After receiving unprecedented levels of Federal funding during the COVID-19 pandemic, state chief information officers (CIOs) are growing concerned about what will happen to their operations when that funding starts to run out.
In its latest State CIO survey, the National Association of State Chief Information Officers (NASCIO) zeroed in on state CIOs pain points heading into 2024. High on the list of concerns was the uncertainty of Federal funding in the years ahead.
The NASCIO report first examines how state CIO organizations get their funding. The majority of CIOs are not entirely reliant on Federal funding – with nearly half saying Federal funds make up less than 20 percent of their total funding, a third saying it’s between 21-40 percent of their funding, and 17 percent saying it makes up between 41-80 percent of their funding.
But state CIOs agree that whatever amount of Federal funding they do receive is needed for key programs – especially helping state CIOs provide support to localities.
Last year’s NASCIO CIO survey found that states were seeing a glut of Federal funding from the Coronavirus Aid, Relief and Economic Security Act (CARES), the American Rescue Plan Act (ARPA), and the Infrastructure Investment and Jobs Act (IIJA). Funding from this legislation was intended to address the impact of the COVID-19 pandemic and improve infrastructure.
Slightly more than half of respondents – 55 percent – reported that the pandemic did lead to an increase in modernization funding.
However, states are already expressing concerns that the funding may not continue. “(Funding increased) during the pandemic when rapid legacy modernization was needed. In our post-pandemic world, COVID-19 is no longer a driver,” one state CIO told NASCIO.
This year’s survey found that states have worked to direct the remaining funding to its intended uses. Two-thirds of states have obligated all of their Federal funds from CARES, ARPA, and IIJA. States that still have unobligated Federal funds are mostly still waiting for legislative approval to do so, and needing to work with stakeholders and agencies to determine how to best direct the funding.
As part of the broader Federal funding to help states, the Biden administration created the State and Local Cybersecurity Grant (SLCGP) which is intended to assist states and local communities in addressing cybersecurity vulnerabilities by providing $1 billion over four years, with a required match and a stipulation that at least 80 percent of funds be directed to local communities.
As part of the program, states are allowed to provide services to localities, rather than direct funding, and the majority of states are adopting a shared services approach. According to NASCIO, the three most common services offered are training, endpoint detection, risk assessments, support for .gov migration and adoption of multi-factor authentication.
State CIOs praised the benefits of SLCGP and said they’ve already seen many benefits from the program, including improved coordination between state and local governments on cybersecurity. However, many CIOs also raised concerns over how progress can be sustained beyond the program’s four-year life cycle.
NASCIO cited one CIO who said his organization was reluctant to launch a new program for local governments due to concerns it would have to be terminated at the end of four years. To deal with potential hesitancies like that, CIOs suggested increased cost sharing within states, building in sustainability, including local needs in future state contracts, and working with legislatures to identify continued funding.
NASCIO also said that a number of respondents believe that the Federal government should do more to help fund any gains made through the SLCGP program and extend its lifecycle.
