States' IT needs clash with federal policies

NASCIO president sees gaps on data center consolidation, protecting personal identities

Stephen Fletcher is Utah's chief information officer and president of the National Association of State Chief Information Officers. A former fed, Fletcher was CIO and chief technology officer at the Education Department. GCN editor-in-chief Wyatt Kash and Senior Technology Editor Rutrell Yasin spoke with Fletcher at a recent Government Technology Research Alliance meeting about the dialogue between states and the federal government on information technology issues that the nation faces.

GCN: In your discussions with Federal CIO Vivek Kundra, on behalf of NASCIO or for the things you’re doing specifically in Utah, what is he interested in?

Fletcher: I used to be a fed, and I used to sit on the CIO Council. So everybody says to the states, “Well, you ought to come and participate in the CIO Council.” Sure, we think that would be great, and actually, they have a seat for a state representative on the CIO Council. I said, “Well, quite frankly, that’s a useless place for a state person to be because there are no state issues that are brought before the CIO Council. Zero.” It’s mostly an exchange of, or one-way exchange of, information for coordinating, and I understand that.

But we needed to create a forum for states and specific agencies to be able to address issues, like the way that we do verification, authentication in various federal programs. The Social Security Administration does it one way, and the Justice Department does it another way. And we in the states have to figure out, “All right, now you’ve just given me two different technologies, two different methodologies in order to authenticate for your system.” Wouldn’t it be nice if we could coordinate that so that states that have to implement this can say, “Can we consolidate this? Can we bring this together? Can we do things differently?”

So creating that forum is very good. And Vivek is very interested in doing that. A couple of things that we are continuing to talk to Vivek about are things like health IT architecture, and this will be done with the Health and Human Services Department. But the idea here is if you have a program from HHS, HHS says, “I will pay you 90 percent of the funding for that program if you build it from scratch according to the requirements. However, if you try to integrate those programs with another agency, another program, I will only pay you 50/50.” So where is the incentive for the business side to do anything other than take 90 percent, right? That’s absurd. Not only that, it’s expensive. I can’t afford it. The federal government should want to save some money also. It’s taxpayer money.

My biggest example is [a Medicaid Management Information System]. The going rate to put that in place right now is $120 million. [The Centers for Medicare and Medicaid Services] will pay 90/10, but you’ve got to put that in 50 different places across the United States. Every state is required to do this. $120 million is way more expensive than I want to pay. Can’t we consolidate? Can’t we figure out a way to do this, cookie-cutter this thing and get some economy efficiencies? And that’s one of the things we are exploring with Vivek is how to reduce the costs of implementing our health systems? The other program area is unemployment insurance. Again, same thing — every state has to put one in place.

Are there other infrastructure things that you might share with the federal government, such as efforts to move toward cloud computing?

Well, one of the things that needs to be looked at — and this is a huge can of worms — is federal cost allocation. If we are going to Google cloud, if we are going to do data center consolidation, data server consolidation, two things might happen. One is, in the state side, if we do this consolidation and we save a bunch of money, we actually might increase our obligation to the General Fund because it was mostly federal dollars that was paying for it. So now that we went through this consolidation, we might raise the price tag for the state because we reduced a number of federal dollars that we’re contributing. That’s kind of embarrassing to look at or take before your legislature.

By the same token, when we go through and consolidate, then the federal government wants its money back. And so folks are saying, “Well, if I’ve got to give money back, then I don’t want to consolidate.” So a lot of folks are going through this consolidation, then they are being hit with a huge bill from the federal government, saying, “All right, you owe us this much money.” We say, “We didn’t save that much money, so how do we do this? Well, boy, we shouldn’t have done the right thing because now I am getting hit with a big bill.” So the way that we go through the federal cost allocation and how we look at that needs to be reviewed so you would incentivize folks to save money.

You’ve mentioned that because of the excellence of practice at the state level, you helped cities and communities get certain computing services less expensively through what the state provided. Can you talk a little about the mechanics of that, and what’s the early direction on that?

Well, it becomes a great opportunity because we now have a lot of capacity, and if we go out and can provide that to cities and counties and they need infrastructure or hosting services, that could be provided very economically and very cheaply. Basically, what it does for the cities and counties is they don’t have to spend a lot of upfront capital. We just put it as a service, as an operating maintenance cost. And so that’s a huge savings for those folks. They don’t have to worry about the capital. And so that’s been a very, very positive thing for them.

Is that happening now with any particular states or counties that have taken you up on an offer?

Michigan has done that as one of the states working with their counties, and we are in a conversation with a number of our counties right now, and they are trying to get ready to sign up. Colorado is going to provide a cloud capability for a number of services, including e-mail, and all their cities and counties can sign up for that. There are three states that are probably doing this more than or as much as anybody: Michigan, Colorado and Utah.

Are you working with the federal government on any level to protect personal identification data?

We made the pitch to the Homeland Security Department. We are working with them quite a bit. We are saying, “Guys, you spend a ton of money in the federal government securing your systems, and we understand that’s useful. But, if you talk to all the security experts, the real big business in security and security compromising is in identity theft, because they can sell that information. So where does most of that citizen information reside? It resides in state databases. It doesn’t reside in the federal government — maybe at the IRS or Social Security Administration. But think about it, states have your birth records, your death records, your medical records, your Social Security number, address and information. They have more sensitive information than any other entity. So all right, if you think about that, that’s where you ought to be putting all your protection money, in state information databases.”

There are some states that do this really well. There are some states that…are not necessarily doing it all that well. So we talked to DHS saying, “Maybe we ought to think about some of this protection budget dollars to be thrown out to states to make sure that security infrastructure is protected, because that’s a big-time business. I think they’re looking at that. They do give a lot of grants to states, but that’s one they’ve got to look at from an infrastructure standpoint and say, “All right, how do you protect the infrastructure, as you go forward?” because states do have some very sensitive information — and in many cases more so than the federal government.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above