Texas does things big. Our land is big. And our usage of information technology (IT) is big.
However, Texas state government is currently experiencing a lack of understanding of the overall size, scope and true status of its largest IT projects, worth billions of dollars in total. In 2016-17 this became a concern at the legislative level, indicating that a change was clearly needed.
"As we've seen, there exists a glaring need to provide more transparency and oversight of state agency contracts. By adding scope and quality to the list of performance indicators the state’s Quality Assurance Team (QAT) evaluates, the legislature will receive a more representative sample of the state's major IT projects which will help to address issues before they arise" said Rep. Giovanni Capriglione (R-Keller), the bill’s sponsor.
House Bill (HB) 3275 became law in Texas in June, and takes effect on January 1, 2018. It requires state agencies to improve the measuring and monitoring of large IT projects to collect and report on schedule, cost, scope, and quality. If these measurements go out of bounds, more intense scrutiny is then triggered, potentially requiring a corrective action plan. These measurements will be visible to the public via an online, user-friendly dashboard, and will be summarized annually in a report to state leaders. The implications and challenges of this new law for agency leadership are being studied.
“With proper IT measurement discipline we can expect: improved visibility into project performances, the prevention of future disaster projects, and the stimulation of continuous improvement initiatives in all state agencies”, said Herb Krasner, the bill’s champion.
This bill is the first step in a broader strategy to improve the acquisition of IT capabilities across all state agencies. This will allow the state to become more efficient, effective, transparent, accountable, less wasteful and continue to provide excellent services to the citizens of Texas.
Mr. Krasner also help passed Texas Cybersecurity Act (HB 8) which will:
- Develop a state level plan to address cybersecurity risks and incidents, coordinate with national centers of excellence
- Establish an information sharing and analysis center: a forum for state agencies to share information regarding cybersecurity threats, best practices, and remediation strategies (e.g. state CERT, critical infrastructure priorities, threat criteria,etc.).
- Establish cybersecurity council: includes public & private sector leaders and cybersecurity practitioners to collaborate & provide recommendations
- Create a Senate Select Committee and House Select Committee on Cybersecurity to study risks and vulnerabilities, and the infosec plans of each agency
- Conduct a study regarding cyber attacks on election infrastructure
- Each state agency will conduct a cybersecurity assessment of its IT systems, network systems, digital data storage systems, digital data security measures, and IT vulnerabilities at least once every two years
- Agencies will do periodic vulnerability and penetration tests before deploying certain websites or mobile applications that process personally identifiable or confidential information.
- Develop IT staff requirements for cybersecurity training
- Report cybersecurity breaches ASAP to CISO or above
Herb Krasner is an Retired Senior Lecturer in the Department of Electrical and Computer Engineering at the University of Texas at Austin. Until recently, he taught ECE undergraduate and graduate classes in Java, C and C++ programming, data structures, OOA/OOD, database engineering, software design, agile methods, software process improvement and software system measurement & metrics.
As a systems excellence consultant, his mission, spanning five decades, has been to enable the development of superior software intensive systems, and to stamp out poor quality software, wherever found. He has successfully led over 60 organizational assessments in many different companies and agencies. As Founder, former Chairman and now CTO of the UT Software Quality Institute (SQI), he was largely responsible for creating and shaping this software engineering educational outreach organization into a successful outreach business. He is also the founder of the Austin Software Process Improvement Network, and an Instructor for the American Society for Quality (ASQ) Certified Software Quality Engineer BOK training courses. He was recently elected to the Missouri University of Science and Technology, Academy of Computer Science. He has served as Chairman of several international conferences, as well as, Director of the ACM Scholastic Student Programming Contest. He has served on a number of industry wide task forces on software issues and concerns. He was a member of the Board of Quality Examiners for the Austin Quality Award based on the Malcolm Baldrige National Quality Award.