Cyber crime, climate change and AI are top threats, US state CIOs tell IBM

US state CIOs are ramping up preparations for cyber threats, climate emergencies, workforce shortages and AI, according to a report looking into potential future shocks that America might face.

The joint report by IBM, the National Association of State Chief Information Officers (NASCIO), and the Centre for Digital Governance (CDG) interviewed 20 US state CIOs, including Texas, North Carolina, and New Jersey, on what future disruptions they expect and how they plan to tackle them.

The state CIOs interviewed stressed that cyber threats continue to be front and centre of future risks, especially by hostile nation-states or other organisations.

According to the report, CIOs expect the threats to escalate and become greater dangers as attackers employ AI and other tools.

“It would be hard to think of any threats bigger than cyber threats. You can bolter, reinforce, train, and bring in technology, but it only takes that one lapse,” noted Chris Rein, New Jersey’s CTO.

According to a recent study, business leaders are equally as anxious about the increased cyber risk, with over 60% concerned about the prospect of a second ransomware attack, and 71% of leaders admitting their businesses wouldn’t be able to withstand it.

Climate disasters are also proving to be an imposing risk for state CIOs, with huge wildfires and floods proving to be a major threat to critical infrastructure, the report states.

“Roads could become impassable. Power, network, or phone lines could be cut, so there are several ways these potential threats could negatively impact us,” says Alan Fuller, Utah’s CIO.

To prepare for worsening climate conditions, state governments will need to build on and advance the systems and processes they put in place during Covid, the report reads, including hybrid work infrastructure, stronger identity management, and portable workloads.

Legacy systems

Another common impending vulnerability for the CIOs is legacy systems and the niche workforces that support them.

As in the report, legacy systems struggle to adapt to new needs and can’t change fast enough in a crisis, and those who know how to run these systems are beginning to retire.

This also contributes to the widening skills gap that is concerning the CIOs interviewed, who say the gaps are pervasive within state IT organisations.

“When you look at the percentage of employees eligible for retirement in the public sector, it really gets to be staggering,” said Amanda Crawford, CIO of Texas.

“We’re working to build up those resources in the pipeline, but at the same time we’re building the pipeline, we have increased demand for technology and the evolution of technology.”

Other issues US state CIOs are preparing to face include economic uncertainty, a high turnover of state CIOs affecting long-term planning, the housing crisis in America, and AI and partner resilience.

“We don’t fully understand yet what generative AI and some of these newer technologies will bring forward,” comments Jim Weaver, North Carolina’s CIO.

“As we look across the threat landscape, we need to figure out how to make effective use of these tools – and we need to make sure we have people who are skilled in the right areas.”

In an interview with TI, Michael Natusch, founder of insurance firm, Prudential’s, global Centre of Excellence for Artificial Intelligence, said that in comparison to the EU’s AI regulation, the United States “offers lots of opportunities but doesn’t offer any protection”.

According to Natusch, the EU is to set the strictest AI rules while the US is likely to be more lenient.

Still, New York City implemented an AI Bias Law a couple of months ago to tackle unlawful employment practices in using AI to screen candidates, and further AI state-specific legislation is pending in California, Colorado, Connecticut, Washington D.C., and Texas.

To read cyber security expert’s advice on how to prevent an attack, read TI’s Ransomware Report here