Security

State CIOs working together to reach security, data-sharing goals

Homeland security concerns have added to states' efforts to improve their information-sharing capabilities. Find out how CIOs work with their peers to implement technology to accomplish this goal.


From health care privacy issues to tracking criminals, state CIOs often have to deal with multiple types of data and systems. And now, partially in response to homeland security efforts, state CIOs are tasked with making systems work with other states—all while adhering to federal and state data guidelines.

While states have been working on better ways to share data—particularly criminal justice data—for some time, an added push for system interoperability has come from the Office of Homeland Security (OHS) following last fall’s terrorist attacks, in which the hijackers obtained false identification. The OHS, a newly minted government agency, is helping improve communication and analysis among a number of federal agencies, including the Federal Bureau of Investigation, Central Intelligence Agency, and the Immigration and Naturalization Service.

State CIOs, along with the National Association of State CIOs (NASCIO), whose members include CIOs, information resource executives, and managers from 49 states, are beginning to form collaborative partnerships in an effort to improve knowledge sharing.

State tech leaders working together
NASCIO President Rock Regan, CIO of Connecticut, said that the state-issued driver’s licenses the terrorists obtained are considered national IDs, and that better communication between government data systems could help thwart future illegal documentation.

NASCIO President Rock Regan


“Terrorists obtained these under false pretenses because they were able to get a phony birth certificate, and the issuing agency had no way to credential these documents,” Regan explained. State-to-state interaction could prevent the use of such falsified documents. “Whether it’s a national ID or not, it’s an important issue for NASCIO members because they will be responsible for implementing the technology.”

NASCIO was founded in 1969 as the National Association of State Information Systems. During a realignment in 1989, the organization changed its name to National Association of State Information Resource Executives. To better reflect the role of the CIO as the technology decision maker in state government, the membership voted to change the name to the National Association of State Chief Information Officers in spring 2001.

In addition to improving document verification between states, Regan believes that states can share other useful information, such as medical emergency data. He knows from experience how important it can be for health departments to coordinate efforts. During the anthrax scare following the terrorist attacks, a letter contaminated with anthrax spores killed an elderly Connecticut resident. Sharing epidemiological data to identify disease outbreaks is an integral part of homeland security, said the state tech leader.

Regan says that preliminary discussions on how to improve communications and systems sharing have already begun. A group of five to six NASCIO members planned to meet with OHS staff in July to discuss information-sharing issues. One initial task for this joint effort will be to establish a timeline for planning and implementation goals. An important step, said the NASCIO president, is replacing isolated data depositories (“stovepipes” or “silos”) with more open systems.

Regan said that NASCIO members are eager to work together on the issues.

“States don’t feel threatened,” Regan said. “They are very interested in cooperating among themselves, particularly on security issues.”

Nuts-and-bolts compatibility
While a group of NASCIO members work with the OHS to identify ways to share data, another group of state tech leaders is working to develop a framework to use in planning enterprise architecture. Gerry Wethington, CIO of Missouri and NASCIO VP, leads the committee developing the framework.

“As government got into technology, it didn’t get into it from an enterprise perspective,” he explained. Different agencies and government levels came online at different times, and that meant systems developed individually.

“They built these islands of technology and silos of information, and there were no means that allowed effective information exchange,” Wethington said. The framework will provide an “architecture that really gives us the opportunity to think prescriptively about our business drivers and how we want to share information and use information as an asset.”

With a grant from the Bureau of Justice Assistance, NASCIO released version 1.01 of its Enterprise Architecture Tool-Kit last November. The 119-page document is available for download from the NASCIO site. In addition to providing background information and a theoretical framework, the document provides templates and samples to illustrate the specifications states might use in building new systems.

Wethington said a main goal is to help state CIOs when it comes time to choose technologies. “You can say, ‘I have these technical standards, and I’m looking for products and services that can comply.’”

Another effort aimed at developing compatible systems is component sharing. Wethington credits Georgia CIO Larry Singer with initiating the effort. A component repository will allow governments to maximize investments by reusing technology, said Wethington, along with making compatibility even simpler.

Funding issues
The big challenge in many of the state data- and systems-sharing efforts is funding, said Regan. In the past few years, the Department of Justice has provided funds to spur criminal data sharing, and the efforts have been largely successful. But Regan said that many states will have difficulty funding projects aimed at standardizing enterprise architectures.

One indicator is the difficulty that states have had in meeting the IT requirements of the Health Insurance Portability and Accountability Act (HIPAA). Regan doesn’t know of one state that has adequately budgeted to fulfill the requirements. NASCIO plans to lobby the federal officials for another HIPAA deadline extension. Maine CIO Harry Lanphear said that without the deadline extension “several, if not most, states would have been penalized for noncompliance.”

A big issue with funding is that sometimes states are forced to opt out of state tech standards in order to meet federal guidelines so that they can get needed grants. The CIO organization is planning to address the issue of less restrictive federal funding before a House of Representatives committee that is studying ways to improve government processes.

“The way a lot of the money comes down to us now forces us to use stovepipe systems,” explained Regan, who, along with other NASCIO members, hopes to stop federal funding methods that they believe discourage better information sharing.

 

Editor's Picks