“The state of IT in New Jersey is trending upward, but there is a long road to the finish line,” he said to a packed crowd at Government Technology's New Jersey Digital Government Summit on May 24. One accomplishment Weinstein seemed to be particularly proud of was what he called the “commercialization of our service catalog.”
“OIT embraced statutory mandates as a service provider with an emphasis on the provisioning and maintenance of IT infrastructure,” he explained. “We went from having zero service level agreements [SLAs] in fiscal year '16 to closing out fiscal year '17 with 11 SLAs — one for every billable service that we offer.” This, Weinstein said, includes networks, servers, databases or data center services.
Apart from the expansion of services provided by the OIT, Weinstein, whose background is in cybersecurity, has made strides in how the state handles hacks and cyberthreats.
“Security and risk management have become deeply ingrained into our culture,” he said. “Across all of OIT’s units, our managers and practitioners are more cyberaware than they've ever been … IT and information security are inextricably linked, and organizations that fail to embrace this mindset do so at their own peril.”
In order to combat the current environment, New Jersey has partnered with the Department of Homeland Security to tackle constant threats. Weinstein is committed to bolstering the state’s Cybersecurity and Communications Integration Cell (NJCCIC), a one-stop-shop agency for cybersecurity information sharing, threat analysis and incident reporting. Weinstein said he is already seeing improvements in the way his state is handling these threats.
“By promoting real-time awareness of cyberthreats, introducing new technologies for monitoring, instant response and authentication, enforcing compliance standards within a cybersecurity framework and other standards, by deploying patches more rigorously and religiously, and applying risk-based methodologies to block suspicious and malicious traffic," he said, "the state is far less vulnerable today than it was a year ago."
And while the state has made impressive strides in cybersecurity and the providing of services, overlooked maintenance and mismanagement through the years is beginning to catch up.
According to Weinstein, the Garden State is plagued by three factors: “too many varieties of legacy technologies, managed by too few resources, across too many disparate and independent IT organizations.”
Modernizing state IT systems and getting them on one cohesive team continues to elude NJOIT.
“Over the decades, poor governance contributed to lack of standardizations, a costly proposition that naturally complicates and therefore deters large-scale IT transformation,” said Weinstein.
In order to help create a more cohesive environment, Weinstein issued four executive branch circulars, creating enterprise technology solutions or standards that should be followed across the executive branch. These directives, he said, will help “prevent the problems of the past from continuing to plague us in the future.”
Weinstein also called attention to legislation passed in February that not only makes data transparency a requirement for all state agencies, but also codifies the chief data officer position into state law. Chief Data Officer Liz Rowe will be charged with “governing information technologies, governing the use of information technologies across the executive branch, and monitoring compliance with CTO circulars.”
Ensuring compliance however, starts from within, said Weinstein. Rowe will be enforcing the standardization requirements within NJOIT first, he explained, to make sure "we set a good example and practice what we preach.”
The state has also suffered from a lack of proper resources. While not unique to New Jersey, Weinstein is realistic about the trend of a shrinking public IT workforce. Because of private-sector competition and the increase in automation, “the state IT workforce is destined to shrink, not grow.”
The subject of artificial intelligence (AI) also was broached.
“AI is today what cloud computing was 15 years ago,” said Weinstein, adding that it is incumbent upon OIT to develop a core competency around automation and machine learning for the executive branch to leverage. “In the next quarter, we will be revising our system architecture review process to account for automation and AI considerations. Department agency CIOs must be thinking and planning for a world in which 25 to 50 percent of their IT staff’s tasks are automated.”
The last issue — the need to consolidate efforts — dates back to 1984, when the state attempted to unify telecommunications and information services in order to optimize services. The order did not address cybersecurity, so it confused and complicated the system. “The difference between now and 1984 is that centralizing IT is not just about efficiency; that's important but not the only factor,” said Weinstein. “Today, in fact, it's primarily about security and risk management.”
The executive branch is far too large to be lacking a centralized cybersecurity unit. With more than 70 departments and agencies, including over 60,000 users, the branch is a “massive enterprise.” If the state continues to operate as a loosely connected series of teams, they are at an even greater risk of cyberattacks. The softest targets are “federated and interconnected entities,” he explained.
The state needs to adopt a more unified identity in order to protect itself in the future. “If we do this, we will indeed remain on an upward trajectory, and the long and bumpy road that lies ahead might just be a little shorter and a little smoother.”