Print 🖨

This report covers the responses House Appropriations SC on Infrastructure, Resiliency, & Investments received for their RFI for charge 2, regarding evaluating the funding appropriated for, and the cost of, ongoing IT and cybersecurity upgrades and the methodology for prioritizing projects. The RFI for this charge can be found here and responses in their entirety can be found here.

 

The HillCo report below is a summary of information intended to give you an overview and highlight of the various topics included in the responses. This report does not cover the entirety of each response, but aims to provide an overview of the testimony submitted.

 

Texas Health and Human Services (pages 2-13)

  • Legislature provided roughly $8 million in funding for HHSC to create a cloud-based Business Enablement Platform (BEP)
    • $26 million in exceptional item funding for IT and the agency’s security posture
    • $126 million was provided for Data Center Services (DCS)
  • Several IT projects were funded by base and exceptional items totaling around $620 million
  • Supports operations and maintenance of over 6,000 servers and a legacy mainframe environment
  • Without updated, reliable, and scalable IT infrastructure will lead to a lot of incompatibility with new application software in other locations and therefore affect communication
  • Currently consolidating almost 900 servers into the State’s DCS program
  • Will ensure legacy equipment is in a modern virtualized private community cloud environment
  • Ongoing costs will consist of the consolidation of the remaining 40% of the 868 LOI servers and implementing cloud-like technology/migrating to the cloud
  • Legislative Appropriations Request details they are planning to request funding for HHSC Cybersecurity Perimeter and Decryption platform in FY 2022-23
  • Agency will request approximately $10.1 million in HHSC Cybersecurity Security Information and Event Management migration and more in FY 2024-25
  • Anticipated that agency will request $8 million to relocate business process in FY 2026-27
  • Will take roughly $9 million to refresh the Cybersecurity Perimeter and Decryption life cycle infrastructure in FY 2028-29
  • Legislature funded an appropriation request of $6.3 million in FY 2020-21 to complete transition of voice access services to IP based technologies
  • $3 million is base funding for routine network infrastructure refresh program to be developed and deployed
  • HHSC coordinates a governance structure to participate in IT decisions using the IT Governance Intake Project that ensures program requests for IT services are well defined and approved
  • Each HHSC portfolio has an executive steering committee that focuses on prioritization of projects, applications, and ensures committee and program decisions align with HHSC’s goals

 

Department of State Health Services (pages 14-18)

  • Exceptional Item 1b was granted $5.8 million in general revenue funds pertaining to Laboratory Information Management Systems (LIMS) improvements
    • LabWorks, LabWare, and Harvest are the scope of DSHS and must be transferred to DCS; upgrades are expected to be completed by the end of October
  • Exceptional Item 4 relates to Texas Enhancement of the National Electronic Disease Surveillance System; program FTEs costs around $690k, IT $3.5 million, COVID Scope Expansion $2 million
  • Item 4 supports bolstering statewide infectious disease reporting, public health exchange, outbreak response capability
  • COVID-19 Scope Expansion resulted in increased capital costs for several different areas approximately $6 million
  • Exceptional Item 5 pertains to Video Direct Observed Therapy Pilot (VDOT); does not need funds to provide capital authority to acquire IT solution
  • Item 5 makes it easier to treat people with outpatient medication therapy for individuals who test positive for tuberculosis infection
  • Short term solution in response to COVID-19 allowed DSHS to secure a temporary VDOT solution using an emergency procurement that was $77,500; long term solution relates to solicitation and contracting
  • HB 2041 pertains to Freestanding Emergency Medical Facility Data Collection that accounted for $841,886 and 1 FTE
  • DSHS worked with FEMC stakeholders to communicate about the new requirement and discuss needs that will allow FEMCs with other facilities that report quarterly

 

  1. Bentley Nettles, Texas Alcoholic Beverage Commission (pages 19-21)
  • TABC requested $13.5 million in capital funding and authority for its technology transformation initiative needs; legislature appropriated $9.9 million
    • Funds will be used to replace up to 18 of the agency’s disparate legacy systems
  • Anticipated annual cost to be $1.2 million a year to cover Alcohol Industry Management System cradle-to-grave solution, Google Cloud platform, and ongoing maintenance/fees
  • Expects by FY 2024, DCS costs for current infrastructure will significantly decrease due to decommissioned legacy systems and purging of data from old systems
  • Strategy for FY 2022-23 assumes capital appropriation and authorization in the amount of $6.5 million in agency’s LAR will be appropriated to finish AIMS solution
  • Prioritizing projects will be done by building out agency’s data management needs in line with the Department of Information Resources’ Texas Data Management Framework
  • Anticipates requesting capital funds and corresponding authority in FY 2024 and beyond on a smaller scale to incorporate functionality needed for new requirements set forth by statute

 

Texas Department of Criminal Justice (pages 22-24)

  • Using appropriated funding to keep IT infrastructure up to date: $32.5 million in 84th Legislature, $34.1 million in 85th Legislature, $68.6 million in 86th Legislature
  • Ongoing initiatives include the Personal Computer Replacement Program, ensuring users have modern desktop technology helping with cybersecurity
  • Participates in Department of Information Resources data center services contracts helping to ensure modernization of all network infrastructure
  • Used past and current appropriations to invest in Microsoft 365; Offender Management System needs to be upgraded/replaced
  • $24.2 million project of funding ongoing IT and cybersecurity upgrades, included the potential purchase of Microsoft software and services; was not executed
  • Appropriation for the Corrections Information Technology System (CITS) was accepted as part of the reduction plan stage; agencies were required to submit a plan
  • CITS is crucial to meeting modern operational and governance needs, while also allowing the use of the most current cybersecurity technologies available
  • Will continue to seek funding through traditional legislative avenues while researching other options

 

Texas Department of Licensing and Registration (pages 25-26)

  • 86th session top budget priority was developing a unified licensing system to modernize agency IT and cybersecurity capabilities
  • Created a plan for a new licensing system that will eliminate nine old computing systems; Phase I of implementation is on target to mitigate 77% of individual and business licenses
  • Will place the following licenses in the new Texas Licensing System: Massage Therapist, Cosmetologist, Barber and Electrician
  • Have selected a vendor that employs the Agile methodology to develop the new licensing system and framework; phase I of plan allows flexibility after the vendor is gone
  • Phase II funding includes transferring several programs to the new licensing system and developing an inspectional framework
  • After Phase II is complete, will continue any system mitigations in order to have one licensing system; will continue to modify and maintain TLS to meet changing needs

 

Amazon Web Services (pages 27-30)

  • The commercial cloud provides enhanced security, privacy, and is very cost efficient
  • DIR has been working to make it easier for state agencies and local governments to modernize their IT and move to the cloud with its reports and guidance
  • Texas Legislature enacted a cloud first directive as part of SB 532
  • MGT Act incentivizes federal agencies to reduce costs on IT and modernize aging legacy systems that are at risk
  • Federal CIOs can prioritize funding for system upgrades to take advantage of technologies like the commercial cloud and bolster cyber defenses

 

John Fanelli, Hughes (pages 31-35)

  • Managed Software Defined Wide Area Networks provide a way for agencies to modernize and meet current network demands
  • Main challenges facing agencies with lack of transformation is bandwidth, budget, and security
  • MPLS T1 lines average $400-$600 a month for just 1.5 Mbps download speed; broadband access line is $100-$250 per month for 25-100 Mbps download speeds
  • Creating a hybrid architecture effectively transforms and modernizes agency endpoints
  • Proposed a System Security Plan; regularly updates to secure agencies from network threats
  • Most effective transformations build upon existing technologies and enhance existing networks

 

Michael Schroeder (page 36)

  • 72% increase in ransomware attacks since COVID-19 began targeting country state agencies
  • Claims a well-timed ransomware attack is a huge threat for the 2020 election

 

Rubric for Ransomware Remediation (pages 37-38)

  • Network and software offer native immutability, fast recoveries, and granular visibility; great protector service that cannot be consumed by ransomware
  • The approaches listed previously work to keep backups safe, recover with near zero RTOs, and understands scope of damage