One potential fix could be for the federal government to harmonize its cybersecurity and data protection rules for state and local partners across federal agencies that interact with state systems.
Lawmakers are looking for ways Congress can push state and local governments to modernize their IT systems.
During a Wednesday hearing held by a subcommittee of the House Oversight and Reform Committee, witnesses and members of Congress discussed strategies for updating legacy technology, training the tech workforce and addressing scalability of government systems.
"The pandemic laid bare the consequences of decades of deferred investment in government information technology, and we must not let the lessons learned during the crisis go to waste," said Rep. Gerry Connolly (D-Va.), chairman of the Government Operations subcommittee of the House Committee on Oversight and Reform. "The federal government can serve as a resource to provide guidance and best practices on IT modernization as it also swallows that medicine itself."
Connolly is planning on introducing a House companion to a Senate bill backed by Sens. Ron Wyden (D-Ore.) and Patty Murray (D-Wash.) called the State and Local Digital Service Act. It would authorize funding for state and local tech strike teams modeled after the federal U.S. Digital Service and 18F.
Connolly also said he intends to reintroduce the Restore the Partnership Act, which would re-establish an intergovernmental task force he says would help foster intergovernmental work on government IT issues.
Amanda Renteria, CEO at Code for America, suggested reducing administrative burdens and complexity and improving data operations.
Streamlining cybersecurity and data privacy regulations could be especially impactful, said Teri Takai, vice president at the Center for Digital Government and a former Defense Department CIO.
"I think it's essential that there is a harmonization because it is a burden, particularly on state, but more so on local government, to ensure compliance," Takai explained, emphasizing that this should be done with state and local government input.
The Government Accountability Office found in a 2020 report that "each federal agency that exchanges data [with states] has specific regulations, guidelines, or other requirements for states to follow when accessing, storing, and transmitting … data," but improving consistency in policies could save millions in federal and state costs.
Doug Robinson, executive director of the National Associate of State Chief Information Officers, suggested that Congress empower the Office of Management and Budget to harmonize regulations across agencies.
The pandemic also revealed another problem – many government systems were unable to quickly scale to meet spikes in demand for government services.
"It's not about the availability of the technology to solve the problem. It's the necessary business process re-engineering that has to take place, as well as creating more citizen centric opportunities. That's where there clearly was a gap," said Robinson. "States had not prepared for that kind of magnitude of demand."
Modernizing legacy systems will require state governments to get onboard not only in the offices of state CIOs, but also executive and legislative branches that make budgets, he said.
When they modernize, states should take an enterprise view, Takai said.
"The relationship between IT modernization, digital citizen services and cybersecurity is critical. There's a risk that these three technology efforts will be seen separately," she said. "It is impossible to drive digital transformation without focusing on an overall enterprise approach."
Progress will also require workers.
State and local governments are feeling the squeeze of a tight market for IT talent just like federal agencies and the private sector, said Alan Shark, executive director of the Public Technology Institute. Government also needs to reskill IT professionals in an ever-changing landscape, he said.
Robinson also noted that states were unprepared to combat fraud during spikes in demand for unemployment benefits.
"Only in recent months have [states] invested in advanced analytics and automated fraud detection services," he said. "They would all recognize that they had not prepared for something as extreme as the pandemic when it came to the magnitude, the volume and velocity of those requests coming in, and they didn't have the capabilities up front to do predictive analytics to stop the fraud."