What's New in the 2023 State CIO Survey With Doug Robinson

October 11, 2023 NASCIO Episode 105
What's New in the 2023 State CIO Survey With Doug Robinson
More Info
What's New in the 2023 State CIO Survey With Doug Robinson
Oct 11, 2023 Episode 105

Amy and Alex are joined by NASCIO executive director Doug Robinson who is giving us an overview of what's on the just-released NASCIO 2023 State CIO Survey. Hear how state CIOs are thinking about everything from cybersecurity and workforce to financial models and the future of the role.

Find the transcript of this episode here:
You can find the survey here:
Episode on drones in North Carolina:

Show Notes Transcript

Amy and Alex are joined by NASCIO executive director Doug Robinson who is giving us an overview of what's on the just-released NASCIO 2023 State CIO Survey. Hear how state CIOs are thinking about everything from cybersecurity and workforce to financial models and the future of the role.

Find the transcript of this episode here:
You can find the survey here:
Episode on drones in North Carolina:


state CIOs, CIO, cybersecurity, services, survey, agencies, unmanned aerial systems, emerging technology, data, ai, maturity, model, modernization, technology, pandemic, data management


Doug Robinson, Alex Whitaker, Amy Glasscock


Amy Glasscock  00:05

Hi, and welcome to NASCIO voices where we talk all things state it. I'm Amy Glasscock, in Lexington, Kentucky.


Alex Whitaker  00:11

And I'm Alex Whitaker in Washington DC. Today we have our very own NASCIO Executive Director Doug Robinson on to talk about our 2023 NASCIO state CIO survey, which was just released at the NASCIO annual conference this week. 


Amy Glasscock  00:24

If you missed the general session on the survey, or just want to hear more about it, I think you'll enjoy hearing about it here. Doug, welcome back to NASCIO voices. And thanks so much for joining us.


Doug Robinson  00:35

Amy, Alex, glad to be here.


Alex Whitaker  00:38

All right, Doug. So tell us what the state CIO survey is and why it's important to the overall work of NASCIO.


Doug Robinson  00:43

The state CIO survey is our annual study of the of the state CIOs. And it is critically important because it's their voice. It's their voice on high priority topics that we select each year. And in some cases, we do longitudinal topics, but many cases, we're introducing new questions to the CIO community. So it is designed just for the state CIOs. And we want to get their perspectives and their data on a lot of different high priority topics. And it's important because it gives us the foundation for a whole year of conversations and presentations and briefings. But it also gives us a chance to kind of pull out a thread of a particular topic and do additional research in more depth during the year. So it's a it is probably along with our top 10 The most valuable product that we put out in the in the public sector marketplace.


Alex Whitaker  01:41

Awesome. Thanks so much. So this year survey title is the force of automation and the reality of modernization. What themes in the survey lead you to that name?


Doug Robinson  01:51

It's the the reality of what the CIO pressures have every every year every day around the fact that they have a technology platform services applications that require continuous modernization, this the states if you look at our our study from last year, where the state CIOs said, for the most part, 50%, or more of their applications serving state business needs, needed to be modernized need their legacy, they don't meet the business needs. So they're constantly it's a balancing act between that. And the results of the survey, which show increasingly, the use of automation business process automation, using new tools, AI and other technologies, which are bringing that kind of force of automation into the CIO organization and to their customers, which are the state agency. So you can at some point, you could say, well, it's a balancing act, and others would say it's a constant tension between having to deal with that. But honestly, for the CIOs, they have to focus on modernization. CIOs aspire to have modern organizations. So it can be a real struggle, because they want to have resources and funding to do both to be innovative. So we, we saw that in our supplemental funding piece where we asked that question around modernization.


Amy Glasscock  03:15

So this year, and correct me if I'm wrong, but I believe we asked specifically about state financial models for the first time, at least first time in modern history. What did we learn about financial models? And what do CIOs generally think is the best one?


Doug Robinson  03:29

Well, just for background, we get this question a lot from both our CIO community as well as others, about the CIO financial model, which is predominantly one, where the CIO is an internal service bureau. They're an internal delivery mechanism for technology services and applications and support and training and help desk for the executive branch for the enterprise of the executive branch that's been around for decades. In fact, that's prominent model is that they are serving their customers. We have heard a lot of anecdotal evidence in discussions from CIOs, we have some bits and pieces, but we really wanted to be more comprehensive this year, and ask specific questions and say, How does your model work? And you know, what we found, not surprisingly, is that 90% of the CIO organizations use a chargeback model which is essentially, they're sending a bill to their agencies, having spent many years and stay current, and that creates a lot of tension. You are the internal service, you're the central IT organization. You're delivering a whole set of, of services based on a catalogue, and you're sending them a bill. And what we wanted to know is what's they're feeling essentially about that model? And what would they prefer? And not surprisingly, what they would prefer is many of them do like that model. But the other thing they want to see is more general funds to support that. And so what we found was that over 60% of the state CIOs said we have some general funds. Now that used to be not the case and decade ago, most organizations were 100% chargeback and they would like to get some general funds to cover the overhead of the services. And so to your question, that was a little background with your question, essentially, what they've said is we prefer a hybrid model where we, we do have a chargeback, we do provide services to agencies that they want on demand. However, we also get some general fund appropriation where we can do things like support the CIO office cybersecurity, strategic planning, technology, modernization, innovation, across the board, Enterprise Architecture, those types of things that would not be embedded in the rate. So that's kind of the sweet spot that we got was the CIO said, we, we think a hybrid model works best because it removes those overhead type activities from the rate schedule. So it kind of sanitizes to an extent the the rates.


Amy Glasscock  06:01

Yeah, makes a lot of sense and I worked on that section as well. And it's pretty clear that that combination seemed to work for a lot of states. So really interesting. So cybersecurity still, obviously a huge top priority for state CIOs. And it's always interesting to hear how it's progressing. How would you summarize the longitudinal questions around cybersecurity in this year's report, and kind of how they compare with recent years


Doug Robinson  06:26

Continued improvement, continued maturity, a peek around what I would say, what are the core fundamentals? What are the activities that you, you know, you ignore at your peril, so to speak, as I talked to CIOs, and that clearly, that's, you know, around cybersecurity, awareness, training, and building information sharing partnerships, and those are all now well above all in the 90th percentile for a lot of those key areas, adopting a framework. I think 84% of the, the state CIOs said that they had adopted the NIST cybersecurity framework, which is now 10 years old. I recall the launch a decade ago. The other one I think, is important, as we talk a lot about credentials, identity and access management, we now have, again, over 80 plus percent, require multi factor authentication for all of their executive branch agencies, all of their customers said, so I think that's what we've seen is a continued elevation, and maturity and progress across all those kinds of major lines of the controls what would be important in terms of the major controls your cybersecurity set, the others that we've seen are ones that are relatively new, but we've been tracking around things like cybersecurity, liability insurance, and use of AI and analytical tools.  It's interesting, as we heard a lot about the cost of cybersecurity insurance in the last year or two, that the premiums were going up, the coverages are going down, the exclusions were increasing. That is, in fact, the case, we've seen in some cases for X premiums or some some states. However, we still noted in the survey that half the states still carry or obtain cybersecurity liability insurance on the commercial side. But we have seen is now about a third of the states adopting a self insurance model for cybersecurity. So they've abandoned the market and decided to self insure with maybe perhaps a one time appropriation, a one time investment, where they are building up their funds in the event of they have to provide some type of remediation and communication. Again, some of the coverages that you would see. But I say this is going to continue to be pretty dynamic commercial cybersecurity market was relatively immature, and maintain continues to be relatively mature compared to other lines. And so I think it's still in flux. And they, of course, had some major claims with with ransomware issues. So I think that's something that we're going to see. So again, a lot of progress in some of the core areas up to the above the 90th percentile. So that is always that is always good to see.


Alex Whitaker  09:09

Yeah, and that's really interesting. And I think that you mentioned cybersecurity training and where states are directing their money. And then another section about the cybersecurity grant, you can really see how that's reflected by how states are spending that money. So really cool to see. And we've asked about emerging tech for a while now, but this is the first survey we've done since generative AI became mainstream. What are states saying about generative AI and other emerging technologies?


Doug Robinson  09:34

The states are saying a lot Alex, whether they're doing anything you know, the knowing doing gap and so we hear a lot of hype about what what's going on with generative AI we hear a lot about the need for legislation need for for guardrails, for frameworks for data sources, a lot of discussion. We have our generative AI Working Group they've been meeting and Amy's leading that the staff side and she understands what's going going on while those conversations and so we decided we definitely needed to add that to the mix on the emerging idea, as you're as you're right.  We've asked this question for many, many years. And it's been, it's been really interesting to see the shift from things like Internet of Things, IoT, which is the predominant choice years ago, 10 years ago. And now it's, it's not even reflected on the list. And so that's kind of interesting. So we asked the question about, you know, which emerging IT area would be the most impactful in the next kind of three to five years, we've given them a longer horizon. But it's certainly what jumped out was more than half of the CIO said generative AI, and then another, we made so they can only select one, so we kind of a forced choice. And so we wanted to see what that broke out. And the second choice was just AI machine learning. That was another I think, 20%. So you know, over three quarters of the survey cohort have AI as being the most emerging technology. That's not surprising,  I think the other piece that's really important is just business process or robotic process automation, as when CIO said, that's going to be a game changer for their their business customers, we have a number of states that have invested heavily in developing their RPA skill sets and offerings for their agencies. And so they have a portfolio of services that they can they can offer to the agencies and they can, it can pick and choose what they're going to use.  I see that happening with Gen AI in the future. Again, a lot of hype today. But I think there's some promise of some of these use cases we've been seeing are pretty dramatic, but there's clearly going to be policies that are being put in place. This is the classic example of the technology outrunning the policy framework and discussions. And so it's already being used and adopted in in some of the agencies without those guardrails in place about things like ethical use, and the data sources and the quality. So I think that's all going to have to be worked out. And we've seen that with states that are introducing executive orders, legislation. And I think that's gonna, that's gonna continue. So I see that's going to have to come up there is some type of regulatory umbrella in the future for the states, but it's going to definitely result in some significant disruption to state government work.


Amy Glasscock  12:22

Absolutely. I think that question is always interesting. As long as we've been asking, we can't exactly have longitudinal questions year after year, because what is considered emerging technology has changed since we first started asking the question, like you mentioned, Internet of Things, that's basically sensors. It's not, it's not that emerging anymore, I think we might have put drones on there as an option at one point, you know, not exactly cutting edge. So we always sort of have to, you can see the evolution of emerging technology just in the way that we ask the question and the options that we get for the answers change.


Doug Robinson  12:54

I think it's fun to kind of look at that. Amy, I always get a kick out of the discussions around those drones and unmanned aerial systems. I know you did a policy piece on that. But we asked that question. And a lot of states said that was going to be, you know, the most impactful emerging technology. And I had people say to me, what are states going to do with unmanned aerial systems. And of course, all you need to do is look today, we have multiple award submissions on the use of drones and things like wildfire management and natural resources and bridge inspections and transportation. This technology, which was quote, emerging is now standard operating procedure for so many agencies and state government, they all want to have access to these unmanned aerial systems are video for surveillance of law enforcement. So it's to me it's it is kind of fun to watch what people question what why they would be using these technologies and state government to where now they're embedded and mature. And they're just standard. That's right. And so it's that's the way we'll be talking about Gen AI in a couple of years.


Amy Glasscock  13:55

 Absolutely. Yeah, we did a podcast with some guys from North Carolina and how they were using drones. So we'll put a link to that in the show notes. So we were talking about legacy modernization at the beginning of the podcast, when you're kind of talking about the challenges that CIOs are dealing with. So what lines of business did CIOs say have the most technical debt,


Doug Robinson  14:17

Not surprising the lines of business that have the largest portfolio of services delivering those services to citizens, and that's around human services and in public welfare, those entitlement programs. If you look at any state budget, the human services and health side particularly health services, there'll be a third of the state budget overall. So what states dedicate to things like health, and a big part of that of course Medicaid, which is the state program that again, the the health services public welfare side, they typically do have a lot of technical debt that they need to have modernized systems. There's they're highly complex, there's lots of interfaces and then of course, you have the human services side. What many states want is to do that kind of a combined or integrated what they call the integrated eligibility. So they want a citizen to be able to have no wrong door and go to the capabilities of being able to go online and conduct all the services but not have to apply for 20 different activities. So you get obviously, things like snap, and welfare benefits and everything else all combined.  And in those things, and of course, on the health services side, corrections this year came in at number three, again, didn't surprise me that it was on the list that was apprised me a little bit that it was so high. But again, I think that's reflective of the challenges states have with the tremendous growth in their incarceration and the challenges of just the corrections industry itself within within state government, particularly around the workforce space. And because of the major difficulties in hiring corrections officers, they need to modernize their systems and provide more, more automation.  Also on that list. And I'm not going to surprise anybody in the public sector space is labor, and employment. And I think that's highly reflective of the unemployment systems out there UI. But many of them were highly strained, if not disabled, and crashed and burned during the pandemic, when we saw anywhere from five to 10x increase in, in applications across the board for unemployment during the throes of the pandemic. And so they all recognize and they think they, they many of the states, clearly, more than half the states knew that beforehand, because they had UI modernization on their list they just hadn't gotten to it. Now, clearly, it's became a crisis, and they're going to get to it. So that's one of the major service areas of serving citizens that was exposed during the pandemic as the inability of the UI platforms to scale as necessary and and to be stable during a crisis situation. So states learned a lot.  And that was also an area that, as you all know, is ripe for fraud. And there's been lots of reports of the tremendous amount of fraudulent benefits that were paid out both state and federal dollars during that pandemic from state unemployment system. So that's going to have to be addressed as well.


Alex Whitaker  17:20

So you know, in addition to others, where it's there's kind of room for growth and improvement, we do mention that states have room to grow when it comes to data management. So curious how states rated themselves when it comes to data management.


Doug Robinson  17:34

Alex this is an area where as also, as I call it, another knowing/doing gap. And we've seen this for many, many years. Your colleague, Eric Sweden and I have looked at data management, data governance, data analytics, and had been writing about it extensively for many years. And I think this is an area where we we have not seen the maturity that you would expect a data management and analytics has been on the state CIO top 10. Priority strategy list. For the for the almost the last 10 years, yet, we haven't seen a lot of movement in terms of a maturity and in terms of just kind of, there's a lot of room for growth.  And this year, we asked the question and about data management and how they would self assess like, how would they rate their maturity, not in a classic Ciardi model, but just human general terminology, and 69% said, beginning stages of where they are in maturity of Enterprise Information Management, and I don't think that's changed most than last decade. So I think that's a significant challenge.  So a little over a quarter of them said they described themselves as mature, because they have a data governance structure in place, they have data storage at the agencies, they have, perhaps they've adopted the DMBOK, the data management book knowledge when they've used those capabilities. But for the for the most part, again, the majority of the states, a characterize themselves as in mature, and they're using data analytics as tools. However, they don't have an overarching roadmap across the executive branch. And it's very challenging to do that. Because you have, again, the lines of business, the various lines of state government business, and they all believe that that is their data. And that should be managed in that silo. And that can be very challenging when you're talking about an enterprise capability.  So half the states today have a chief data officer, most of them report to the CIO. We're seeing lots of states where we're having progress. We'll be talking about that at our upcoming conference. And so that's kind of the state of the states on on data management. 


Alex Whitaker  19:46

Great. Thank you.


Amy Glasscock  19:48

So the last section of the report is about the future role of the CIO organization. And I definitely encourage listeners to go read through that because there's a lot of great insight there. But Doug, what's one thing that you want to share with listeners about that section.


Doug Robinson  20:01

As you said, always great to see this data, I always like to look at how CIOs prognosticate about the future, we ask a lot of leading indicator questions in the survey, because I think that's important. So what we've seen is the shift, and it's reflected by the responses of how the CIOs see themselves serving their customer agencies over the next couple of years. And again, these are fairly dramatic results. 96% said that they see themselves in that strategic direction and policy setting role and 84% said, brokerage services, and in the last decade, that's a significant shift from, you know, we described as the owner operator model, where the CIO organization was the owner operator providing infrastructure, provisioning and operations management, they were managing the network and the boxes and wires and green blinking lights, but they were not perceived as the business leader of information technology. And so they were more perceived as the just delivering infrastructure services, operating as utility for the agencies.  Now that we've seen this clear shift, where CIOs see themselves as again, in this broker role, in addition to all the provisioning side, but increasingly, to kind of think significant items to look at our themes. One is that again, much more strategic leadership across the enterprise. Again, that's the Enterprise Architecture, their modernization roadmap, their data, cybersecurity, all that much higher level of across the executive branch, and then their involvement and relationships with their, with their corporate business partners with their vendors, much higher level of outsourcing managed services. And so we're gonna, we're gonna see that grow, where we're going to have more and more states relying on the expertise and the services of the supplier community of those business partners in the private sector.  And so that really looks at the increased kind of collaboration between both the public sector, you know, and the private sector and CIO office being more of the, you know, the the visionary role for improving things like cybersecurity, improving the clearly digital services to citizens, and also having a role in advocating for funding for that modernization. And so they can then say, we've got a portfolio, we understand the investments that needed and so we're going to collaborate with the agencies. And so you know, that is an area where we said, we're going to focus on they said, We're going to focus on digital services and cybersecurity and legacy modernization and data. So what are those all those things I mentioned, I see the CIOs being again, much more in that leadership role advocating for these at at the enterprise level.


Alex Whitaker  22:57

Got it. Well, that was a great overview of the survey, and listeners can read it on our And of course, we'll also put it in the show notes. But of course, we're not gonna let you go that a breeze segment we call [thunder sound effect] the lightning round! Are you ready?


Doug Robinson  23:14

I am always ready for the lightning round. 


Amy Glasscock  23:19

All right. So I know the number is high, but just how many NASCIO conferences have you attended?


Doug Robinson  23:26

This is actually tough. If you combine my state service, and my role as executive director of NASCIO, I had to go back earlier today and check. I believe it is 55 conferences.


Amy Glasscock  23:39



Alex Whitaker  23:40



Doug Robinson  23:41

So 40 as the executive. So two a year. So 40 as the executive director, and then obviously, I did not attend all of the NASCIO conferences or even going back to NASIRE. So my first conference was in 1992. 


Alex Whitaker  23:58



Doug Robinson  23:58

So in Nashville, I remember it.


Amy Glasscock  24:00

So did you say there was like 250 people there or something? 


Doug Robinson  24:03

Yes. I think there were about that--predominantly state folks. That was NASIRE before NASCIO changed his name. So it was a fun event. I remember being there. And that's about the extent of my memory of that conference.


Alex Whitaker  24:19

All right. Well, I think we could do a whole episode just on the craziest things you've seen at NASCIO conferences, maybe yeah, maybe we'll do that one. So we asked a lot of folks this question that conference. So we'll ask you to what was your first job?


Doug Robinson  24:32

My first job. I believe I was 13 or 14, Alex, and I worked for my dad. And at some I'm sure pittance of an hourly rate I did get paid. They had a building maintenance and construction cleanup company that basically came in after new construction and did the final cleanup before occupancy and things like apartment complexes and in nursing homes, I remember being in all those buildings.  So I had a fun job of doing things like scraping paint out of bathtubs and cleaning, plaster off of sinks and scraping paint off of windows and all kinds of fun stuff. So that was a summer of drudgery trying to do all that. And I do recall that a year later, when I had my learner's permit, I think it was over a year later, maybe because you could drive when you were very young I was this is in, in South Florida, I got to drive-- they had a number of Ford Econoline vans with three speed manual transmission on the column, what they call three on the tree. And so I got to learn how to drive by driving a three speed manual Ford Econoline, a very desirable vehicle. When you're driving around town, you want to be seen in the white for commercial commercial lettering on the side. But when we finally made it to driver's education, I was quite the star because I was the only one that could actually operate a manual transmission. So 


Amy Glasscock  26:11

You can really impress your friends in a car like that. 


Doug Robinson  26:14

I was I could really impress a lot of my teenage friends by driving that. So yeah, that was my that was my first job and hauling around a lot of cleaning supplies and floor scrubbing. And I actually did that job for several years during the summer and at nights to make extra money. I don't remember the hourly rate, but I'm sure it was was not good.


Amy Glasscock  26:38

Builds character. 


Doug Robinson  26:39



Amy Glasscock  26:40

All right. Final question. We've been talking about how to use chat GPT a lot for our work at NASCIO. What's your current favorite way to use chat GPT?


Doug Robinson  26:50

Oh, Amy, you know this, because I've been advocating. So there is a beta chat GPT tool writing for busy readers out of some folks at Harvard. And I've been a fan of their work for several years, obviously, both a book and there have attended a number of their webinars, which is really focused on using this, this framework of essentially, in writing for attention, and particularly for busy busy readers. And that is obviously our audience, particularly state CIOs and others. And it's really kind of focused on the principle that less is more, and that formatting and everything else. And so their tool allows you to put in content and have it totally revised using chat GPT for in a beta version of their platform, which was just released about a couple of months ago. So I've been having a lot of fun with that. And seeing how it can improve my communication with our members with our officers, how it can be used, and I'm using it so I'm not just I'm using it in production, to see how it makes a difference in getting more attention on our communications to our members. And I think it's given the Halloween theme here. It's spooky, good.


Amy Glasscock  28:04

Big fan of less is more and I mean, you can learn from it too. It's it's not like you are being, completely lazy, but it's kind of coaching you along the way. So that's great. 


Doug Robinson  28:15

It is. 


Amy Glasscock  28:16

All right, Doug. Well, thanks for taking the time to record with us. We know you are a busy man. But as always, I know our listeners appreciate your insights.


Doug Robinson  28:24

Appreciate it. Never never too busy to talk about the state CIO survey.


Alex Whitaker  28:28

Thanks again for listening to NASCIO voices. NASCIO voices is production of the National Association of State Chief Information Officers.


Amy Glasscock  28:35

If you're listening to this as you travel home from the NASCIO conference. We hope you had a great time.


Alex Whitaker  28:40

We'll be back in two weeks with lots more great content.