US states' IT optimisation threatened by red tape

IT consolidation efforts can generate major savings for US state governments but can be difficult to achieve due to complex federal security and other regulations, according to the head of the National Association of State CIOs (NASCIO).

In testimony before the US House of Representatives Oversight, Intergovernmental Affairs Subcommittee, NASCIO President and Oklahoma State CIO James Reese called for a reduction in regulatory red tape and compliance costs.

“Duplicative, complex and often conflicting federal regulations and their accompanying audits hinder state governments from achieving a more effective and efficient IT enterprise and cybersecurity posture,” Reese said.

“Federal data security regulations and accompanying audits have not kept pace with changing state government IT business models and are increasingly hindering the ability of state CIOs to streamline processes and deliver savings to state taxpayers.”

Reese said Oklahoma has so far reaped US$372 million ($500.6 million) in savings and cost avoidance through its various IT unification efforts.

“[But] the biggest challenge in achieving the savings and efficiencies associated with IT consolidation/unification was compliance with federal regulations,” he said.

“State CIOs and the business of state government IT has rapidly adapted to fiscal pressures, changing technologies and reductions in the state IT workforce… However, federal regulators and auditors fail to recognise the changing technology and IT business models in state government, which impedes the ability of states to efficiently and effectively meet their own needs.”

To compound matters, state governments must often deal with multiple audits into the same processes and practices, and the criteria used in these audits are often inconsistent if not contradictory. Ensuring compliance is also a costly and time-consuming burden for state IT and security staff.

“As stewards of citizen data, we understand and appreciate the need to secure sensitive information,” Reese said.

“However, the plethora of federal regulations can and have impeded state efforts to produce cost savings for taxpayers and diverts the attention of scarce state government cybersecurity professionals to compliance activities rather than implementing forward-leaning security policies.”

Meanwhile, the US Department of Homeland Security (DHS) recognises the need for a coordinated approach to improving security — particularly when it comes to protecting the nation’s critical infrastructure.

The department has revealed plans to host a National Cybersecurity Summit in New York at the end of the month that will bring together a number of government officials, with representatives from academia and industry sectors including telecoms, finance and energy.

The summit will seek to develop a vision for a collective defence model for critical infrastructure, and will serve as a launching point for a number of DHS initiatives aimed at advancing cybersecurity and critical infrastructure risk management.

“With the majority of critical infrastructure owned and operated by the private sector, it is essential that we maintain strong partnerships between DHS and the private sector to underpin our collective defence against the evolving threats we all face,” DHS Secretary Kirstjen Nielsen said.

“Because of our increasing hyperconnectivity, cybersecurity remains a shared responsibility; too big for anyone acting alone. This summit is another opportunity to gather our interagency and private partners and chart our shared path to protect our nation’s critical infrastructure against cyber threats and achieve a secure and resilient cyberspace.”

Image credit: ©stock.adobe.com/au/robsonphoto

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.