EYE ON THE STATES
States Slow to Prepare IT Infrastructure for Future Attacks
- By Thomas R. Davies
- Nov 16, 2001
Thomas R. Davies
The aftershocks of Sept. 11 are exposing serious fault lines in the technology and information infrastructure of state and local government. Well-publicized difficulties in coordinating responses to bioterrorism are just the tip of the iceberg. The reality is the states have fallen behind in protecting their infrastructures. Catching up will require extraordinary steps and resources.
For the past two years, most industries responsible for part of the country's critical infrastructures, such as gas and electric, have been hard at work. They've been assessing vulnerabilities, developing plans, implementing procedures and taking strong actions to ensure their infrastructures are protected.
Whether it's in response to a natural disaster or a terrorist attack, many industries with critical infrastructures reportedly are now prepared to respond. Equally reassuring is the fact that natural competitors in these same industries rolled up their sleeves and collaborated on a voluntary basis, without a direct federal mandate to do so.
Unfortunately, based on the observations of some who have been working closely on these efforts, state and local governments have not kept up. Some are at least a year behind, others more.
Many ask how state and local government fell so far behind. Chief among the reasons is the structure of government. The fragmentation of state and local government acts as a barrier to developing coordinated plans and responses.
There are literally tens of thousands of units of state and local government. The federalist structure that enables innovations such as e-government to flourish works against the public interest when states must move quickly and with uniformity.
A second reason is the silos within state and local government. This is becoming all the more apparent as law enforcement agencies struggle to share access to sensitive intelligence concerning investigations with those inside and outside the law enforcement community. Parochial concerns, long-established practices, federal and state statutes, entrenched cultures and simple inertia have made it difficult, even in the face of the most dangerous threats, for state and local governments to collaborate voluntarily.
Yet another reason the states have fallen behind is there has been no single point of coordination to take the lead and, similarly, no single national point of accountability for results.
Before the Office of Homeland Security was established, no federal office had the mission of coordinating planning and strategy across the federal government. There is still no parallel office at the state and local level to coordinate their response on a national basis.
To catch up, many states have formed task forces or established cabinet-level offices to deal with terrorism and infrastructure threats. Most are also assessing their vulnerabilities and estimating the corresponding risks. A few have appointed senior executives, some with very impressive qualifications, to head up newly established organizations.
While the states should be applauded for taking these important first steps, they have yet to come to terms with a harsh reality: There is no proven mechanism for them to collaborate together in order to move quickly and uniformly.
State and local government can only move so fast and make so much progress acting on its own or through loosely coordinated national associations.
There is an immediate need to collaborate across those boundaries that impede coordinated planning and response, which has to cut across industry and government lines and differences in political priorities and physical distance.
The seriousness of this situation is most apparent when it comes to technology and information. It's clear that state and local governments are the first line of defense for responding to terrorist attacks within the United States. Whether it's a municipal emergency response system or the health care network for a metropolitan area, without a secured IT and telecommunications infrastructure, state and local governments are extremely vulnerable.
Unfortunately, there are deep and broad gaps in the IT, telecommunications and information management capabilities needed to support timely and effective emergency response. Gaps in network security, interoperability, data collection, information sharing and application integration are some of the more obvious ones.
The balkanization of the state and local IT and telecommunications infrastructures must be addressed if security goals are to be attained. State and local governments need to act as one. Despite belated initiatives, such as the recent establishment of a national information-sharing center for network security and infrastructure protection, there is little evidence that state and local technology governments are moving fast enough. Consequently, they are running a real risk of being left out when national priorities are established for how best to spend the $40 billion emergency response funds.
This will seem like déjà vu for some. In the rush to pass the landmark welfare reform legislation of 1996, the IT requirements for implementing the new federal policies were given short shrift. The states were unsuccessful in getting their fragmented IT voices heard on Capitol Hill. And while industry officials did their best to speak with one voice, they had only marginal success in shaping the legislation.
The traditional models for intergovernmental management of the technology and information infrastructure are broken. State and local government needs to reach out to other industries, as well as other parts of the public sector, that have succeeded in overcoming a balkanized environment. The laissez faire approaches to collaboration of the past decade aren't suited for the challenges facing government. New thinking and approaches are needed ? now. Thomas Davies is senior vice president at Current Analysis Inc. in Sterling, Va. His e-mail address is email@example.com.