Q: What are ways that cities and counties can make better use of data for service delivery?
Ben: StreetLight Data is a company that offers traffic counts for streets/intersections gathered via anonymized mobile device location data, as opposed to expensive studies where workers have to go out and monitor traffic.
Another example is Roadbotics, which uses computer vision to assess pothole needs; this is a more comprehensive and proactive approach that can prevent the road repair backlogs.
Also there is Soofa that collects data on foot traffic in the areas where they deploy their solar-powered “smart” benches. This tells cities how many people come through certain areas and during what times.
Q: How prepared are cities to handle threats to IT systems?
Ben: GovTech’s research shows that only 60 percent of cities report having cyber insurance. I’ve also seen other facts that underscore the scope of the problem. A 2018 joint study between Deloitte and NASCIO (National Association of State Chief Information Officers) found that:
From 2016 to 2018, the percent of respondents with defined governance (responsibilities, policies, standards and procedures) for cybersecurity rose 22%
From 2016 to 2018, the percent of respondents with no formal established authority for a CISO dropped from 12% to 2% and the percent of respondents with statutory authority for a CISO rose from 49% to 63%
Roger: Many agencies do not have a great security posture. It costs a lot of time and money to do this well, and it takes a specialized skill set. Attacks are always changing, and patching is not a sufficient strategy because of zero-day attacks. Some attacks encrypt files at random, others use ransomware from automated bots, and still others use better social engineering techniques to get users to click a link or a file. The high-profile attack in Atlanta revealed 2,000 vulnerabilities and caused months of disruption.
IT leaders own it when there’s a breach, and that event follows them wherever they go. The best practice is a three-tiered approach of prevention, detection and recovery.
Describe why it’s difficult to make comprehensive improvements in local government IT?
Roger: It takes many years to introduce major change that is tied to public funding processes. Bonds, elections and politics all have an impact, and funding commitments are not guaranteed from year to year. Contracts tend to be short term, meaning strategic changes are hard to maintain. Also, it’s hard to rip and replace systems that are highly customized and often embedded. Furthermore, a key constraint is that it’s hard to find programmers such as those who know COBOL for old systems. And don’t forget the challenge of mobile – every mobile app would have to be customized because you can’t use the development frameworks available today on legacy systems.
Q: What are examples of governments that are making good use of technology?
Ben: San Francisco is one. The city’s building-inspection process involves inspectors from multiple departments looking for different things, and they all relied on paper job cards. The info would be put into two separate Oracle databases where the same permit would have two different numbers. But, by using SaaS on a tablet they could update the info that everyone could access and check to see what other departments had done. So, instead of leaving a building saying “everything looks good but I need to check that you’re fixing your fire sprinkler before I can approve your permit,” inspectors could see it before they left and not hold up the permit process.
Another example of good use of technology is mobile apps for emergency responders. One really interesting company is Callyo, which serves emergency responders. They have a freemium video solution where officers can record, stream and store video from their cell phones rather than buying a body camera. Another one of their apps is this nice workaround for delivering the location of a 911 caller to dispatch, which is actually a really big issue in dispatch centers because a lot of them don’t have that capability built in so they just rely on the caller to tell them where they are. You don’t need to integrate into the dispatch console, though, all you need is an app where the caller consents to send their phone’s location to the dispatcher.
A third way of example is how governments are making better user interfaces and user experiences. The reason for a lot of citizens’ frustration with government comes from complicated backend processes that rely on older, complicated systems. A lot of this can be improved on the front end with changes to user interfaces, including web pages, apps and forms. One example here is SeamlessDocs, which turns PDFs into interactive web content. With this an agency can capture user information and repurpose it in several places.
Q: What’s a starting point for governments to introduce more innovation?
Roger: Start with the problem you’re trying to solve, not the solution you want to use. This is often more citizen engagement, better service, more security or the need to lower risk. In IT cost is always an issue, so consider a discretionary funding model. This turns capital costs into operating costs, so there’s less upfront investment for equipment, for example, and predictable costs every year.