacy is evolving rapidly, and special districts need to be ready for these changes, warned Government Technology Chief Innovation Officer Dustin Haisler. The European Union’s implementation of the General Data Protection Regulation (GDPR) last year sparked a movement to give citizens more control over their personal data. This trend is driving new legislation in the U.S. -- including broad new protections recently enacted by Colorado and California – which is changing how special districts must approach privacy, Haisler says.
“Privacy is moving beyond a set of features on apps and infrastructure, or disclosure notices on websites,” he says. “It needs to be built into everything you do.”
A comprehensive approach to privacy will be crucial to meet new citizen expectations for how all organizations -- including public sector institutions – protect and use their personal information.
“Compliance will evolve,” Haisler says, “and it will have big implications for special districts and government organizations.”
DIY digitization makes a big impact -- The Orleans Parish Communications District – the special district that handles 911 and 311 calls in the city of New Orleans – is using a low-code application development platform to eliminate paper processes and launch new digital services.
Executive Director Tyrell Morris told summit attendees the district’s modernization efforts began with digitizing the process employees use to request vacation time or pick up extra shifts. The old paper-based processes were so slow the district often denied vacation requests because it didn’t have timely information on staffing levels. Since the initial project, the district has used the low-code development tool to eliminate 90 percent of its paper processes, Morris says.
In addition, the district used the tool to create a 311 website that takes pressure off its call center staff. The 311 site enables citizens to report problems like potholes and broken streetlights online anytime without picking up the phone. Morris says the new site was critical to the district’s ability to absorb the 311 function a few years ago.
“The city gets about a half million 911 calls annually and an equal amount of 311 calls,” he says. “We couldn’t put all of that new load on our existing call-takers.”
FirstNet strengthens resiliency -- Bruce Moeller, former fire chief and city manager of Sunrise, Fla., urged special district leaders to join FirstNet, the dedicated national communications network for first responders, to ensure they can reliably communicate during a disaster.
Moeller, who dealt with Hurricanes Andrew and Katrina as a city official, recalled that large swathes of Broward County went dark in 1992 when Andrew wiped out communications infrastructure. As a result, first responders lost situational awareness.
“The hardest hit areas could not communicate,” he explains. “First responders weren’t going to these areas because people weren’t calling for help.”
Most special districts qualify as first responders under the National Incident Management System (NIMS) framework, Moeller says, adding he has worked with multiple special districts during disaster response and recovery.
FirstNet service can be added to standard smartphones carried by district employees, giving them access to resilient communications capabilities when an emergency occurs.
“Prepare your organization for the unknown event looming around the corner,” he says. “Make sure you have the ability to communicate in a crisis.”
Free cyber resiliency services are available -- George Reeves, a cybersecurity advisor with the federal Cybersecurity and Infrastructure Security Agency (CISA), urged summit attendees to take advantage of free CISA programs designed to help government agencies strengthen their cybersecurity posture.
For instance, CISA’s Cyber Resiliency Reviews evaluate an organization’s operational resiliency and cybersecurity practices across 10 domains, including asset management, incident management, vulnerability management, situational awareness and training. The agency also offers free services to help special districts evaluate the security of third-party contractor relationships, review the architecture of operational systems and scan for configuration errors in internet-connected systems.
“We consider ourselves the nation’s risk advisors. We won’t tell you what to do, but we’ll give you guidance,” Reeves says. “And we offer all of our resources at no cost. The only commitment is your time.”
Information technology and operational technology are coming together … slowly -- The Internet of Things (IoT) is gradually bringing together traditional IT and the specialized operational systems that run water treatment plants, power generation facilities and other types of infrastructure. Technology leaders from the Lower Colorado River Authority (LCRA) and San Antonio Water District both say they see future opportunities to connect a new generation of automated sensors directly to plant systems using an industrial version of the IoT, known as the IIoT.
But neither of them is ready to link internet-connected IT systems to operational control systems today.
“We’re not mixing IoT and [operational control] systems currently because we’re not comfortable with the security to do that,” says Sree Pulapaka, CIO of the San Antonio Water District, which maintains 10,000 miles of pipe and operates multiple water treatment plants.
Todd Sander, CIO of LCRA, which generates and distributes electricity through a system of dams and transmission lines on the Colorado River, agrees, saying security for industrial use of IoT isn’t mature enough to consider such connections.
“It’s very hard to find to find people with a good cybersecurity view of operational technology,” says Sander. “I don’t even know that it’s considered a field yet. But it needs to be, because operational technology is moving closer to information technology.”
