States Strive to Protect E-Gov Gains Post-9-11

For states in the vanguard of e-government the delivery of government services via the Internet -- post 9/11 security concerns are posing new challenges at a time when the fiscal squeeze felt by most of the states is affecting information technology budgets.

Early innovators such as Pennsylvania and Texas, which were among the first to move transactions such as licensing, taxes and fee collection into an electronic environment, now find themselves faced with a climate that places greater demands on IT systems even as the prospect of having less resources looms over them.

As a result of the September terrorist attacks, issues that were once confined to worst case disaster planning sessions are now mission-critical for government IT planners. High on the list of issues getting greater scrutiny is the need for more attention to potentially sensitive information, and the crucial role of state portals in disaster recovery planning.

"We have begun to take a critical look at the content on our websites," Sandra Mateer, Director of the Office for IT Planning and Support in Pennsylvania's Office for Information Technology, told Stateline.org. "Whereas we were in the mode of developing rich content for citizens and businesses, now we are particularly sensitive to how information might be used by those wishing to do harm."

Given its potential for misuse, data for geographical information systems (GIS) is emerging as one area requiring special attention. Typically used by urban planners, zoning and tax departments and emergency service personnel, GIS data includes digital mapping information and detailed photography from satellites and high-altitude airplanes.

Private sector demand for the data has increased in recent years, for applications such as digital mapping services and remote GIS sensing devices for travelers. Officials worry that the detailed geographic data could also be used to plot future attacks.

In coming months, Pennsylvania will develop a stronger GIS strategy by pooling agency GIS resources and setting standards for the use of the data, Mateer said.

Concerns about GIS and other potentially sensitive data were also the focus of a recent review of the information published on the TexasOnline portal. "I think the GIS data is our biggest concern," said Phil Barrett, TexasOnline Director. "We were going to put more of that type of information out there, but we're holding back at this point, and looking at the issue in much more detail, to determine what will be appropriate.

A greater emphasis on disaster preparedness and recovery has also broadened the scope of issues facing IT planners.

As part of their ongoing review of security issues statewide, Texas officials are making sure that vendors have the capacity to quickly restore priority applications and systems in the event of an attack on one of the state's major data centers.

"It's another one of those things that you didn't have to think about so much in the past, that multiple sites around the state or the nation that use the same vendor could be hit simultaneously. It's just one more area where we're double-checking our systems and our security" said Barrett.

In Pennsylvania, where the events of September 11 have a special resonance in light of the crash of United Airlines Flight 93 near Shanksville and in the later elevation of Gov. Tom Ridge to the newly created position of Director of Homeland Security for the Bush Administration, several executive orders have set forth the direction of the state's security and disaster recovery planning.

While they have not dramatically changed the state's approach to e-government, the emphasis on security and emergency preparedness ensures that business continuity planning is uniform across state agencies, according to Scott Elliott, a spokesperson for the Governor's Office of Administration.

As a result, infrastructure and applications are viewed as "the tools that enable us to effectively share information among ourselves to make the state more secure, and better prepared to respond during an emergency," said Mateer.

In both states, the advantages of having innovative systems in place prior to the September attacks make it somewhat easier to cope with the demands of the new climate of wariness. More troubling, however, is the prospect of taking on new responsibility in a time of belt-tightening and economic uncertainty.

"I think the economic slowdown has had a much greater impact on our e-government initiatives than has the current situation with terrorism," said Elliott, who notes that both Gov. Mark Schweiker and former Gov. Ridge dramatically increased Pennsylvanias investments in technology.

In its last session, in 2001 -- prior to the September attacks -- the Texas legislature approved an increase in IT staff designed to help beef up security at government-operated websites statewide. When they next meet in January, however, economic constraints will likely result in less available funds for agencies across the state.

"The economic effects of September 11 have rippled through the nation, and as a result of the economic downturn, we're seeing less and less funds available across the board," said Barrett. "I suspect that will hamper a number of new initiatives that aren't security-related."