IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Digital States Survey 2022: Resident-Focused and Data-Driven

In 2022, leading states are breaking down information silos and assessing the data for more informed decision-making, and elevating efforts to keep all this data secure in a challenging cybersecurity environment.

The pandemic pushed states onto a new path, with remote work and increased digital services seemingly here to stay. Top performers in the Digital States Survey, presented by the Center for Digital Government (CDG),* used the past two years to expand and revamp digital services, with an emphasis on end-user experiences. These states also have been leveraging government’s ever-growing data collections for valuable insights, while defending information security and privacy against the continual drumbeat of cyber attacks.

“Human-centered design” became a guiding principle for states striving to make their digital services as user-focused and -friendly as possible. Minnesota enshrined the principle in its Modernization Playbook, Michigan hosted training sessions on the concept, and North Carolina elevated the citizen perspective by recruiting 1,000 residents to user-test its state website redesign. CIO Alan Fuller said Utah’s been seeking to improve processes based on customer feedback, rather than just getting “state employees to sit around in the room and think to themselves how to improve.”

States have also taken a hard look at the data they collect, working to glean more insights while preserving security and privacy. Data-driven analysis has powered efforts to address some of residents’ most pressing needs, with Georgia’s Broadband Availability Map detailing access gaps with address-level specificity and Minnesota’s data visualization tool revealing where vaccination clinics were most needed.

Ohio, too, dedicatedly advanced data-driven decision-making, building out its cross-agency data platform and inaugurating a chief data officer. New positions also launched in Utah and North Carolina, with both hiring privacy officers — efforts that officials said, respectively, can deepen resident trust and improve cybersecurity.

Cybersecurity remained top of mind, with states confronting precedent-setting incidents like SolarWinds and Log4j and everyday threats like ransomware and fraud. States rallied against threats and refined their approaches with lessons learned. Michigan’s experience with SolarWinds inspired process changes that helped it quickly assess third-party risks in the face of Log4j, while Ohio developed an analytics solution to combat fraudulent unemployment payments.

As they continue to harness digital tools to serve and safeguard their residents, many of this year’s leading states are doing so under new IT leadership. Georgia, Michigan, North Carolina, Ohio and Utah all introduced new CIOs since the 2020 Digital States Survey, while Minnesota’s CIO returns for another high score.

GEORGIA


Georgia is making big moves, transitioning its data center to the cloud.

This change will mean quicker service delivery, greater transparency, improved security and more innovation, said Shawnzia Thomas, state CIO and director of the Georgia Technology Authority (GTA).

Agencies have their pick of AWS or Azure, and GTA is overseeing the transition. At the same time, GTA is training up agencies’ staff in relevant skills through a “cloud campus” program — an initiative that will supplement GTA’s limited pool of cloud specialists while giving agencies more ownership.

Georgia brought on its first-ever chief cloud officer to support this effort. GTA has also been working to build up its base of cloud-savvy talent, by revamping job descriptions to emphasize cloud skills and recruiting at technical colleges, Thomas said.

GTA aims to convince college students to start their careers in the public sector, even if they later leave for private-sector salaries. Some eventually return, seeking the fulfillment of public service.

“Many people come back — they like that feeling of giving, of serving. [So] we want to make sure they get a taste of the public sector first, before they go out to the private sector for more money,” Thomas said.

Another major initiative was the launch of the Georgia Data Analytics Center, which pulls together data from across state government, enabling more analysis and making information accessible to agencies, legislators, academics and researchers.

“Georgia is keen on being a state of transparency, so putting this data out there for all to see is something that we’ve always wanted to do,” Thomas said.

The state itself is digging into data to make its websites more user-friendly. An analytics dashboard about visitors’ webpage interactions is helping uncover likely pain points, and data about call center requests adds more insights into residents’ needs.

Data also fuels Georgia’s nationally recognized Broadband Availability Map.

“We have the best map in the U.S., where it’s specific down to the address level, which gives us better visibility into where unserved areas are and that’s what we really want to home in on,” Thomas said. Georgia’s discovered not only unmet needs in rural areas, but also in major cities like Atlanta.

MICHIGAN


Michigan, meanwhile, has been emphasizing cybersecurity.

“In cybersecurity, we never want to rest on our laurels and say, ‘Oh, we did such a great job last year that we don’t need to continue to focus on that,’” said CIO Laura Clark. “We need to continue to stay on pace with the current practices and work really hard to protect Michigan’s resident data and systems that we’re entrusted with. That [work] will continue and ... being a dual-hatted CISO and CIO, [that] will continue to be a passion and a driver for me.”

In recent years, that energy drove developments that make the state more fleet-footed in response to software supply chain risks. When news of the SolarWinds attack broke, IT members manually pored through third-party contracts and records to pin down vendors’ contact information, so the team could communicate over the impacts, risks and mitigation efforts.

After that labor-intensive experience, the team improved the process by pulling vendor details into its Governance, Risk and Compliance tool. Thanks to this, they were able to quickly connect with vendors when the Log4j vulnerability emerged.

“We could be a lot more expedited in reaching out to our third parties,” Clark said. “… Anytime there’s a cyber event, we always try to look at process improvement and see if there is a way that we can be more effective and efficient next time. So, it’s that continuous improvement kind of mentality that we have here.”

Enabling a hybrid workforce as well as recruiting and retaining cyber talent has been another key focus. Michigan responded with everything from developing paid college internships to help with recruiting to keeping current staff engaged via opportunities to learn and use “leading edge” technologies.

The state also took a human-centered design approach to redesigning its MILogin service, producing a tool that was more user-friendly and which required less customer support from staff. New software development processes also help IT staff catch and correct potential code vulnerabilities early on.

Michigan continues to push ahead on these issues and is currently working to hire 19 more full-time cyber employees. IT is also assessing the state’s setup for any gaps or modernization needs as Michigan moves toward adopting a zero-trust framework.

MINNESOTA


Minnesota has been embracing human-centered design as it rolls out and upgrades services.

“One of the principles that’s really important to us is just understanding and having an empathetic view toward the impact that technology may have on people,” CIO Tarek Tomes said.

The principle is included in Minnesota’s Modernization Playbook and influenced efforts to streamline the state’s benefits portal last year. Applicants were interviewed about how the tool could be improved, and their responses guided a revamp that ultimately trimmed application times down from one hour to roughly 10 minutes.

“There are very few things we can do in government that are more important than really fulfilling the needs that people come to us with in a way that gives them back time,” Tomes said.

Minnesota’s efforts to provide critical supports have also been bolstered by new data visualization tools and a focus on data-based decision-making. This helped the state understand where and how to provide COVID-19 vaccination opportunities to reach all residents, Tomes explained.

Ready access to detailed information “gave us this instantaneous ability to pivot to provide, or stand up, more vaccination clinics,” he said. “It was a really critical part of saving lives throughout Minnesota in a way that was data-informed.”

IT underpins other support services, including a new process that automatically enrolls Medicaid-eligible children for free and reduced lunch, resulting in 100,000 more children getting fed. Other projects disbursed unemployment benefits during the pandemic — often faster than other states, Tomes said — and enabled pandemic frontline workers to digitally apply for benefits. The latter project had to handle 1.5 million applications, while also maintaining cybersecurity and fraud protections.

Many initiatives have been underpinned by strong partnerships. The Technology Advisory Council develops long-term strategic recommendations and includes state, legislative, local government and private-sector members. That diverse participation helps lead to cohesive plans that extend beyond the state’s executive branch, Tomes said.

A relatively new Legislative Commission on Cybersecurity also gives IT members an avenue for discussing important — but sensitive — cybersecurity matters with legislators to help inform their policies.

“It includes an opportunity for us to brief them behind closed doors … and that opportunity to have those conversations is really important,” Tomes said.

NORTH CAROLINA


North Carolina has racked up several “first-in-the-nation” moves, including launching an Office of Digital Equity and Literacy. It works with the Broadband Infrastructure Office to expand broadband availability and affordability, device access, and digital know-how.

When CIO Jim Weaver joined the state, “[Gov. Cooper] made it very clear that our No. 1 priority for the agency was broadband,” Weaver said.

Answering that call has included providing grants that incentivize infrastructure construction in underserved areas, raising awareness of broadband discount programs among low-income residents, and providing digital literacy training.

Broadband efforts also home in on equity gaps, with Weaver noting that 76 percent of white North Carolinian households had high-speed Internet subscriptions in 2021, compared to just 58 percent of Native American households. The state aims to raise all groups to the same level.

“The governor ... has challenged us by January 2025 to get that number up to 80 percent across all racial subdivisions,” Weaver said. Another goal: connecting all households with school-aged children.

North Carolina also set precedents in cybersecurity, becoming the first state to prohibit government entities from paying or negotiating with ransomware perpetrators. Weaver said ransomware attempts have since declined, but that it’s difficult to know how deeply the law influenced that. The state also formalized its Joint Cybersecurity Task Force — a cross-agency, cross-government body that supports incident response and preparation — and hired its first chief privacy officer, who has been working to build a privacy framework and program.

North Carolina is also looking to break down data silos among agencies to uncover insights that can inform state modernization efforts and decision-making. For example, connecting data from criminal justice, human services, public health and education programs may reveal information about children’s outcomes, Weaver said. Making such work possible requires first ensuring each data set’s security and privacy needs are met and creating a common dictionary of terms so entities understand how to accurately interpret each other’s data.

“I can go back to my days in Human Services, where it took [us] six hours to define the word ‘recipient,’” Weaver said. “… Depending upon what program you were focused on, ‘recipient’ meant something totally different.”

On a broader level, the IT department is trying to change how government delivers digital services, moving away from siloed, agency-by-agency approaches to instead create more seamless, user-friendly experiences.

“Our strategic plan does not talk about agencies — it talks about North Carolinians,” Weaver said. “So, everything we do, especially as we start talking about digital transformation, is, ’What’s in the best interest of a North Carolinian?’ and not necessarily looking at how services are provided by an agency online.”

OHIO


Data analytics and management are front and center for Ohio.

The state has piloted a program letting agencies without chief data officers consult with a shared one and named its first state CDO, selecting the deputy director of the InnovateOhio Platform (IOP).

That platform has evolved since the last Digital States Survey and featured 760 data sets by April 2022, up from 500 in summer 2020. All agencies were obligated to shift their platforms onto IOP and share data with it, in an effort to improve data management and analysis and create a common user experience across government.

Early in the pandemic, IOP worked with the state Department of Health to launch a public information dashboard where residents could learn their vaccine eligibility statuses and locate and schedule with providers. That initiative also gave other agencies a demonstration in how collaborations with IOP could advance their missions, CIO Katrina Flory said.

“[That] really showed the power of the platform and gave [agencies] confidence — like, ‘Oh, yeah, this does work. Look at what they did for Health,’” Flory said.

Still further data efforts expanded the DataOhio Portal, where researchers and other residents can now access more than 297 government data sets.

Ohio also promoted its single-sign on service, OH|ID, which grew to more than 5 million users. Capabilities enabling agencies to, on their own, integrate OH|ID into smaller applications and to invite customers to create OH|ID accounts have helped drive up usage. Ohio’s unemployment benefits and digital driver’s license renewal systems both adopted OH|ID for greater security, thanks in part to multifactor authentication features.

Ohio also doubled down on addressing its broadband equity gaps, including expanding the Broadband Office with a team member dedicated to digital inclusion, Flory said. The state also looked beyond just building out infrastructure to also address needs for devices, hot spots and affordable rates.

“We focused a lot on … making sure that school-aged children have devices,” Flory said. “Maybe previously the idea would have been to make sure that they had access at home. Well, they might not always be at home. Depending on what’s going on, you might have to spend today at your aunt’s house … so making sure they have the devices [and] have access wherever they are has been important.”

UTAH


Like other states when COVID-19 first hit, Utah’s IT team had to rapidly go remote while simultaneously supporting a newly remote customer base and launching many digital services. Tools for activities like vaccine tracking and unemployment claim fraud prevention helped deliver strong health and financial outcomes.

“We ultimately, as a state, came through very successfully with some of the lowest death rates and some of the highest economic outcomes,” said CIO Alan Fuller.

That wasn’t the only major transition facing IT. The building housing Utah’s data center was slated for demolition, forcing the team to move all its equipment and operations.

In 11 months, IT decommissioned, shifted to the cloud or physically transported more than 2,000 servers and more than 3,300 pieces of equipment. It also modernized, upgrading 10GB Internet to 100GBs and re-platforming systems. Transitioning more services to the cloud has also improved performance and positioned the state to use new technologies like AI, said Chief Technology Officer Dave Fletcher.

“We didn’t have any major breakdowns or anything throughout that move,” Fletcher said. “We’re maintaining hundreds and hundreds of services to citizens; we’re maintaining 1,600 applications supporting state agency operations. All of that continued pretty seamlessly throughout the entire move. So, I think that’s the big one [accomplishment], especially over the last year, is that successful move and what it implies.”

Data-driven customer service is increasingly top-of-mind, and IT has been featuring feedback-gathering tools on state websites to learn directly from users about their experiences, Fuller said. So far, these efforts have been implemented agency-by-agency, but Fuller hopes to expand it across government and across channels, helping the team learn, for example, what motivates residents to seek in-person services over online options and how improvements could answer these needs.

Utah is also emphasizing privacy and reconsidering what data it truly needs to collect, Fuller said. Supporting that work is a Personal Privacy Oversight Commission, which recommends privacy statutes, and new privacy officials. The state made the rare move of appointing not one but two privacy officers. One supports the executive branch, while the other focuses on local government, elected officials and other state entities.

Data privacy statements featured on state websites help to further foster residents’ trust, Fletcher said, and Fuller said the various initiatives have made privacy a regular part of agencies’ conversations when they consider how to share data.

*The Center for Digital Government is part of e.Republic, Government Technology’s parent company.

A STATES


Georgia
CIO: Shawnzia A. Thomas

Georgia continues to be a top performer in the Digital States Survey with yet another A grade. With the COVID-19 pandemic making evident the need for high-speed Internet in every home, the state doubled down on its broadband efforts. Georgia became the first state to release a detailed, interactive broadband map showing address-level data on availability. The map helped the state target its broadband deployment efforts to areas with the most need, resulting in a 10 percent improvement in coverage over the last year.

Georgia also made strides to improve constituent services in the last two years, including the Open Georgia open data portal. Residents can use this tool to view a wide array of reports and data sets on how the state is using their tax dollars. And with the amount of unemployment insurance fraud that occurred during the pandemic, the Department of Labor saw fit to implement an identity authentication project for the UI program. Using ID.me, the state can now more accurately identify false UI claims in addition to better preventing legitimate ones from being denied.

Internally, the state increased its focus on its digital landscape with the launch of the Digital Center of Excellence. Spearheaded by Digital Services Georgia (DSGa), the center brings together public- and private-sector technology professionals. In addition to sharing knowledge and best practices for the benefit of state agencies, the center’s members are tasked with contributing to the state’s Digital Standards and Guidelines.

Michigan
CIO: Laura Clark

The state of Michigan, a frequent high performer in the Digital States awards, employs a highly standardized and holistic approach to enterprise IT that is evident in all its work and accomplishments in the past two years. Perhaps one of the most intriguing is its establishment of a human-centered design office in 2021, tied in closely with its migration of the entire state web portal — some 120 websites with 170,000 pages and 133 gigabytes of digital assets — to a new content management system. The project introduced a new paradigm in state web design and digital service deployment; design standards and reviews ensure unified branding as well as accessibility and a proliferation of best practices. Meanwhile, the state has standardized its app development process, moving all teams to git-based repositories for version control, continuous scans of the code pipeline to get ahead of vulnerabilities before deployment and a “code vignette” library that allows developers to take advantage of previous work rather than starting from scratch.

Meanwhile, the state continues its forward march on modernization. The IT department completed one of its largest projects ever, the replacement of its legacy mainframe-based motor vehicles system with a new cloud-based system, remotely. The new system allows for better online service and has decreased the percentage of transactions taking place in physical branch locations from 52 percent to 38 percent. A new fishing and hunting application replaced a 20-year-old predecessor and gave citizens an easier way to handle permits and other business, including a mobile app to keep track of certificates and documents plus a map of Department of Natural Resources locations.

Minnesota
CIO: Tarek Tomes

Minnesota lands squarely in the “A” category this year, and its thoughtful approach to governance and people-centered IT is a significant part of the reason. On the heels of recommendations from the state’s Technology Advisory Council, Minnesota IT (MNIT) now has an Office of Transformation and Strategy Delivery as well as a Modernization Playbook that underpins all technology projects to ensure they deliver value, use agile development and apply human-centered design principles. A master contract program ensures regular audits and reviews of high-value IT projects based on total project cost. For example, projects with expected costs of more than $10 million must be independently audited every year — another example of a well-managed technology operation.

Cloud technologies factor prominently into Minnesota’s plans, with cloud emerging as its No. 1 spending priority, just ahead of cybersecurity. The state's “intentional” cloud strategy translates into a multicloud environment that has enabled a much smaller data center footprint — from 49 to four state-run sites.

Among the other examples of Minnesota’s IT priorities in action are several portals uniting data from multiple sources in service of the state’s COVID-19 vaccination and equity goals. The Vaccine Connector notified residents of vaccine eligibility and linked them to clinics nearby, serving hundreds of thousands of Minnesotans. A public-facing dashboard offers detailed data on progress toward vaccination goals, offering one example among many of a state committed to transparency and data-driven government.

The state partnered with Code for America to launch a streamlined benefits portal to ease access for those in need of state services. Applicants now spend about 12 minutes — down from nearly an hour — applying for help from programs they’re eligible for. Another noteworthy overhaul was to the state’s MNDRIVE program for driver and vehicle services, which went live in November 2020. MNDRIVE successfully dealt with more than 8 million applications in 2021.

North Carolina
CIO: James Weaver

The North Carolina Department of Information Technology (NCDIT) is imagining a connected future. The department’s top priority is to expand high-speed Internet access to more North Carolinians. To that end, Gov. Roy Cooper plans to allocate $1 billion in funding from the American Rescue Plan Act to expand infrastructure.

Last year, NCDIT Secretary James Weaver established the Division of Broadband and Digital Equity to facilitate some of the programs aimed at closing the digital divide. Together with the state’s Broadband Infrastructure Office and Office of Digital Equity and Literacy, the department is overseeing a plan that will build out infrastructure to deliver 100 Mbps download speeds to 98 percent of households and 50 Mbps to the remaining 2 percent. The state also has released a template to assist local governments in developing their own broadband expansion plans.

Beyond a more connected North Carolina, NCDIT is also focusing on making a healthier North Carolina. In response to the COVID-19 pandemic, NCDIT rolled out a HIPAA-compliant, cloud-based data platform to facilitate COVID-19 data sharing and publishing, a Bluetooth contact tracing solution, a vaccine reporting system which saved the state an estimated $3.3 million and 100,000 person-hours and more. Next on their to-do list is expanding the state’s health information exchange from 140 emergency departments to thousands of health-care providers.

These improvements to North Carolina’s information technology have been matched by work at the enterprise level to stabilize NCDIT under Weaver, the state’s third CIO in the past two years. Weaver and NCDIT have developed a statewide IT strategic plan outlining the state’s priorities, principles and goals. This has helped orient the department and state toward a more cohesive approach to technology going forward.

Ohio
CIO: Katrina Flory

Ohio again finishes with an A for the fourth consecutive survey. Many successes put Ohio in this position, but an overarching consistency is that the state prioritizes using technology to solve problems. Ohio currently has a strong focus on bridging the digital divide, forming a dedicated broadband office. Dubbed BroadbandOhio, it’s a centralized hub for connecting the state to high-speed Internet, from businesses to households. Along with the office, the state also funneled $250 million into related grants. As a result, Ohio has a mosaic of projects forming a sustained effort. These include school districts using fixed wireless tech to provide Internet at home, a telehealth project that gives K-12 students mental health assistance in real time, and more.

When it comes to modernization, the state is using tech to make its Bureau of Motor Vehicles (BMV) better. This is being done with self-service kiosks to renew driver’s licenses, as well as a capability to order or print licenses online. In other words, Ohio is making it so you can go to the BMV without having to actually go to a BMV office. Meanwhile, the InnovateOhio platform — which we lauded in 2020 for aiding COVID-19 response — continues evolving. It now has a feature called SkillsMatch to help employers find job candidates qualified for open positions. Finally, Ohio also leveraged tech to improve its foster care system. Working with Connect Our Kids — a nonprofit group in the state — Ohio implemented tools in several different ways to help better connect foster children with permanent families. These are just a few examples of many tech successes for Ohio in the past two years.

Utah
CIO: Alan Fuller

Utah shows how a state can use technology to better coexist with the environment and deal with climate change — lessons that all other public agencies will have to learn sooner or later.

The pandemic and a remote workforce are not the only challenges that Utah’s state tech professionals have recently faced. As the state continued to deal with severe drought, a new website set up by Utah, drought.utah.gov, is helping with water management and community information. The state also works with the federal government to monitor snowpack, soil moisture and other data vital to conservation projections. Other websites — including from the state’s Department of Agriculture and Food — along with promotion and incentives for smart irrigation controllers and similar tools also are helping with the overall fight against the persistent dry climate. Overall, data is driving more effective decisions about water use in the state, while webinars and other digital resources are educating residents about how to more efficiently handle the challenges of drought.

Bringing better tech to the often frustrating process of visiting the DMV also is aiding the environment. State residents have renewed more than 2 million vehicle registrations online, and the state boasts that 74 percent of all vehicle registrations in Utah are now renewed without any visits to a DMV office. That translates into the elimination of 2 million trips to the DMV and 18 metric tons of carbon dioxide from hitting the atmosphere — along with 1 million hours that state residents saved via those online services.

A- STATES

Arizona
CIO: J.R. Sloan

Arizona state CIO J.R. Sloan’s IT organization, Arizona Strategic Enterprise Technology (ASET), is no stranger to the cloud. In a recent article, Sloan talked about the state’s “cloud first” policy, introduced in 2017. The Arizona IT team reported that 92 of the 96 data centers across state agencies have been decommissioned — and that most of that activity was moved directly to the cloud. With over 50 percent of the state’s current systems and applications migrated to the cloud thus far, statewide cloud adoption continues to be one of Arizona’s top IT priorities.

Noteworthy cyber accomplishments for Arizona include being the first state to adopt security standards established by StateRAMP, continuing a cyber grant program for local and tribal governments to improve accessibility to cybersecurity tools, and opening a new Cyber Command Center after the Enterprise Cybersecurity team transitioned from the ASET Office to the Arizona Department of Homeland Security in 2021. Through the state’s cyber grant program, currently in its third year, over 50 local and tribal governments can access tools to shore up their cybersecurity, including advanced endpoint protection, anti-phishing awareness training, multifactor authentication, and web application firewall.

The Arizona Management System (AMS) is where data-driven government initiatives come to life. The AMS uses state data to measure performance and identify ways to provide better service to residents. Several departments are engaging in data-driven work, including the Department of Environmental Quality’s assessment tool for surface water, and the Department of Economic Security’s multifaceted fraud detection efforts for unemployment claims.

Connecticut
CIO: Mark Raymond

The last several years of Connecticut’s IT journey have been eventful ones. In addition to dealing with the general chaos wrought by the COVID-19 pandemic and transitioning more than 20,000 state employees to remote work, the state would also undergo significant organizational change in the name of consolidating executive-level IT operations. In March 2021, Gov. Ned Lamont announced plans to bring all executive branch IT resources under the Bureau of Information Technology Solutions (BITS), a goal that was realized during the 2022 legislative session and took effect July 1, 2022.

Efforts to protect state systems and data have been a key priority. Response and resilience planning, as well as a comprehensive cybersecurity strategy, are in place and involve a broad group of federal, state and local partners. The formation of the Cyber Security Committee, which meets monthly, helps to ensure all stakeholders are prepared for potential incidents. Enterprise-wide vulnerability scanning began in 2020 and has been ongoing to ensure federal compliance across 20 executive branch agencies.

Externally, the state IT shop has also been working to improve constituent interactions. Robin, a statewide, AI-driven digital assistant, was launched to offer a clearer path to various agency services. Similarly, the Department of Motor Vehicles created the Commercial Vehicle Operations (CVO) portal, giving the carrier industry a one-stop shop for online transactions. During lockdowns, customers were also able to access the DMV via the Online License Renewal feature, which has become the state’s primary means of renewal.

Hawaii
CIO: Douglas Murdock

Working toward its connectivity goals, Hawaii will expand a pilot project to connect rural communities with broadband services by expanding infrastructure along state highways on all islands. Bolstered by federal funds, the project will offer a wireless mesh network across all state and county roadways adjacent to eight pilot areas on Hawaiʻi Island, Maui, Oahu and Kauai.

When it comes to public safety, Hawaii is leaning into interagency collaboration with a 240-acre central Oahu First Responder Tech Campus (FRTC) which will unite nearly 20 federal, state and city first responder agencies on one campus. The shared facility is set to break ground next year.

Since the last survey, the state has made great strides with regards to customer-facing digital services: Between October 2020 and March 2022 Hawaii’s Safe Travels program processed some 12 million travelers via digital portals, providing a significant boost to the state’s tourism economy. The technology allowed people to store proof of vaccination documentation on mobile devices. Along those same lines, this year the Hawaii Department of Human Services launched a “virtual agent” and companion web chatbot to better serve the public, shifting communication away from telephone and email interactions.

Larger modernization efforts under the Hawaii Modernization Initiative (HiMod) focused on replacing legacy systems and other upgrades. Among them is the human resource management system, with new payroll and time management technology for some 70,000 state workers. Similarly, the state is modernizing its 40-year-old financial management software platform with a new enterprise financial system to enable more data-informed, real-time decisions. And to build on this new dedication to sound management practices, the Hawaii Legislature also created a chief data officer position.

During 2020 and 2021, the state added some $2 million in upgrades and enhancements to its cybersecurity systems, hardening endpoints like laptops, servers and PCs. Education around cybersecurity reduced the number of workers who clicked on phishing emails from 7 percent in 2020 to less than 1 percent in 2021.

Illinois
CIO: Jennifer Ricker

Illinois has improved its grade in the Digital States Survey from a B+ to an A- over the past two years, thanks in large part to continued investment in foundational work put in place when the Department of Innovation and Technology (DoIT) was established in 2018. A major effort since then was the launch of a statewide single sign-on platform called ILogin. Its use was accelerated by the COVID-19 pandemic to help combat cyber attacks and fraud against the state’s unemployment insurance system. ILogin strengthens security of resident information with multifactor authentication and can also be used for other state systems like the Vax Verify portal established in July 2021 for vaccine records access. In other security progress, Illinois is moving toward a zero-trust posture, and both the CIO and CISO sit on the governor’s Cyber Executive Committee, tasked with developing a whole-of-state cyber strategy. Legislation enacted in 2021 changed the state election code to include cybersecurity requirements, and in 2022 the Illinois Elections Cyber Navigator Program is expanding to all local governments for enhanced elections security.

Last year, under the guidance of a new chief data officer, Illinois established a new data strategy that focuses on skill building, increased use of data tools, and online training for state agencies on data management and analytics. Multiagency data sharing agreements allow DoIT to host a secure exchange of information across state departments. To combat challenges around hiring and retention, DoIT has developed a workforce strategy that has redefined qualifications for entry-level jobs, which no longer require four-year degrees, prioritizing interest and aptitude over specific experience and education. And in addition to standing up a software-defined data center for disaster recovery, a process called Snapshot DR can capture the entire state mainframe on an hourly basis, allowing DoIT to replicate it if needed at an alternate data center in Chicago.

Indiana
CIO: Tracy Barnes

With a strong overall IT posture, from cybersecurity to data use to local government outreach, Indiana once again maintains its A- grade. In November 2020, the Indiana Office of Technology (IOT) created the Enterprise Governance Council to help connect agency IT leadership to the central technology office with the aim of letting agencies know early on about upcoming plans. Agency interests are also represented in the IN.gov program, a formal effort to improve the state website. Group members provide feedback to enhance online service delivery, and the program also offers local governments access to the IN.gov domain and website templates. IOT has continued work on its single sign-on portal called Access Indiana, which since 2020 has added more than 80 apps and grown to serve more than 1.4 million users.

Support for local cyber efforts is a priority in Indiana, including a law put in place in July 2021 that requires locals to report cyber incidents to IOT. Since then, more than 170 incidents have been reported. Plus, the IOT’s Information Sharing and Analysis Center did a “listening tour” with government agencies across 42 of the state’s counties to learn their cyber challenges firsthand; they anticipate visiting all counties by the end of 2022.

Workforce development has been central to Indiana’s efforts, notably the State Earn and Learn (SEAL) program, wherein IOT reskills people previously working in other occupations, like health care and food service, and gives them hands-on IT training with the state, in addition to tech credentials. The state’s successful Management Performance Hub, which proved especially useful in gathering anonymized data during COVID-19 that allowed for more accurate forecasting of the virus, has also established 10 data-specific careers to be launched across state agencies.


Maine
CIO: Fred Brittain

In recent years, Maine IT has evolved to an inclusive centralized model that incorporates agency representatives into the IT decision-making process, including organizational goal setting. Among the state’s IT priorities is ensuring that digital services and information are accessible to all residents and employees, including the 16 percent of the population with disabilities. To that end, Maine has elevated its accessibility program with a strategic initiative to reflect national standards and build and sustain mature digital accessibility.

The activities of the state Office of Information Technology (OIT) are guided by two major strategic plans: the Modernizing of Application Services and Delivery Strategic Plan, and the Information Security Strategic Plan. Those documents emphasize the role of OIT as a partner to all state agencies and lay out its intention to deliver excellence through the tech services it provides.

Maine recognizes the need to protect its digital assets by focusing on staying abreast of emerging threats that place the state’s assets at risk. The state CISO leads Maine’s cybersecurity planning operations and incident response efforts in collaboration with national cybersecurity partners and governance bodies. The CISO is also in regular communication with OIT about emerging threats, vulnerabilities, best practices and actions.

Maryland
CIO: Michael Leahy

Maryland’s focus on data governance and securing citizens’ data got legislative boosts in 2021 when Gov. Larry Hogan signed executive orders. The first formed a privacy framework for state agencies to collect, use, retain and disclose personally identifiable information. It also created a new state chief privacy officer position (SCPO) and asked the state’s principal executive units to appoint an agency privacy official to work with the SCPO to inventory the state’s data, systems and applications.

The governor’s second executive order resulted in a new state chief data officer (SCDO) role to supervise data use and management and facilitate interagency data sharing. It also asked state agencies to appoint an agency data officer to work with the SCDO to oversee the agency’s internal and external data affairs. Together, the SCDO and agency data officers will assess and make recommendations regarding Maryland’s data landscape to produce a strategic state data plan. Also in the works is the implementation of a whole-of-government approach to data governance led by the Department of Information Technology, CISO, SCDO and SCPO.

As for other efforts by the state, IT officials have developed a cost allocation model for shared IT services, established a request management process for agencies to ask for IT support and asked Maryland DoIT to develop a statewide IT master plan.

Massachusetts
CIO: Curtis Wood

The state of Massachusetts has improved its ranking in the Digital States Survey this year through its centralized approach to technology. The centralized structure of IT for the commonwealth originated in 2017, when the Baker-Polito administration created the Executive Office of Technology Services and Security (EOTSS), now led by CIO Curtis Wood. This approach has guided processes and will continue as the commonwealth implements the Statewide IT Roadmap for FY23-25.

In the vein of better serving constituents, the EOTSS process for creating, testing and improving constituent-facing websites involves accepting feedback and using web analytics according to the digital policies and guidelines created in 2020 by the chief digital officer. This domain policy has proved impactful for platforms like that of the Peace Officer Standards and Training Commission in 2022. Another major website achievement was the January 2022 launch of My Vax Records to help people access their vaccination records.

The digital government experience for Massachusetts residents goes beyond websites, though, as the state embraces emerging technologies. For example, Project (VR)², launched in the spring of 2021, leverages virtual reality to improve job interview skills for people with disabilities. And the use of these new technologies is also developed through a collaborative effort by EOTSS involving the CTO, CDO, CISO and the Office of Strategy Management Services.

The commonwealth also outlined a collaborative approach to tackle cybersecurity with the February 2022 implementation of the cybersecurity incident reporting and response framework, which clarified the roles of executive branch staff along with the future of the EOTSS Unified Security Operations Center. Cyber policies and strategies are developed by the CIO with other technology officials.

Missouri
CIO: Jeff Wann

Missouri’s tech work of late has focused on citizen-centric technologies, workforce development, efficiency and cybersecurity. As part of its Digital Government Modernization initiative, the state has implemented an easy-to-use citizen portal for government interaction, services and information resources, smart systems, and process automation, among other milestones. In addition, the state has expanded online workforce project management training to increase productivity and interdepartmental collaboration. The state has also worked to implement shared cloud environments to host multiple departments and systems, reducing operational costs, along with increased investments in cybersecurity technologies.

Missouri has made notable strides advancing its strategic IT goals through engagement between stakeholders, including state policymakers and IT officials, and now offers over 650 online services. In addition to increasing its focus on data-driven government, the state has created a health IT data map to share data between agencies such as the departments of Health and Senior Services, Social Services and Mental Health, and their partners in the Information Technology Services Division. The state’s Office of Cyber Security also performs annual disaster recovery testing for all consolidated agencies, which includes technical restoration of critical functions.

Among other goals, Missouri officials’ top priorities moving forward include continuing infrastructure modernization, improved collaborative services, increased data governance and transparency, addressing the digital divide, and hiring and retaining quality IT personnel.

Pennsylvania
CIO: John MacMillan

Pennsylvania has upped its grade in the Digital States Survey to an A- for 2022, citing a focus on cybersecurity. In late 2020, the state updated its employee and contractor password policy to restrict common words and variations of those. The policy encouraged the use of passphrases. The state also launched a monthly email series, Cyber IQ, in December 2020 to educate users about relevant cybersecurity matters within their work and home online activity. In September 2021, Phish Finder emails were launched in an effort to reinforce the positive behavior of users who forward phishing exercise messages to the Office of Information Technology’s spam resource account. The state also improved its security awareness knowledge.

Outside of cybersecurity, Pennsylvania has put an emphasis on privacy, hiring a chief data officer in 2020, who then established an Enterprise Data Management Review Committee, which included data stewards, IT, legal counsel, business and privacy resources, governance, and privacy and transparency initiatives, among others. Under the data officer, the Office of Data and Digital Technology held a transparency campaign within its data portal and saw a 300 percent increase in the number of data sets in 2021 from 2020. In July 2021, Pennsylvania hired a chief privacy officer to review relevant legislation and inform decisions about improving data law, policies and regulations.

Tennessee
CIO: Stephanie Dedmon

The pandemic forced tech improvisation and innovation, and in Tennessee, the digital changes brought about by COVID-19 continue to pay significant dividends. The MyTN mobile app illustrates that. The mobile-friendly service was developed as in-person interactions plummeted, and the past two years have brought 10 phases of planned service releases, with MyTN now offering 58 unique government services for residents. The all-in-one centralized mobile service, accessible via single sign-on, has attracted more than 50,000 unique users and provides what tech officials in the state view as a foundation for Tennessee’s ongoing digital transformation.

Security is a big part of that transformation. MyTN uses multifactor authentication and LexisNexis ID proofing, among other features. The ongoing effort also requires a multiyear, cross-departmental collaboration, reflecting how gov tech innovation is as much about figuring out how different people with different responsibilities can work together efficiently as it is about the latest and best software, apps and user experience.

Collaboration and improved customer experience also drove the creation of an AI-powered conversation chatbot to serve the state’s veterans when they seek assistance from government officials — a process that can be frustrating and involve thickets of red tape and multiple bureaucratic barriers. The chatbot can identify critical topics and common requests and make recommendations based on that knowledge. More than 507,000 chats took place between April and June 2022, according to state officials, and other departments including Human Services and Labor and Workforce Development are involved in the program.

Texas
CIO: Amanda Crawford

Once again, Texas finishes with an A- ranking, putting together a strong slate of IT work. In a recent legislative session, Texas lawmakers codified data work within the state government. A new bill requires appointing a data management officer for state agencies that meet a 150-employee threshold. The in-agency data officers are then tasked with joining the state’s data management advisory committee, working with the state chief data officer, building a data governance program for their agency, providing data for Texas’ open data portal and more. It’s a major step, one that both organizes the state’s approach to data and ensures the structure will remain intact for years to come.

At the top of Texas’ priority list, however, is cybersecurity. The state recently made a $22.3 million investment in endpoint detection and response technology, which it is providing to agencies at no cost. This tech is on the cutting edge of cybersecurity, helping to guard against ransomware and other threats. In addition, Texas is partnering with universities there on several regional security operations center pilots, which have the dual benefit of bolstering cyber defenses statewide while simultaneously preparing students for careers in the field. Texas also established stronger cybersecurity training requirements for its state agencies and local governments.

Finally, the state also focused on improving constituent engagement. To help facilitate all of this — as well as any other tech adoption needs — Texas’ central IT shop created a strategic digital services program at the enterprise level, one that helps agencies modernize, transform and ultimately develop tech tools to accomplish their missions. On the user side, Texas created Texas by Texas, or TxT, a secure platform with a mobile app that residents can use for all government business, complete with a single account, personalized dashboard, stored payment info, notifications and more.

B+ STATES


California
CIO: Liana Bailey-Crimmins

California’s top IT leadership changed in June when veteran state executive and Chief Technology Officer Liana Bailey-Crimmins was named state CIO and director of the California Department of Technology (CDT). Now-former state CIO Amy Tong was named director of the Office of Digital Innovation (ODI) in December and secretary of the California Government Operations Agency (GovOps) in February. CDT and ODI are under the GovOps umbrella.

Expanding broadband statewide remains a key focus with up to $1 billion for CDT to grow broadband infrastructure in the 2022-2023 Fiscal Year budget. Lawmakers previously approved spending $6 billion on broadband infrastructure over three fiscal years starting in FY 2021-2022 — including $4.3 billion in federal American Rescue Plan (ARP) Act fiscal relief funds.

In October 2021, Gov. Gavin Newsom’s office published Cal-Secure, which it called the state’s “first multiyear cybersecurity road map.” It examines “people, process and technology,” and shortfalls or concerns. In a LinkedIn post then, state Chief Information Security Officer Vitaliy Panych said Cal-Secure is “the de facto guide on how our agencies are keeping Californians safe, online and in business.”

In January 2021, CDT published Vision 2023, a statewide strategic plan “to efficiently and effectively use technology to meet our society’s goals.” It addresses three key principles: putting people first; continuous, timely improvement; and the idea that working together is preferable to working alone.

With historic wildfires on the rise, the California Department of Forestry and Fire Protection implemented a Wildfire Analyst Enterprise solution for near-instant incident response and accurate fire-spread modeling. The California State Automated Welfare System (CalSAWS) deployed in the fall of 2021 integrated 39 counties and the city of Los Angeles in an automated case management system; the remaining counties will be on board by 2023.

Colorado
CIO: Anthony Neal-Graves

Consistently a high performer in the Digital States Survey, Colorado once again netted a B+ this year. The state doubled down on efforts to improve its cybersecurity posture with HB21-1236, a bill that revamped the Governor’s Cybersecurity Council. The council’s makeup and objectives now directly support Colorado’s whole-of-state cybersecurity approach. The state also consolidated and clarified the Colorado Information Security Policies (CISPs) to align with Version 8 of the Center for Internet Security’s Critical Security Controls and the National Institute of Standards and Technology’s most recent standards. All state agencies now follow the same set of policies.

On the constituent-facing side of its technology efforts, Colorado made strides in expanding broadband availability. Since 2020, 98 percent of all school districts in the state have reached the Federal Communications Commission’s current connectivity standards. Rural connectivity was also improved, jumping from 78 percent to 87 percent over the same period. Additionally, the Colorado Broadband Office implemented a Digital Transformation Strategy after gathering data from five of the major broadband providers in the state in 2021. By June of that year, the agency had already implemented 10 percent of that strategy.

Last year, the Colorado Legislature passed HB21-1110, which makes it a civil rights violation if constituents are unable to receive services or benefits due to a lack of accessibility. To comply with this new law, state agency websites must be in line with the Office of Information Technology’s website accessibility standards. OIT created the Technology Accessibility Program (TAP) in 2021 to help agencies comply. TAP contains a wealth of resources to assist agencies in achieving accessibility standards, including a framework for creating an adoption plan, technical support, a monthly newsletter and a growing community of practice.

Iowa
CIO: Matt Behrens

IT in Iowa is trending up, from a B in 2020 to a B+ in 2022, with significant strides toward solid governance around how the state uses and upgrades its technology. Its first-ever five-year strategic plan was released in late 2020, providing a framework to guide more than 500 initiatives from agencies to support the administration’s goals where technology is concerned.

The Office of the Chief Information Officer processes broadband grants in Iowa, and the system it built for grant management has distributed $307 million since September 2021. When projects are completed, nearly 116,000 businesses, schools and homes in the state will be connected to high-speed Internet.

Digital service expansion and modernization emerge as two clear priorities for Iowa as well. The pandemic supercharged digital services efforts, evidenced by the addition of hundreds of new online forms, and the addition of a Gov2Go portal, which eased access to dozens of additional resident-facing services. Iowa also scaled up records processing systems to enable timely reporting of pandemic data: The state can now process 40 times more daily records than it could prior to the onset of COVID-19. Iowa also added single sign-on capabilities in March 2021, reporting its effectiveness in preventing the large-scale fraud that affected so many other states while administering relief programs. Alongside these efforts were investments in legacy upgrades, like a cloud-based HR system that brought several new efficiencies.

In the realm of cybersecurity, the state hired its first CISO in late 2020 and stood up a 24/7 Security Operations Center in April 2022. A Critical Incident Response Team comprising multiple organizations including the National Guard, Secretary of State, Iowa State University Board of Regents and the Office of the Chief Information Officer advises the state CISO and pitches in on incident response.

Louisiana
CIO: Dickie Howze

Louisiana’s No. 1 goal is improving its cybersecurity. Since 2019, the state has responded to more than 100 cyber attacks, and in 2020, the state spent $2.3 million remediating attacks. Most notable among Louisiana's efforts to shore up its cybersecurity efforts is the state’s reliance on a cyber attack response protocol called Emergency Support Function 17 (ESF-17). The effort is a collaborative partnership between the Governor’s Office of Homeland Security and Emergency Preparedness, the Louisiana Military Department, the Louisiana Police Cyber Crime Unit and the state’s Office of Technology Services. This partnership has been led by Dustin Glover, who was recently given a new title of chief cyber officer to oversee cyber attack responses. The state also publishes incident response plans, playbooks and other tools for post-attack analysis for agencies to review and use as cybersecurity incidents occur.

Beyond cybersecurity response, Louisiana is in the midst of updating its legacy systems in response to a 2018 legislative report which found 11.5 percent of all applications and 46 percent of all IT infrastructure in the state was in a “most at risk” condition. The report estimated the state had a roughly $1 billion backlog for modernization. In the four years since, the state has been set on a clear path forward with funding support as well as administrative support from the governor and his commissioner of administration, who set a goal of having the backlog addressed by the end of the current gubernatorial term. So far, the state has achieved modernization of its Medicaid systems as part of its upgrading of enterprise architecture. Thanks to adequate funding, the state’s chief information officer and other stakeholders have been able to address specific efficiencies in the programs as well as further consolidate the IT organization within Louisiana.

Mississippi
CIO: David Johnson

Mississippi held steady with its B+ grade in 2022 through its constituent-centric work, particularly as the state was navigating through the COVID-19 pandemic. The state’s MS Ready emergency preparedness app, which has been around for six years, came in handy during the pandemic, as the Mississippi State Department of Health used it for daily communication to update the public on the virus. Notifications skyrocketed from 3,000 per month pre-pandemic to over 492,000 during 2020 and 2021. Features in MS Ready include real-time push, text or email notifications; detailed reports on emergencies; a hotline; emergency checklist; and connection to the department’s social pages.

The Mississippi Department of Human Services and the Division of Medicaid, to increase coordination and improve health outcomes, developed AccessMS website to allow citizens to jointly apply for benefits from each agency. The platform’s first phase was launched in late 2018, but since the pandemic, applications have increased from about 7,500 to 30,500 per month; the automated system lets caseworkers worry about patients rather than entering information. Phase 2, which includes a user dashboard and authentication, is scheduled for completion by the end of this year. Phase 3, which is a fraud and abuse module, was released in May.

Twenty-five agencies throughout the state accounted for over 95 percent of the 2021 expenditures on IT items including hardware, software and services, with all using telecommunication services managed by the state’s Information Technology Services department. The state ranks cybersecurity and cloud computing as its top two priorities.

Montana
CIO: Kevin Gilbertson

Montana has been leaning into broad modernization, moving to eliminate its use of mainframes while transitioning to the cloud and embracing commercial off-the-shelf as well as low- and no-code solutions. With a decentralized IT structure, the state’s technology department has done much to earn buy-in from other agencies on these initiatives, deeply integrating their participation into the strategic planning process with a collaborative approach during its new annual State CIO Summit. Consequently, Montana has been able to move forward with several statewide improvements such as the hiring of a chief data officer and the creation of a data lake where agencies have full control over what they share. The state is working toward a vision of an enterprise system integrated well enough that when a citizen updates information with one department, other agencies can also update their records.

Several specific projects stand out in Montana IT’s recent work. During the pandemic the state had success setting up a new contact center to assist in delivering federal stimulus funding, a COVID-19 dashboard viewed millions of times and a library hot spot program that saw residents check out hot spots 11,000 times in 22 months.

Meanwhile, the state has been improving its cyber posture; a new system has allowed IT to develop some 100 playbooks that automate its response to various potential threats. This has, among other things, saved the state from responding to thousands of duplicate phishing emails. It has also been instrumental in setting up the Joint Cyber Security Operations Center (JCSOC) with North and South Dakota — a project that has since grown to include New Jersey and Kansas, with more states in the pipeline. JCSOC is actively working to move from simple threat intelligence sharing among members to a more active environment where members help each other respond to incidents.

New York
CIO: Angelo “Tony” Riddick

At the end of December 2020, Angelo “Tony” Riddick took the helm of New York state Information Technology Services (ITS). Since then, Riddick’s team has worked alongside other state and local agencies to fortify New York’s cybersecurity and deliver constituent-centric services.

At the height of the pandemic, New York received nearly $70 million from federal legislation like the American Rescue Plan Act and the Consolidated Appropriations Act of 2021. The funding allowed the state to help low-income New Yorkers pay water and waste bills. And to make that happen, ITS created a web-based applicant portal for New Yorkers to apply for funding for outstanding water bills and a case management system to allow the Office of Temporary and Disability Assistance (OTDA) staff to oversee applications. During 2021, there was also a push to make state agency websites more accessible to residents that speak different languages. In thisGTarticle, Riddick elaborated: “Right now, our agency is implementing the technology to support a new law, which originated right here in the Legislature, that will require state agency websites to be accessible in each of the 12 most commonly spoken non-English languages.”

In early 2022, New York Gov. Kathy Hochul announced a Joint Security Operations Center, intended to facilitate cybersecurity coordination including data collection and information sharing between the state and local governments. Monetary resources dedicated toward cybersecurity have increased to $62 million. Riddick emphasized the importance of this whole-of-state approach to cybersecurity in an interview withGovTech. He noted that ITS will support cities and smaller municipalities by providing cyber threat awareness and cyber threat analysis training.

North Dakota
CIO: Shawn Riley

North Dakota has consistently been on the cutting edge of the technology space for the last several years. The state’s governor, Doug Burgum, has deep roots in the IT sector, with many arguing he is the most tech-literate head of state in the U.S. With the state’s laser focus on innovation in areas like drones and digital currency, it should come as no surprise that North Dakota punches above its weight in state IT.

When it comes to cybersecurity, North Dakota has a well-established multistate Security Operations Center that pulls critical intelligence from a 16-state coalition. These groups include state, county, city, tribal nation and education partners. In 2019, the Information Technology Department put $15.4 million toward expanding tools, staff and contractor support and analysis.

CIO Shawn Riley told Government Technology in October 2019 that the state was using automation to not only improve process efficiencies but as a “matter of survival” to supplement a workforce where 20 percent of the staff is on the brink of retirement. The state has also pushed ahead of others in the areas of ethics and equity, having established an advisory board to examine the longer-term impacts of new technologies in the public sector.

Oklahoma
CIO: Jerry Moore

In the interest of system modernization, Oklahoma’s Office of Management and Enterprise Services led a disaster recovery project to modernize data centers, servers and a cloud backup system to harden the state’s digital assets against natural or cyber disasters. As part of the project, Oklahoma has sought to redesign and build its network from scratch, migrate large amounts of data to a central location and create a backup system. Some of the technology partners in this project included Dell Technologies, VMware and NTT DATA Services, which modernized cybersecurity processes and upgraded physical systems, such as virtual desktops, Windows and cloud-based drives. The virtual desktops now allow workers to access the state network without having to physically travel to their offices. Old mainframe systems, like the one used by the Oklahoma Employment Security Commission, were virtualized and made more robust. Similarly, chat tools were put in place to make communication between service providers and the public easier.

Meanwhile a state data-sharing project — as part of a partnership with Google Cloud — has enabled the easier flow of data among Oklahoma state agencies. The system allows agencies to enable the sharing of data, as well as prevent sharing as needed. Some 23 terabytes of data are now more easily shared and unified. Plus, six of the state’s largest agencies are now able to work collaboratively and share data with fewer steps. The first phase of the project was completed in 2021. In citizen services, residents and others needing to complete licensing applications can now accomplish many of these online at my.ok.gov.

Oregon
CIO: Terrence Woods

Oregon has made strides since 2020 in its IT modernization efforts outlined in the governor’s IT action plan, which aims to ensure the launch and management of secure, user-friendly systems for residents. The state has placed specific emphasis strengthening its cybersecurity posture, IT governance protocols, addressing the connectivity divide and improving cloud computing infrastructure, data governance and transparency.

So far, Oregon has developed an Information Security Incident Response Plan using new tech tools to help guide response to cybersecurity incidents, noting that each incident varies in severity and requires flexibility to mitigate. The plan defines administrator responsibilities and documents the steps necessary for effectively managing an information security incident, among other specific guidelines. It’s also been described by IT experts as “one of the best” guides for local IT protocols.

Among other notable accomplishments, the state’s 100-plus websites show consistent design and mobile responsiveness for visitors, making them more intuitive and accessible. Oregon is also embarking on a new phase of work on its data protocol strategy, which focuses on development of data-sharing approaches to improve data-informed decision-making and the creation of a Statewide Data Literacy Framework.

Rhode Island
CIO: Brian Tardiff (Interim)

Rhode Island has in the past few years focused on digital transformation, which has resulted in some significant advancements in certain agencies, including the Department of Business Regulation, which is 100 percent digitized, and the departments of Revenue and Environmental Management, along with the Department of Administration. Also, the Digital Technology team was created to focus efforts on migration to the cloud, analytics and other modernization activities, and to focus on cybersecurity.

The state also recently began undergoing an ERP transformation to a modern cloud ERP. It will be completed in the next four to five years with new systems for grants, finance and HR and payroll. With emergency technology, Rhode Island approaches new tech with some degree of skepticism, and evaluates emergency technology through a proof-of-concept process to determine its value and feasibility. An example is the blockchain proof of concept, implemented with the Department of Business Regulation. Here, the state built a blockchain pilot for Certified Public Accountant digital identity as the proof of concept. In the Department of Human Services, a bot uses robotic process automation to assess eligibility for health care and authorizes cases. So far, the system has saved 10,400 human work hours.

South Carolina
CIO: Keith Osman

In the past two years the state formalized its mission of participation and collaboration among agencies with an IT shared services model, which provides a range of scalable services in four main areas: workplace services; network and telecom services; hosting services; and enterprise storage. The goal is to improve statewide decision-making and help agencies achieve greater value from IT investments and improve IT security and effectiveness. Agencies that have moved to shared services have already seen immediate gains in security vulnerability remediation and reduced consumption storage with virtual servers. These improvements allow agencies to focus on their business needs and those of South Carolinians.

The state also made great strides in cybersecurity. The Department of Administration Office of Technology and Information Services made progress toward increasing multifactor authentication coverage to critical applications and services, including more than 35,000 users of the statewide enterprise resource planning system. A Virtual Chief Information Security Officer system launched in 2020 has improved security at four large state agencies and includes not only immediate cyber assistance, but also help in hiring permanent security personnel.

Virginia
CIO: Robert Osmond

Virginia’s focus on strategic planning, IT investments and modernization has helped earn the commonwealth a B+ in this year’s Digital States Survey. One of the state’s most notable efforts to address these areas was the Commonwealth Technology Portfolio (CTP) modernization project. This effort involved the implementation of a Planeview Enterprise One tool to track, record and manage the enterprise portfolio of Virginia’s IT strategic plans, investments and projects. So far, the tool has been operational since 2021 and is working to improve the state’s ability to deliver quality products and services by monitoring this information.

Over the last two years, the Virginia Information Technologies Agency (VITA) has worked with the state’s executive branch agencies and enterprise partners to build a new data center, establish a private cloud, migrate over 4,000 servers and send over 1,000 separate communications to customers. Because of these changes, the state notes that it is seeing benefits like improved service performance, sustained security and service reliability.

As part of a larger plan to ensure the state’s ability to support telework during and after the pandemic, Virginia expanded its VPN capacity by 700 percent over the course of several weeks. It also implemented a virtual desktop infrastructure as a VPN alternative to ensure that employees could work effectively and securely from home. Lastly, VITA upgraded its Internet capacity to a rate of 10 gigabytes per second to accommodate the growing demand for connectivity and scaled up support staff to respond to customer service needs.

Washington
CIO: Bill Kehoe

In the state of Washington, a significant change of leadership has impacted tech efforts, as public IT veteran Bill Kehoe took the role of state CIO in June 2021. In his time with the state, he has worked to center an equitable digital government experience. Kehoe now serves as the co-chair of the newly implemented Technology Management Council, which replaces the previous CIO Forum. Despite leadership changes, however, the state has continued a strategic approach to advancing technology, from cybersecurity to cloud computing, guided by three primary resources: the Statewide Technology Strategic Plan, the WaTech Strategic Roadmap 2021-2023 and the Enterprise Strategic Roadmap. And as the state looks to advance use of the cloud, the Enterprise Cloud Computing (ECC) program offers resources to do just that. The ECC began forming the team, establishing a program charter and securing funding in 2021. The Cloud Technical Advisory Council has successfully created a program framework to guide the ECC’s work moving forward.

In security, the state’s Office of Cybersecurity was officially established in 2021 with Senate Bill 5432 to centralize IT efforts. Since then, the agency has completed research, published a catalog of services, and focused on four foundational areas: endpoint protection, vulnerability management, security information and event management, and web application defense.

Washington is also working to improve digital services for residents, especially in health and human services. For example, the Health and Human Services Enterprise Coalition’s Master Person Index initiative will help support identity management across systems to better serve constituents. Also notable was the October 2021 launch of WA Verify, an online platform to simplify vaccine verification.

Wisconsin
CIO: Trina Zanow

Wisconsin was recognized in this year’s survey for efforts to modernize legacy technologies, as well as to strengthen digital citizen engagement, cybersecurity protocol and data transparency, and to retain IT personnel to assist with interdepartmental IT collaboration. Officials with the Division of Enterprise Technology have restructured workflows and updated their policies, implementations and security protocol around cloud use. Other modernization efforts include the launch and implementation of Google Cloud UI analytics; the Department of Workforce Development Virtual Career Centers; and the COVID-19 Vaccine Registry Vaccine Tracking Application and Electronic Disease Surveillance System within the Department of Health Services. While there’s still work to be done, the state has made progress in efforts to update its overall IT planning strategy, including an IT governance process that closely involves all agency IT directors and staff.

So far, the state has provided direct financial assistance for rent, utilities, Internet bills and home energy costs, in addition to infrastructure investments to expand broadband access across the state. IT leadership and other partners have also helped expand connectivity in efforts to address the digital divide and build up infrastructure across the state. It’s also maintained a constituent-centric engagement strategy to ensure goals are being met through customer feedback.

B STATES


Arkansas
CTO: Jonathan Askins

Arkansas has maintained its grade in the 2022 Digital States Survey thanks to a number of programs and initiatives implemented throughout the past 24 months in response to the COVID-19 global pandemic. Among those were the Arkansas Center for Data Sciences; Computer Science Initiative; Ready for Life, a project that utilizes the state’s longitudinal data system; Cyber Training Initiatives, which included the implementation of a cybersecurity advisory panel; and a Data Center Modernization, a component of the state’s transformation that is pushing for a centralized IT infrastructure. The latter project led to a $35 million budget authorized in August 2021 by the state Legislature to create such a modernized environment. The state is following a five-year road map to implement the Data Center Modernization.

The aforementioned projects align with the state’s top priorities over the next year to year and a half: cybersecurity and infrastructure modernization. Specific to cybersecurity, Arkansas has a 10-person cybersecurity office and has created a group of 15 CIOs to look at what policies and plans need to be put in place for security. The group was consolidated from 42 and has led to a more collaborative approach. Recent policies within the state have been updated, including malware protection software, privacy and physical security, among others.

Delaware
CIO: Jason Clarke

Identity access and cybersecurity help Delaware stand out from other states when it comes to technology, and also provide examples of how to best deal with those increasingly important issues. The state — one of the smallest and oldest in the nation — is using the identity and access management from Okta to boost security during this time of remote work, along with providing secure access to such employment-related applications as timekeeping, Microsoft Office 365 and service desk support. The effort applies to public-facing state services as well via my.deleware.gov.

Meanwhile, the state has worked to nearly triple its cybersecurity staff and give them advanced tools that can detect, down to the code level, application and system vulnerabilities. In addition, annual cybersecurity awareness training for state employees, a yearly cybersecurity conference and cybersecurity-focused partnerships with educators and local governments also has led to better protections against hackers and other criminals.

As all that unfolds, Delaware also is working to eliminate what it calls “broadband deserts,” with a goal of connecting 11,600 underserved residences by 2025. Funds from the federal CARES Act have paid for equipment installation and free broadband service through hot spots or voucher codes distributed by schools — all part of the work of making sure lower-income residents and students can better access the Internet and that Delaware can develop a workforce ready to take on 21st century challenges.

Idaho
CIO: Greg Zickau

Idaho did good work in technology in the last two years, netting it a B grade in the 2022 survey. The state launched phase two of the governor’s IT Modernization Initiative, which aims to centralize IT services among all executive agencies in order to make them more streamlined, efficient, safe and scalable. Phase two saw nine agencies brought into the fold, putting a total of 54 state agencies, boards and commissions under direct Information Technology Services (ITS) support.

Idaho also looked to improve its cybersecurity posture in the last two years. In August 2021 Gov. Brad Little formed the Cybersecurity Task Force to address the state’s cyber needs. Led by the Department of Commerce and the Idaho National Laboratory, the task force assessed the state’s current cybersecurity posture and released its findings and recommendations in May of this year. At the same time, ITS established the Cybersecurity Consortium, composed of public- and private-sector CISOs throughout the state. The consortium’s focus is to find ways to improve overall cybersecurity resilience of nonprofit, private- and public-sector agencies across the state through education, economic growth, information sharing and workforce development.

On the constituent-facing side of things, the Idaho Department of Health and Welfare launched its new website, Live Better Idaho, providing visitors with more streamlined information so that agency services are easier to locate and apply for. The state also launched townhall.idaho.gov, a one-stop shop for constituents to find online access, agendas and minutes for all executive agency meetings. And when the COVID-19 pandemic made clear the limitations of the state’s unemployment insurance platform, the Department of Labor subjected it to a serious upgrade. The new security layers meant that Idaho experienced fewer cases of unemployment fraud than many other states.

Kentucky
CIO: Ruth Day

Kentucky maintains its B grade in this year’s survey as the state battles the aftereffects of severe flooding in the east. A banner across the top of the state’s website directs visitors to available resources and ways to help, demonstrating the key role state websites play as a central rallying point for disaster relief.

Turning directly to the work of the state IT operation, the Commonwealth Office of Technology, under CIO Ruth Day, has been building upon its data-sharing work of the past few years. In one example, they have recently published the enterprise common data framework to ensure data work is standardized in Cabinet agencies, positioning the state for effective data-sharing endeavors and representing an important foundational step in their developing enterprise data model.

In the realm of infrastructure modernization, Kentucky has several big projects underway. The emergency radio communications network is getting a major upgrade to improve communications between Kentucky State Police dispatch and the many agencies it serves. The Health and Family Services Cabinet also has some significant work ahead: The existing Kentucky Child Support Enforcement System is a nearly three-decade-old legacy application that now represents risk for the state. The new web-based platform will be easier to maintain, will provide better protection from waste and fraud, and will simplify compliance with federal requirements. The state’s child welfare system is getting a similar overhaul to meet new federal standards.

Nebraska
CIO: Ed Toner

Nebraska is focusing on improving the constituent experience. To that end, they have modernized the state’s unemployment insurance benefits system, upgraded the public safety answering points and 911 centers, and rolled out a new digital Medicaid application.

Among the most notable of Nebraska’s customer-centric accomplishments is the ConnectEd Nebraska program. This service, provided by the state’s central IT staff and office of the CIO, offers K-12 schools free and readily available access to guest wireless networks through eduroam, an international initiative among schools and higher-ed institutions to offer wireless Internet to visitors. Nebraska was one of two states that piloted eduroam in K-12 schools, meaning that teachers and students from Nebraska districts that opted in have wireless access at more than 900 institutions around the country and more around the world.

In addition to its customer-centered programs, Nebraska is also focusing on bringing high-speed Internet to rural parts of the state. To accomplish this, the Rural Broadband Task Force has overseen $29.5 million in grants, bringing broadband to more than 17,000 homes as well as another program that has connected more than 19,000 households to broadband-speed Internet since 2020.

These successes have come, in part, from the Nebraska Information Technology Commission’s (NITC) Statewide Technology Plan. This strategic plan has led to the Legislature granting NITC additional responsibilities in broadband expansion for rural Nebraska. The plan, and the process of updating it, has also led to the state creating a new project governance process, leading to smoother coordination between agencies.

New Hampshire
CIO: Denis Goulet

Over the past few years, New Hampshire’s top priorities included fortifying the state’s cybersecurity and improving constituent services through web modernization and network infrastructure upgrades. Within the last year, the state’s IT department initiated one of New Hampshire’s largest single investments to upgrade its network infrastructure. Backed with support by senior state leadership, the “eNHance” project would replace dated network systems with modern tools and access to cloud platforms. Ultimately, enhancing the existing network infrastructure directly improved access to remote citizen services. The state also redesigned parts of its website and migrated web content to help the user find information more efficiently.

State CIO Denis Goulet oversaw several cybersecurity initiatives like leveraging a Cybersecurity Advisory Committee, which focuses on promoting a proactive cybersecurity culture through state government and creating specific cyber policies for various agencies. The committee was established initially in 2011 and has proved so valuable that it was officially fixed into law. The state’s IT department has also made security upgrades like implementing multifactor authentication across its executive branch and deploying a network discovery platform. The network discovery platform enabled the state to align with NIST’s Cybersecurity Framework as well as principles of zero trust.

New Jersey
CTO: Christopher Rein

The last two years of adaptation to remote work and closed offices in New Jersey coincided with major modernization and resilience projects, most significantly including the move from an on-premises mainframe to mainframe as a service. The state also passed a law, the 21st Century Integrated Digital Experience Act, to drive modernization and digitization of public forms and services, with a directive to develop IT modernization and improvement plans every two years with ideas for analytics, cloud and web-based technologies. To accommodate this, the Office of Information Technology (NJOIT) created virtual private cloud environments in two major public clouds, to which state agencies are now migrating their applications, and installed an electronic document signing and approval SaaS tool to eliminate the need for transferring papers. For security, NJOIT replaced several platforms with a single-pane endpoint detection system that can communicate with Homeland Security’s and undertook a project to comprehensively identify every port/IP address on the state network, resulting in the closure of thousands of server ports from legacy applications. It also ratified a four-year cybersecurity strategic plan, revised its statewide information security manual and updated its data privacy policy based on comparisons with all other states.

As COVID-19 forced all three branches of state government to close their offices, NJOIT used Zscaler to set up remote access points with multifactor authentication and a privileged access management system so people could safely work from home, which largely increased productivity. The state set up an economic intelligence solution website that collects data around consumer spending and small-business revenue to inform economic recovery policy decisions.

For citizens, the state put together a set of recommendations for technology policies and programs related to worker rights and worker safety, which led to the creation of a Future of Work Accelerator to develop technologies or services to help workers in New Jersey. It also launched an edge computing project that allows near real-time adjustments to traffic light durations at certain intersections.

Vermont
CIO: Shawn Nailor (Interim)

Vermont’s Agency of Digital Services (ADS) has been busy since its inception in 2017. While the pandemic stirred up its share of chaos, the state’s IT was quick to respond, partnering with other agencies to provide the proper tools. A single COVID-19 testing and vaccine registration was created and deployed across all the hospitals, local practices, state-run testing and vaccination sites and pharmacies that received state-allocated vaccines. The system also provided Vermonters with electronic test results within a 24- to 36-hour window.

The state has also made excellent headway in securing the technology it uses to serve citizens. In the summer of 2020, ADS conducted its first application inventory and third-party assessment, which was used to better identify risks and reduce the threat surface. The effort identified five “high risk” applications in circulation. Similarly, a closer look at the agency CRMs identified more than 200 separate systems at play. ADS has since selected Salesforce to serve as the consolidated state CRM system.

In partnership with the state Legislature, an IT modernization fund was created and is set to take effect FY 2023. The fund is the first time IT expenditures have been consolidated under the same budget.

West Virginia
CIO: Joshua Spence

West Virginia has continued its steady IT work in the past two years, including a move in 2021 when Joshua Spence’s title shifted from CTO to CIO as part of a larger technology strategy effort. In July 2021 West Virginia IT began a partial telework policy, which has led to improved hiring opportunities and increased office morale. The IT internship program has also been leveraged to support workforce development. An apprenticeship program has been built into the internship program to make it easier to transition these entry-skill level workers into the state’s professional track.

In cybersecurity, a new state law requires all government jurisdictions to report incidents within 10 days, ensuring the West Virginia Office of Technology responds to the incidents. The state CISO helped to form the Information Technology Advisory Council, with representation from each of the Cabinet-level departments. The council meets monthly with the aim of building relationships between enterprise IT leadership and the various departments. The Enterprise Architecture Board within the Office of Technology is involved with data governance and policies related to the proper handling and classification of data. The state has implemented a data classification strategy, which also aligns with the state’s cybersecurity policy. Data sharing and analytics were leveraged during the COVID-19 pandemic to distribute vaccines and information to the state’s most vulnerable residents. The approach, described as “centralized decision-making, but decentralized execution,” made West Virgina a vaccination leader.

To help close the digital divide during the pandemic, the state rolled out the Kids Connect wireless Internet access network across the entire state to 850 locations in less than 35 days, connecting students for distance learning. The project was managed through cloud computing devices, enabling a central entity to configure, manage and support the network.

B- STATES


Alabama
CIO: Marty Redden

Alabama Gov. Kay Ivey noted a focus on infrastructure buildout in her 2022 State of the State address, a theme that has encapsulated the state’s tech work over the past two years. In January 2021, the state Legislature approved use of $277 million from ARPA to expand broadband, in addition to Alabama’s other ongoing work to grow connectivity. November 2021 saw the launch of the Drive Electric Alabama program, the state’s EV education and marketing effort to increase its number of electric vehicles and public charging stations. The Alabama Department of Economic and Community Affairs released a statewide EV charging infrastructure plan early in 2022. A major upgrade in April 2022 to the state’s driver’s license system now allows residents to pre-apply for a license with all needed information before they visit an office. The existing system was 20 years old.

The OneAlabama Program, created between the state Department of Human Resources and gov tech firm PayIt, allows residents to apply for Temporary Assistance for Needy Families (TANF) and submit all supporting documentation, digitally, including from mobile devices. The program launched in April 2020; by January 2021 the state reported that 59 percent of TANF applications came through OneAlabama. Also in 2021, Gov. Ivey signed legislation that created the Alabama Innovation Corporation and the Innovate Alabama Matching Grant Program, to make the state a hub for technology and to match grants of up to $250,000 for small businesses.

Florida
CIO: James Grant

At the time of the last Digital States Survey in 2020, Florida had just formed the Florida Digital Service (FDS), with officials saying at the time that it would be modeled on the federal United States Digital Service. The idea was to ultimately have this agency work on building statewide enterprise architecture, as well as an interoperable data system for state agencies. James Grant, a former state lawmaker, was tapped by the governor to head up the work.

Roughly two years later, Grant remains in place, and FDS seems to have projects related to its goals underway. According to the agency’s website, its work includes teaming with other state agencies to improve efficiency, developing a master data management framework and following recommendations from Florida’s Government Efficiency Task Force as it continues building the aforementioned enterprise architecture. As with the 2020 survey, 2022 finds Florida improving, but the future will still largely determine if this period is ultimately a successful one.

One area where progress has been made is in cybersecurity, for which the 2022 state budget has earmarked $37.5 million across state agencies. Florida has named Jeremy Rodgers as its chief information security officer, after two others who held the job departed in short order. Rodgers brings 20 years of industry experience to the role, with past stints in cybersecurity for the Department of Defense, making his hiring a step in the right direction.

Kansas
CITO: DeAngela Burns-Wallace

Over the past few years, the Kansas Office of Information Technology Services (OITS) has made strides in the areas of data migration, citizen-centric services and cybersecurity. In 2021, OITS completed a data center migration project that began in 2017. The initiative progressed slowly but after DeAngela Burns-Wallace was named CITO in 2019, the project became a top priority. In the end, OITS coordinated with myriad state agencies, more than 1,300 servers moved to a third-party hosted environment and the data center was relocated to Overland Park, returning office space to the state government.

When it comes to delivering constituent-centric services, OITS completed a Kansas Virtual Statehouse project that leveraged virtual technologies, which gave the public the ability to participate in the state legislative process from anywhere. This was especially useful in the middle of the pandemic. OITS also participated in the House Chamber Display Boards project, where new display boards provided a modernized voting system display. The display boards also made it easier for participants to view bills and legislator votes.

Cybersecurity remains an important priority. In aGovTecharticle, Burns-Wallace told GovTech, “Our security posture is solid, but I want us to not just be ‘in the moment.’ I want us to be in a more strategic stance, strengthening our overall security posture not just as individual agencies but in a coordinated way across state government.” The Kansas Information Security Office (KISO), which regularly partners with OITS, implemented an Information Security Officer program to ensure a minimum uniform approach to information security is being applied to noncabinet agencies. KISO also established an enterprise security monitoring solution where security analysts addressed any security events.

Nevada
CIO: Timothy Galluzi

Since the 2020 Digital States Survey, Nevada has put forth efforts to increase cybersecurity, invest in new technologies, and hire and retain IT personnel. For example, Nevada remapped its State Information Security Program policies and standards to conform with the CIS Controls framework. According to the Center for Internet Security’s website, the framework is a prioritized set of actions developed by the global IT community, including safeguards to mitigate cyber attacks against different systems and networks. Other cybersecurity-related efforts include implementing a centralized statewide voter registration database and the state’s Election Integrity Task Force examining challenges from previous elections to determine how to best anticipate and deal with future issues.

As for investing in IT, Nevada officials point to implementing statewide Technology Investment Notification (TIN) Process requirements. The idea is that agencies looking to make tech-related purchases must fill out a questionnaire, and then the Enterprise IT Services Enterprise Architecture team, which manages TIN processes, can create a statewide technology strategy and architecture.

Lastly, regarding hiring and retaining IT personnel, the state has focused on investing in security staff and encouraging new security professionals through skills training. A recent example includes SANS cybersecurity skills training for 57 IT workers across the state, at all levels of government, including state, counties and cities. Other efforts include Gov. Steve Sisolak establishing a subcabinet in May 2022 to address workforce issues and the Governor’s Office of Science, Innovation and Technology partnering with entities throughout the state to grow Nevada’s cyber workforce.

New Mexico
CIO: Peter Mantos

The past two years have seen IT leadership shifts in New Mexico, starting in July 2021 when state CIO John Salazar stepped down from the role. The position was filled in an interim capacity until June 2022 when Gov. Michelle Lujan Grisham appointed IT veteran Peter Mantos to lead the Department of Information Technology (DoIT). Mantos said at the time that one focus for his work would be expanding broadband access for residents. New Mexico had already committed to this effort when 2021 legislation created the Office of Broadband Access and Expansion and the Connect New Mexico Council to narrow the digital divide and provide grants to get un- and underserved communities online. State executive leadership appropriated $123 million for DoIT to grow statewide broadband for fiscal years 2022 through 2025.

That work to close the digital divide of course largely came in response to the COVID-19 pandemic, which also brought forth projects like an application to help the New Mexico Department of Finance and Administration better disburse funding for its emergency rental assistance program. To help residents afford to stay in their homes during the crisis, the system was built with Salesforce’s Government Cloud Plus. Efforts were also made to make sure that before the 2021 school year began, all students had some connection to the Internet, be it fiber or satellite or another method, as well as a device to get online.

Responding to increasingly sophisticated cyber attacks on New Mexico, and the country at large, in March 2022 the governor appointed a senior adviser for cybersecurity and critical infrastructure to create best practices and standards for responding to events.

South Dakota
CIO: Jeff Clines

Many of South Dakota’s technology initiatives over the past two years have been aimed at connecting citizens with utilities or services they need. In October 2020, for example, with some students forced into remote learning during the COVID-19 pandemic, the state used CARES Act funding and worked with telecommunication companies to set up K-12 Connect, a program to offer free Internet to qualifying families of K-12 students across the state. The next spring, elected officials enshrined into law certain telehealth flexibilities that had been launched during the pandemic, and in January of this year the state updated more than 35 digital services with a new website, the South Dakota Citizen Portal. To chip away at the digital divide and enable collaboration with Internet service providers, in August 2022 the state launched a notification system, ConnectSD, for which providers can register to receive updates on broadband initiatives and related grant opportunities.

Resilience was another focus, with the Bureau of Information and Telecommunications setting a new strategic plan for 2022-2025, upgrading its endpoint protection software and security information and event management (SIEM) system, hiring a technology project manager and conducting a feasibility study to begin the process of replacing the state’s ERP systems. And recognizing future workforce demands in her State of the State address this year, Gov. Kristi Noem pledged an investment of $30 million to build out Dakota State University’s cybersecurity program.

C+ STATES


Alaska
CIO: Bill Smith

Alaska’s information technology picture is in flux right now, smack-dab in the middle of a multiyear effort to consolidate its enterprise operations — amid a staffing shortage present in IT shops across the country that complicates such efforts. The state has noted some success in its efforts, including increasing the use of its centralized data hosting services in Juneau and Anchorage by nearly 300 servers in the span of a year. Alaska is also, in the face of multiple high-profile cyber attacks, finding ways to improve its security posture. That includes an identity-focused approach involving making multifactor authentication available to all state employees, adding continuous monitoring to all agency active directories, blocking brute force attempts to guess passwords and generally moving toward a zero-trust architecture.

New configuration standards helped Alaska save $2 million while procuring 7,000 laptops to support remote workers as it moved to a largely hybrid operating model after the pandemic, which has allowed the state to start hiring, for example people in remote villages not connected to the road system who would have previously had no ability to gain state employment.

There is much underway at the state, including plans to increase cloud usage and adopt electronic signatures as well as asset management tools. Alaksa has a new broadband office to go along with millions of dollars for high-speed Internet expansion across its large geography.

Wyoming
CIO: Bill Vajda

Wyoming has seen a slew of leadership changes in the past two years. Following a data leak, CIO Gordon Knopp resigned in May 2021. In January 2022, former Alaska CIO Bill Vajda took on the role. Vajda is prioritizing cybersecurity, through an agile cybersecurity framework and other projects to protect state data. The state’s approach to security follows both industry best practices and guidelines from the National Institute of Standards and Technology. Additionally, Gov. Mark Gordon was appointed by President Biden to serve on the Council of Governors; Gordon has also taken on the role of co-chair for the Cybersecurity Work Group.

Outside of cybersecurity, the state has worked to better serve constituents through major policy changes in 2021 and 2022 that will impact how IT purchases and project decisions are made. These changes will impact processes including project review, agency IT budget summaries and legislative communications. With the July 2022 launch of the new Enterprise Technology Services (ETS) Strategic Plan, Wyoming has outlined goals to enhance and improve citizen services. Since the start of the COVID-19 pandemic, ETS has been working with different agencies to implement programs and technology solutions for residents. Each agency collects constituent feedback separately through various channels and will continue to do so.

In addition, ETS launched a new customer service portal to give constituents a way to request services or report incidents. And to further communicate the government’s work to residents, the state will increasingly use dashboards for data transparency.
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.