The National Association of State Chief Information Officers (NASCIO) has released its annual report which finds that state CIOs are focused on both emerging technologies – including generative artificial intelligence (GenAI) – while still spending significant time and energy mastering the fundamentals including enterprise architecture and procurement.
The report, which surveyed 49 state CIOs, asked them questions about nine main topics – GenAI; digital services; enterprise architecture; business continuity/disaster recovery/resiliency; business operation models; acquisition; workforce; identity and access management; and Federal cybersecurity spending.
Here are a few key findings worth zeroing in on:
GenAI
GenAI appears to be the emerging technology that is most top-of-mind for state CIOs. NASCIO asked the CIOs to detail their experiences regarding GenAI in their current practices, state laws, and GenAI tool use more broadly.
Asked which action items regarding GenAI have been implemented in their states, more than 60 percent of respondents indicated that at least one of the following GenAI practices has been implemented:
- Creation of advisory committees and task forces (78 percent);
- Implementing enterprise policies and procedures on development/use (72 percent);
- Responsible use/flexible guardrails/security/ethics (67 percent); and
- Inventory/documenting uses in agencies and applications (61 percent).
When asked if employees in the CIO organization use GenAI tools in their daily work, 53 percent of participants said yes while 29 percent said no. Six percent of respondents were unsure.
Digital Services
Digital services have been a major priority for state CIOs for years. As part of this year’s survey NASCIO asked about major challenges states are facing in meeting the demand for digital services, and found that the top three challenges are:
- Lack of adequate funding and budget to balance immediate public needs with future critical investments;
- Data and information quality requirements and digitization complexity restraints; and
- Workforce skills and capability constraints to deliver/implement digital services.
NASCIO noted that when CIOs were asked the same question back in 2022, the top three responses were workforce skills and capability constraints to deliver/implement digital services; lack of organizational agility/ flexibility; and lack of adequate funding and budget to balance immediate public needs with future critical investment. As digital services have remained a priority, some obstacles have remained the same while others are changing based on citizen and government needs.
NASCIO also asked about digital services approaches and solutions adopted by the CIO organization and incorporated into enterprise-wide practice. The top responses were: engaged stakeholders (e.g. agencies, citizens and others); prioritized cybersecurity and privacy; and created an enterprise vision and strategic roadmap.
Enterprise Architecture
As part of this year’s survey, NASCIO asked state CIOs for an assessment of their enterprise architecture (EA) program. The survey found that 64 percent of respondents require agencies to adhere to an established roadmap and standards. Additionally, the authority for EA is clearly established in 56 percent of the states. A similar percentage of respondents (54 percent) report the presence of the chief enterprise architecture role.
Nearly half of respondents reported having a dedicated staff and a formal governance body – which NASCIO says is a critical element of EA – that helps to ensure application of adopted standards but brings in essential participation from agency business leaders in the process. NASCIO said that while there is still much progress to be made, it is encouraging to see these signs of advancement.
NASCIO also asked state CIOs to assess the general maturity of their enterprise architecture programs. About one-third of respondents reported a low level of maturity (35 percent), and nearly another third of states reported they are somewhat mature (30 percent). A minority (13 percent) of state CIOs assessed their state as highly mature in their enterprise architecture program. The encouraging news is that most states have an enterprise architecture program, and only a very small minority (four percent) have no enterprise architecture program.
Business Continuity/Disaster Recovery/Resiliency
After living through the COVID-19 pandemic, it is no surprise that state CIOs remain focused on preparing for business continuity/disaster recovery/resiliency – especially given the ever increasing threat of cyberattack.
NASCIO surveyed to understand if the approach to disaster recovery and business continuity in the states is characterized as enterprise/centralized, decentralized, or federated.
The most common answer was the federated model with 72 percent of CIOs choosing this option, followed by enterprise/centralized at 17 percent, and decentralized at nine percent. When NASCIO asked this question in 2020 only 61 percent of states had a federated model. Many respondents highlighted the nuances of the individual state approaches and mentioned that while the CIO may have a general overall responsibility, agencies are often responsible for certain aspects of the process or decisions.
State CIOs hold several key roles in helping their states recover from a natural or manmade disaster. The four most common are:
- Maintaining a robust, reliable and secure infrastructure (94 percent);
- Coordinating with other state officials (92 percent);
- Restoring communication services (79 percent); and
- Contracting third-party, off-premise cloud solutions (77 percent).
NASCIO noted that these top three roles are the same as they were in 2020.
The survey also found that CIOs continue to see their role as focused on continuity of operations as opposed to provision of new or enhanced services while states recover from a disaster or disruption in business services.
Looking to the future, NASCIO concluded that big themes – like more GenAI, increased consolidation and centralization, the need for strong foundational blocks like EA, disaster recovery, acquisition and IAM – will continue and expand as the demand for digital services continues to increase.
But looking at growing needs and ongoing workforce issues, NASCIO concluded that state CIOs likely will not be able to meet their goals without a stronger workforce and employment pool. NASCIO said that states will have to modernize their work environment and policies to attract their own workforce or outsource these critical roles.
