Enterprise architecture is the sleeper trend in NASCIO’s annual CIO survey
The National Association of State Chief Information Officers on Tuesday published its annual CIO survey, which collects responses from top technology officials in most states about their current IT practices and expectations for the future. Doug Robinson, the group’s executive director, told StateScoop that, as in past years, 2024’s results contain few surprises, but that careful readers can glean interesting hints of emerging trends.
In addition to expected topics such as generative artificial intelligence — the report’s opening section — digital services and workforce, the report also contains a telling section on enterprise architecture, a term used to describe organizations’ overarching business processes and organization.
Being an arcane topic outside CIO offices may have contributed to its uneven support over the years. Robinson said recent heightened interest in AI and cybersecurity are driving support for states to improve their enterprise architecture. Efforts to clean up datasets and rethink business processes now seem more attractive projects to lawmakers and governors keen to lace AI into their states’ operations.
NASCIO’s report shows that states exhibit low levels of maturity with regard to enterprise architecture: Only 13% reported a “high” level of EA maturity, and a plurality — 35% — reported a
“low” level of EA maturity.
“When you look at the data, that is one thing we clearly need to work on,” Robinson said. “The encouraging news is that most states have an enterprise architecture program. However the level of maturity — more than half the states are still not at that mature level.”
Robinson, who served as Kentucky’s deputy CIO more than 20 years ago, said he’s watched as enterprise architecture has received “choppy” levels of attention, but that it’s never stopped being an important scaffolding for nearly everything states do with technology.
“We’ve had kind of a rollercoaster. That’s what’s concerning. We haven’t had even a nominal steady growth of EA as a discipline and as a practice,” he said. “It comes and goes and certainly took a big hit during the recession, 2008, you saw a lot of those programs just either get underfunded or just be mothballed for a while.”
Generative AI
Robinson said he expects NASCIO will spend the coming year emphasizing aspects of enterprise architecture, such as data architecture and business architecture. Interest in data, the fuel for AI systems, has skyrocketed since the public launch of ChatGPT in November 2022.
According to NASCIO’s new report, generative AI tools are being widely used by employees across state governments for a wide range of functions. Fifty-three percent of CIOs said state employees use generative AI tools for daily work, 29% said employees don’t, 6% said they didn’t know and 12% had “other,” more detailed responses.
Free online generative AI tools were the most popular — 65% said they used those — compared to 59% who said they used commercial products and 35% who said they’re using custom products developed by third parties and 16% using custom homebrewed software.
The four most common uses of generative AI named were virtual meeting assistant transcription, cybersecurity operations, document generation and management, and software code generation.
Federal cybersecurity grant program
The report touches on a host of other topics that fall to state CIOs, including business continuity, identity and access management, “acquisition” and workforce. It also covers the critical topic of federal cybersecurity grant funding, an advocacy priority for NASCIO long before the Department of Homeland Security rolled out its $1 billion State and Local Cybersecurity Grant Program in 2022.
The association’s new report shows that 80% of CIOs would like the program to continue as it is, and 18% are interested in continuing federal grant funding, but with some modifications.
Robinson said the grant program receives two main criticisms. One is that for states that don’t run “whole of state” cybersecurity programs — in which the state government administers security services through its IT office to local government agencies, sheriff’s offices, schools and other public-sector agencies — administering the program is a lot of work for a relatively small amount of money. All states are required to distribute 80% of their cybersecurity grant funds to local governments.
Robinson said the other common criticism is that the matching requirements are a burden for some states. Federal officials acknowledged that burden at an event in Washington last March. “If that is something that is sounding daunting, to you as a state or local government official, please let us know and we can work with you on ways to make that less painful,” Bess Mitchell, a grant operations chief at the Cybersecurity and Infrastructure Security Agency told the Washington summit audience last March.
“What we found is there’s high, high support for the concept of a federally funded grant program. The question is how it’s implemented,” Robinson said. “Should it go completely to the states or should it go directly to locals? And the overwhelming majority of the state CIOs favor the continuation of the grant, they would just like to see it done differently.”
With cyberattacks as costly for state and local governments as ever, Robinson said he’s hopeful the federal government will continue the grant program beyond its initial four-year commitment, but that to his knowledge no one in Washington has proposed or is seriously considering such a continuation.
In fact, NASCIO drafted a letter last June urging Congress not to pull funding from the ongoing program, following rumors that it was being targeted by appropriators for clawbacks.
NASCIO’s 2024 survey shows there’s a great demand for cybersecurity services, particularly cybersecurity training, the most common use of the funding.
“At the end of 2025, let’s look at the analysis of the impact of these grants,” Robinson said. “In some cases, the state do want to promote a whole-of-state model, but is this particular approach sustainable? That’s what people are questioning right now.”