The challenges that could change everything The State Policy Road Map: Solutions for the Journey Ahead

When the agenda is not of your choosing

Charlie Baker took office as governor of Massachusetts on January 8, 2015. After a mild start, that month turned into the fourth-snowiest in Boston’s history. Then came February, which was even worse, becoming Boston’s all-time snowiest month.

Though he hadn’t run on a platform of clearing snow, the nine feet that fell during “Snowmageddon” put Governor Baker in the media spotlight as he dealt with broken trains, clogged roads, and a snowed-in airport. How well did Baker meet the challenge? After his first 100 snowy days in office, Baker’s approval rating stood at over 70 percent.¹

For governors in 2018, a number of challenges are brewing, which could define their time in office. Though not every potential pitfall can be foreseen, here are some of the issues most likely to surface—and that governors should be prepared to deal with.

“Governor, we’ve been hacked”

In the past few years, cyber criminals have hacked into every conceivable organization’s data.² Cyber risk for state government is likely to increase, as cyberattacks grow in volume, intensity, and sophistication. A major data breach can be costly not only financially, but also in terms of citizens’ trust. Moreover, a data breach can disrupt other policy priorities, as attention is spent in responding and recovering.

The most recent Deloitte-National Association of State CIOs (NASCIO) biennial cybersecurity survey shows that cyber risk has risen in importance in the eyes of governors and other state executives. Moreover, cybersecurity is becoming part of the fabric of government operations, with 29 percent of state chief information security officers providing their governors with monthly reports on cybersecurity. On the other hand, most states face a resource crunch in fighting cyber threats, both in terms of funding and talent. For most states, cybersecurity is less than 2 percent of their total IT budgets.³

Unfortunately, cybersecurity professionals seem to be in short supply and high demand. States should consider augmenting the capabilities of their cyber workforce through effective outsourcing and the use of cognitive technologies. For example, states could consider automating parts of the investigation of security alerts. Artificial intelligence and data analytics can likewise mitigate the effects of any cyber talent shortage. It is possible to analyze network traffic flows to identify suspicious activities, but this sort of analysis “does require savvy cyber professionals with a particular set of skills that can recognize and act on the insights gleaned from analyzing big data sets.”⁴ Living with cyber risk appears to be the new normal, and managing it likely an essential part of achieving optimal performance in a digital government. The real test could lie in how state governments anticipate and counter any threats in this ever-shifting cyber landscape.

Learn more about cybersecurity in government in these Deloitte studies:
2016 Deloitte-NASCIO cybersecurity study	Government’s cyber challenge: Protecting sensitive data for the public good	AI-augmented cybersecurity: How cognitive technologies can address the cyber workforce shortage

Regulating in an era of exponential change

How do you regulate a moving target?

In 2017, self-driving cars were giving passenger rides in Pennsylvania, and self-driving trucks were delivering beer in Texas. Who can say what autonomous vehicles will be doing five or ten years down the road?

States are expected to play an important role in this emerging future, not only as regulators and policymakers, but also by allocating research and development funds, especially in cases where the federal government is providing resources. States can also use their influence as a purchaser of vehicles. From a policy perspective, self-driving cars could be a game-changer for the elderly, the young, and the disabled—but presumably only in states with a regulatory structure that appropriately balance safety concerns with innovation.

Self-driving cars are just one of the emerging technologies that states need to grapple with. The Internet of Things offers great potential, but could also create great risk. A vulnerable connected device can threaten an entire information ecosystem, putting public infrastructure at risk. Cryptocurrency, ridesharing apps, home sharing, apps that detect medical problems (does your smartphone qualify as a medical device?)—the tech revolution seems to be creating a regulatory maelstrom for state governments.

There are more questions than answers right now, and there could be many reasons for that. For example, innovation often moves fast, while regulation tends to move more slowly.

In a fast-moving and increasingly complex world, regulators are challenged with protecting citizens without stifling innovation. Regulate too much and you risk stymieing innovators. Wait too long and you risk losing the opportunity to regulate a new technology before it becomes widespread. The whole “ignore until large” strategy can sometimes backfire, since “large” can happen very quickly and regulators may not have the luxury to wait and see what happens.

Consider unmanned aerial systems (UAS), aka drones, which have a multitude of applications in law enforcement, disaster response, wildlife tracking, and even pizza delivery.⁵ But the technology could also pose a threat to privacy and security, and can even end up as tools for terrorists. Taking this into consideration, at least 38 states are considering regulations related to UAS in the 2017 legislative session.⁶ But how can legislators and regulators make informed judgments?

More than the particulars of any given regulation challenge could be the need for rethinking the whole approach to regulation. One outside-the-box approach is to consider leveraging technology to connect with citizens, especially early adopters. For example, New York State Department of Financial Services superintendent Benjamin Lawsky found a way to engage with citizens on the recent bitcoin regulation. He participated in a Reddit “Ask me anything” session, opening up a dialogue with hundreds of citizens on pending regulation. By using the Reddit platform to engage with citizens, Lawsky was able to address issues for the bitcoin community, and CoinDesk reported that his session “provided more evidence to suggest that he intends to craft legislation that strikes a balance between the needs of law enforcement and bitcoin entrepreneurs.”⁷

Innovative thinking could hold the key in reimagining the future of rulemaking, helping regulators sense emerging technologies before they reach scale.

Learn more about cybersecurity in government in these Deloitte studies:
The regulator of tomorrow	Regulating ecosystems	Governing the future of mobility

Modernizing legacy systems

“Without investments in legacy system renovation, modernization, or replacement, the ability of states to operate as a modern organization and serve its citizen is at risk,” declared the NASCIO report in 2008.⁸ Today however, a decade later, the goal of legacy modernization still continues to be one of the top priorities for state CIOs.⁹

The reason seems obvious. These legacy systems often serve mission-critical functions, but are likely running on outdated technology at risk of failure. Moreover, the unsupported platforms they run on can make sensitive data more vulnerable to cyber hackers.

This challenge is not unique to state government. At the federal level, maintaining legacy systems takes up more than three-fourths of the IT budget.¹⁰ Comparable data for state and local governments is harder to come by, and even new systems will require maintenance, but every extra dollar spent on maintaining old systems is a dollar unavailable for investing in new technologies.

The financial cost of maintaining these older systems may be just the tip of the iceberg. Because these legacy systems typically use older programming languages such as COBOL, there could be additional costs. One is that these legacy systems usually aren’t very flexible, making it difficult to modify processes, especially in light of digital transformation. It can be extremely difficult to make use of predictive analytics, artificial intelligence, or other newer approaches when a foundation is outdated—which limits the ability to put these cutting-edge tools in service to constituents.

Another issue is finding programmers familiar with these dying languages in today’s millennial workforce. With state government workforce expected to retire in hordes in the next few years,¹¹ the governments could face a crunch.

For more insights on digital transformation in government, check out Deloitte’s digital government transformation collection.

Many of these legacy systems are mission-critical in nature, making the “rip-and-replace” model a highly risky approach for most governments. But over the years, different states have used different solutions to modernize the IT infrastructure, including migration, augmentation, and re-platforming/refactoring.

In some cases, state leaders will need to bite the bullet and invest in upgrading new systems. In other cases, more incremental approaches can help state governments move off older systems with less risk.

Fighting the opioid epidemic

One of the biggest threats to American lives in recent times has been from drug overdoses.¹² Opioids were involved in nearly 33,000 deaths in 2015, and opioid overdoses have quadrupled since 1999.¹³ In one survey, over 60 percent of respondents said that federal and state governments aren’t doing enough to fight the problem.¹⁴

Opioid addiction appears to be unlike prior drug epidemics, as it isn’t limited to mostly recreational users of illicit drugs—many people now become addicted while using legally prescribed painkillers. This has provided impetus to a phenomenon referred to as “pill mills.” As opioid use has increased, and users have become more desperate for supply sources, some unscrupulous physicians have begun to set up storefront offices established seemingly to churn out prescriptions for opioids. Once focused primarily on urban areas, these networks quickly adapted to the new demand, targeting communities suffering from economic loss and hardship, including rural communities.

Today, many state governments face a new challenge—how to follow up with patients after the use of the overdose antidote naloxone in order to help curb their addiction in the long term. The opioid crisis creates ripples of challenges, and will likely take multifaceted efforts to address.

State and federal agencies are trying a variety of education, prevention, treatment, and criminal justice efforts to combat the opioid epidemic.

Read more about the opioid crisis and possible ecosystem solutions in Fighting the opioid crisis.

The pension crunch

Unlike a natural disaster or a new technology, pension challenges can unfold in slow motion. Despite their gradual nature, many states struggle to control the level of their pension liabilities.

Large unfunded pension liabilities could have a cascading effect on the economy and on the fiscal health of a state. Annual state fiscal health rankings by the Mercatus Center show that the bottom five states clearly face a significant risk from unfunded liabilities as debt obligations start eating away at current budget allocations.¹⁵ While the buildup has been slow, the downfall could arrive fast and hard if a market downturn hits state pension funds.

Few pension reform options are painless. You can increase employee contributions, reduce payout benefits such as early retirement, and curtail various forms of pension abuse. But the earlier states act, the less painful the remedies might be. The best time to start fixing the pension situation was20 years ago. The second best time is now.

Some states are already tackling the pension issue. But with sluggish economic growth and growing health care costs, states would need to make considerable structural changes to their pension systems.