Monday, April 25, 2022
Insights from Tim Paydos and Mike Stone

The response to the COVID-19 pandemic illustrates that stable and effective government action has been key to managing through the crisis and addressing its longer-term implications. Moreover, collective strategies have led to identification and resolution of challenges in way that brings together government leaders, scientists, data analysts, health care organizations, academic institutions, and industry. So, how can governments emerge stronger and better prepared for future shocks?

IBM Global Government leaders Mike Stone and Tim Paydos, authors of the IBM Center report, Emerge Stronger and More Resilient: Responding to COVID-19 and Preparing for Future Shocks joined me on The Business of Government Hour to discuss their report and share insights on how governments can better prepare for future shocks. The following is an edited excerpt of our discussion.

On the Three Phrases of the COVID-19 Pandemic. Governments found themselves right at the middle of the COVID-19 response. We witnessed an incredible explosion in demand for government services and benefits in the aftermath of the pandemic. For instance, Australia’s federal human services department, Services Australia, directed citizens to file claims for welfare payments online. When nearly 100,000 people tried to access it simultaneously just after nine a.m., however, the government’s MyGov website crashed. In the U.S., twenty-six state unemployment websites likewise had crashed by April 15, 2020. When these things happen citizen trust in government erodes. These kinds of challenges illustrate phase 1 of the response, which was focused on emergency response and business continuity...basically keeping the lights on and shifting to remote work. In fact, we shipped 450,000 laptops into New York City to help disadvantaged students who had to learn remotely. Many of these kids lacked access to WiFi, s they also needed cell cards in order to access the internet. Together, organiza­tions and governments collaborated during phase 1 to track the pandemic’s spread, to support under­privileged students who suddenly shifted to virtual learning, and to modernize unemployment agencies’ systems to accommodate surging requests for citizen benefits.

The second phase was all about recovering and rebuilding. This involved using deeper analytics to track the virus, contact tracing, vaccine management, and vaccine credentials. Again, organizations teamed up with their government partners to tackle mission-critical problems using deeper analytics to track the virus spread, contact tracing, vaccine management, vaccine credentials, and exposure notification.

Now, most of the world finds itself waist-deep in Phase III. We can see the light at the end of the tunnel. The question that governments are asking themselves now is how they can emerge stronger and more resilient from this pandemic and be better prepared for the next shock whatever that may be. So, some of the grand challenges emerging throughout these three phases encompass the exploding demand and near breakdown of services, shift in fiscal priorities, an adapting workforce, and the eroding trust in government.

On Big Challenges and Big Solutions. One thing to recognize is that despite the shift to remote work the bandwidth stood up to it all. As we reflect on the many lessons learned from this pandemic, we understand that there are some real big challenges, which require big solutions.

  • The first is the need for rapid innovation and agility. Many governments, even the slower one caught off-guard by the pandemic, quickly shifted and were able to response. We witnessed rapid innovation and modernization which led to improved agility; it was all quite impressive.
  • The second theme centers on trust and transparency. If you put aside security and privacy concerns, then it’s easy to innovate and deliver new services. But that’s also the way to lose the trust because when we provide these new services in new ways, we’ve got to balance protecting the citizens’ rights, their privacy, their personal liberty, and ensure equity.
  • The stress of the pandemic exposed existing gaps in security infrastructure and created new ones. The latter gaps must be addressed as we move forward rapidly.
  • The fourth area is around the workforce. The workers of today need to become the workers of tomorrow by learning new skills and technologies that will become ubiquitous. We have experienced a decade’s worth of digital transformation in two years. Governments must invest heavily in addressing this talent challenge.

On Improving Citizen Services, Infrastructure, and Enhancing Systems Security. There are three additional implications that string together because they’re all related. We need to reimagine citizen engagement models and supporting government operations. Even before the pandemic, consumers were pampered with unprecedented levels of convenience. From online shopping and streaming media to ridesharing and mobile banking, they’ve gotten used to getting what they want, when they want it, and with a frictionless customer experience. That became especially apparent during the pandemic, when quarantined consumers became even more reliant on convenience, thanks to services like food delivery and telehealth. We were looking at one state that has twenty-two different social services agencies; each have their own website that a citizen would have to navigate through. Gee whiz, that’s kind of difficult, right?

There is a balance needed to not only create this frictionless citizen experience but modernize the backend to support that additional surge. We mentioned that twenty-six out of fifty states’ unemployment systems crashed. Why is that? Well, they had these old transactional systems so when the demand on that system went up by 900%, the system just crashed. It couldn’t cut checks fast enough. These systems ought to modernize migrating them into some sort of cloud-based approach so states have elasticity and can adapt to demand surges. It’s balancing the citizen need with the modernization of the backend and then another implication is securing it. Government modernization during the COVID-19 pandemic has yielded essential new systems and services. The speed at which governments stood them up, however, means security in some cases might have been overlooked, ignored, or abridged. As a result, government infrastructure has become a vulnerable and attractive target for cyberattacks. The lesson is clear: Governments can no longer afford to treat security as an afterthought and must bake it into new services and systems from their inception—preferably with a zero trust posture.

On Adopting Key Zero Trust Principles. This zero-trust approach enables the protection of the IT and OT at the foundation of government services by adopting key zero trust principles:

  • Preserve citizen private and sensitive data with a focus on simplifying and securing user onboarding, managing user preferences and consents, and enforcing privacy regulations controls.
  • Reduce the risk of insider threat by enforcing least privilege access, discovering risky user behavior, and embedding threat intelligence.
  • Protect the hybrid cloud by managing and controlling all accesses, monitoring cloud activity/configurations, and securing cloud native workload.
  • Secure the remote workforce by securing bring your own (BYO) and unmanaged devices, eliminating VPNs, and providing “passwordless” experiences.

Government organizations can’t simply spend or hire their way to a healthy security posture. To close critical capability and skills gaps, several approaches and technologies are needed.  These new technologies have ushered us into the cognitive era of security. Cognitive security solutions can understand context, behavior, and meaning by analyzing both structured and unstructured data. These next-gen cognitive security solutions can enable government security teams to:

  • Enhance the capabilities of junior security operations center (SOC) analysts by giving them access to best practices and insight that used to require years of experience.
  • Improve the response speed by applying external intelligence from blogs and other sources in an effort to take action before threats materialize.
  • Quickly identify threats and speed detection of risky user behavior, data exfiltration, and malware infections using advanced analysis methods.
  • Gain greater context around security incidents through automation of local and external data gathering and reasoning.

Cognitive security solutions can be used in combination with automated, data-driven security technologies, techniques, and processes to help ensure the highest levels of context and accuracy.

On Balancing Innovation with Stronger Governance. Governments need to balance faster innovation with stronger governance, control, and cost takeout. An oft-cited “silver lining” of the pandemic is that it forced governments to innovate and modernize at breakneck speeds as we described above. Going forward, governments must learn how to maintain a rapid pace of innovation while also exercising strict governance and controls that allow them to be good stewards of data and dollars—for example, by moving to a hybrid cloud approach that facilitates DevSecOps in a way that marries innovation with control and gover­nance. And considering the need to pay down the debt accumulated throughout the pandemic, avoiding shortsighted decisions to cut or constrain digital programs will not only deliver greater citizen engagement, but also deliver cost savings in the mid- to long-term.

On Modernizing Supply Chains. From shortages in consumer products, to the price of commodities, to insufficient access to N95 masks and ventilators, the pandemic exposed the fragility and interdependence of global supply chains, the pandemic really exposed the fragility and interdependence of our supply chain. It truly exposed the many downsides of this “just in time” approach to supply chain delivery. It has become clear that we need to diversify our supply chains, including onshoring of some key manufacturing. The focus should be on accelerating the modernization of supply chains for control, integrity, and dynamic agility. The public and private sectors must collaborate to modernize and regionalize supply chains in ways that make them more agile, adaptive, and resilient. In addition, governments need to design with a focus on supply chain integrity. The pandemic exposed just how dependent organizations were to singular sources of supply . Essentially, governments and private sector organizations alike are now rightly seeking to diversify their supply chains. But in the case of governments, they also need to consider industrial strategies to protect sovereign needs.

On Enhancing Situational Awareness and Building a Robust Analytic Foundation. Then there’s situational awareness. When we entered this pandemic, we were initially blind as it unfolded. The actions required to respond and recover from the pandemic underscore the importance of both quan­tity and quality of data. To gain visibility into both problems and solutions, the pub­lic sector needs strong systems and governance, both to capture and organize information for situational awareness, and to turn it into actionable, shareable intel­ligence that can inform decision making at all levels of government. More than that, though, it needs to commit to data integrity and data transparency as a means of rebuilding citizen confidence and trust in government. We need to build a robust analytic foundation for increasing situational awareness, predicting potential policy impacts, and providing transparency.

Data can be seen as today’s most precious resource. I know of no organization that makes effective use of more than 20% to 25% of its existing data stocks which, if you put that another way, means that we’re wasting between 75% and 80% of their most valuable resource. This is before you bring on the entirely new tsunami of data that is going to come because of all the sensors that are now being connected to the internet, all of which can help us with dealing with these low probability events. If we’re able to exploit that data and get enhanced situational awareness out of it, then we need to pursue a robust analytical foundation.

Moreover, data is the foundation and the heart of what I refer to as government 4.0. Government 4.0 is very similar to industry 4.0 in the sense that it’s all about data and digital transformation. One of the key elements of Government 4.0 is the whole layer of AI, refer to as augmented intelligence rather than artificial intelligence because it augments our ability. AI and intelligent automation allow us to be able to deploy oodles of algorithms onto the bandwidth that’s out there and help us to get inside the decision cycle of the competitor, the adversary, the disease, whatever it is, to disrupt rather than be disrupted.

On the Importance of Government Preparedness. If the pandemic taught us anything, it’s that governments are going to need to be better prepared for black swan events. We’re just emerging from the pandemic and bang there is Ukraine. Government leaders must accept that these once infrequent black swan events are going to happen more often. They aren’t necessarily just once in a lifetime event. It could be another pandemic. It could be worsening international relations, potentially going to war. It could be an environmental or climactic challenge or even a major cyber challenge. Government’s must invest significantly in emergency preparation. We must have the right policies in place, the right communication channels, the physical infrastructure to support that, and the technology to expedite our response. Preparedness is job number one for government leaders.