While the ongoing COVID pandemic may have accelerated government digital transformation initiatives, there has long been a desire across state, local and federal government agencies to increase the access to government programs and information through technology. But where do government organizations start? Which systems, capabilities, and applications are top of the list for modernization? And what cultural challenges and roadblocks can they face as they begin the process of transforming archaic, manual processes?
To answer some of these questions, Red Hat organized a panel of experts for its recent Red Hat Government Symposium that were in the process of driving digital transformation initiatives within their respective state governments. Included on this panel, entitled, “Enabling Rapid Innovation in State Governments,” was Jim Weaver, who became Secretary and State Chief Information Officer for the State of North Carolina in March of this year.
We sat down with Jim following the event to discuss digital transformation initiatives being spearheaded by the North Carolina Department of Information Technology (NCDIT), some of the cultural and process changes that are necessary to bring about modernization in government, and what government IT professionals can learn from his experience.
Here is what he told us:
GovDevSecOpsHub (GDSOH): Digital transformation is a key topic at every government event we attend and is a topic of conversation in every discussion we have with state and local CIOs and CISOs. What digital transformation initiatives and projects are ongoing or planned across the State of North Carolina and its agencies?
Jim Weaver: Leveraging state government, university, and private industry, as part of the IT Strategy Board, we have established a Digital Transformation Committee that has developed a strategy with key goals to be achieved. Our goal is for North Carolina to deliver seamless and easy access, at constituents’ fingertips, to the full array of governmental services that enhance their living, learning, working, and recreation. And, by constituents, I mean businesses and visitors to our state, as well as residents.
To accomplish this, we’ll be establishing and promulgating one digital identity for all state systems and services that is safe and secure, and will enable us to build services from a consumer point of view regardless of the agency providing the service. We’ll be automating processes and integrating systems through data exchange, and replacing inefficient paper-based processes with digital and paperless access.
We’ll also be mapping the existing ecosystem of siloed systems to scope the integration effort and establish a baseline from which to simplify and integrate. As part of that effort, we’ll be promoting the notion that one system that meets 80 percent of common needs for several agencies is preferred over three systems that each meet 90-95 percent of an individual agency’s needs, while other agencies remain unserved.
GDSOH: Creating integrated systems that service multiple agencies seems like something that could not only be difficult, but also meet resistance within those organizations. How does the state plan to tackle that challenge?
Jim Weaver: We need to stimulate inter-agency coordination and collaboration toward common solutions. We accomplish that by establishing a working group to identify common solutions for key capabilities, such as content management, data integration, payment transactions, workflow, and capabilities. We’ve already established that working group with the intent to identify potential standard solutions for these capabilities, and put forth a timeline for implementation.
Next, we need to identify the maturity levels of individual agency IT functions and strategies, and evaluate which need additional maturation and support. Based on findings, we’ll work to identify roadblocks to agency adoption of digital transformation and establish plans to overcome them.
Finally, we plan to devise a strategy for local government interconnection that describe the transformation North Carolina needs for all businesses—large and small—and all residents—living in urban or rural settings.
GDSOH: What are some of the immediate projects and programs that the NCDIT has planned?
Jim Weaver: Our most pressing concern right now is to improve the awareness of – and easy access to – secure state systems for all of the state’s constituents.
To accomplish that, we’re planning to develop a constituent portal using identified benchmarks, as well as a digital transformation ‘roadmap’ of features and timelines. These will be presented to constituents in everyday language that avoids IT buzzwords.
The next step is to identify an initial pilot process for use as a digital transformation test case to devise a digital transformation playbook for our IT teams.
“Yes, we have established a DevSecOps program, which is being piloted in three agencies, including DIT…We are establishing a Lean Agile/DevSecOps Center of Excellence to help agencies move forward in the adoption of these frameworks. We are also looking at how our procurement and resulting contracts need to change to accommodate for the use of these frameworks.” – Jim Weaver
In addition to that, we’re looking to establish a data hub for citizens to transparently expose what the state knows about them and maintains in systems, and to control the release of data among systems and services when it is optional versus required. We’ll also be working to ensure all state systems are secure.
Individual privacy protection is paramount, as is the connectivity to access these systems across the state.
GDSOH: Digital transformation and the movement of government services, information and applications online do create one major problem that I know is important to you, in particular – when these things move online, those without Internet access get left behind. What is North Carolina doing to try and level the playing field for everyone?
Jim Weaver: Ensuring that everyone has equal access to government services is important to us. We have established a broadband infrastructure office that has been enabling broadband capability in underserved counties through grants for several years. In addition, we just announced the creation of the Office of Digital Equity and Literacy.
With the recent passing of the Infrastructure and Jobs Act, as well with funds from the American Rescue Plan Act, NCDIT’s new Broadband and Digital Equity division will be able to accelerate and greatly expand the state’s broadband infrastructure footprint, as well as provide affordable access to high-speed internet.
“Our goal is for North Carolina to deliver seamless and easy access, at constituents’ fingertips, to the full array of governmental services that enhance their living, learning, working, and recreation.” – Jim Weaver
In addition, we will be working to ensure all North Carolinians have the skills they need to fully participate in the digital society. Our digital transformation includes a multi-channel approach, considering those with limited or no broadband access -but potentially cell and/or satellite access. We are employing technology and approaches to minimize the amount of data that must be delivered to the resident. When able, to reduce delivery time, we are also positioning information geographically using caching technology – putting the content closer to the resident.
GDSOH: Another issue with modernization and digital transformation is the movement of manual, “pen and paper” processes to digital processes, and the increased cyber risk that can come from that. How important is security for states today? What is North Carolina doing to ensure that government networks and constituent data are safe in light of the larger cyber risk they’re facing today?
Jim Weaver: As part of our IT program and project governance, to mitigate such risks, we have our architecture and security experts engaged in reviewing proposed solutions and then verifying the implementation of those solutions. They’re tasked with ensuring the data is protected as required and that we have appropriate monitoring and security controls, based on the data classification.
With the near-term addition of a Chief Privacy Officer, we do expect some new standards and controls to be implemented to further protect data.
GDSOH: We know that application vulnerabilities are among some of the most exploited by malicious actors, and that fielding new cloud-native apps is essential for government modernization initiatives. What can and should states be doing to ensure their applications are secure? What is North Carolina doing?
Jim Weaver: When implementing new and changed solutions, our IT program and project governance requires architecture and security reviews at key decision points to ensure proper security controls are in place to minimize risk.
In addition, when sourcing solutions, we require vendor risk and readiness assessments to ensure the vendor has the right security controls and operating procedures to minimize risk as well as respond accordingly to issues.
DSOH: Your session at the Red Hat Government Symposium was about enabling rapid innovation in state governments. We know that a DevSecOps approach to application development can help ensure that the SDLC is not only fast, but that resulting applications are secure. Is DevSecOps something that’s being encouraged across the government of North Carolina? Are development teams in state agencies and government contractors being encouraged to embrace DevSecOps?
Jim Weaver: Yes, we have established a DevSecOps program, which is being piloted in three agencies, including DIT. The program is focused on enabling the adoption of these frameworks, including the establishment of standards, where applicable, by the agencies from a business and IT perspective.
We are establishing a Lean Agile/DevSecOps Center of Excellence to help agencies move forward in the adoption of these frameworks. We are also looking at how our procurement and resulting contracts need to change to accommodate for the use of these frameworks.
“Ensuring that everyone has equal access to government services is important to us. We have established a broadband infrastructure office that has been enabling broadband capability in underserved counties through grants for several years. In addition, we just announced the creation of the Office of Digital Equity and Literacy.” – Jim Weaver
Finally, similar to private industry in adopting these frameworks, some agencies are taking a product management view versus a project view to enable rapid, quality change for their lines of business.
GDSOH: Aside from DevSecOps, what cultural, technological, and management changes do you think are necessary to drive rapid innovation in these organizations?
Jim Weaver: We need to have high-level champions on the business side to show clear support for these changes. We also need to market and communicate successes to show others the value of these frameworks and drive further adoption.
Establishing a community – including the use of vendor partners – for coaching, training, and mentoring is also key for long-term sustainability.
To watch the Red Hat Government Symposium on demand, click HERE.