The National Association of State Chief Information Officers, a group representing chief information technology officers in each state, on Tuesday unveiled a new set of policies it will prioritize as it petitions Washington on behalf of its members this year.
The group’s annual list of “federal advocacy priorities” changes little from year to year, and this year it still supports federal AI policies that respect state autonomy, reauthorization of state and local cybersecurity grant programs, supporting widespread adoption of .gov top-level domains on government websites, and streamlining the many overlapping or conflicting federal cybersecurity standards that states must follow.
The biggest change this year is that NASCIO has switched its support for policies to strengthen states’ cybersecurity workforces to its advocacy for reauthorizing FirstNet, the government’s public safety communications network operated by AT&T. Alex Whitaker, NASCIO’s director of government affairs, said that, of course, workforce remains important for state IT offices, but reauthorization of FirstNet was determined to be a more “urgent priority” this year.
The Senate Commerce, Science, and Transportation Committee has scheduled a hearing Wednesday to “examine the connectivity front, focusing on FirstNet’s role in public safety.” The First Responder Network Authority, the independent agency that manages the network, has its license set to expire in February 2027. A survey last November found that 93% of first responders supported reauthorizing FirstNet.
Congress created FirstNet in 2012 as an answer to the interoperability problems faced by emergency responders on September 11, 2001. According to NASCIO, state CIOs also rely on the network during crises “to ensure that state first responders have the technological means necessary to support disaster response and recovery.”
NASCIO also continues to advocate for “states to take the lead” on artificial intelligence policy issues, departing from efforts by the White House and Congress to preempt states from enacting their own laws regarding artificial intelligence. Aside from some industry support, President Donald Trump’s executive order in December and a number of efforts by Congress last year to force such AI legislation through were unpopular. NASCIO said it was “deeply concerned” and was one of many organizations to sign an open letter condemning efforts to undermine state autonomy.
Whitaker noted that states “couldn’t afford to wait for the federal government to develop adoption and usage policies,” so they have enacted and continue to introduce hundreds of their own AI laws for purposes ranging from protecting children from deepfakes to protecting employees from unwarranted surveillance in the workplace. “They’ve implemented a lot of best practices and they’ve done a lot of really good innovation,” Whitaker said of the states, acknowledging he understands the tech industry’s desire for a more uniform regulatory environment. “But just putting a blanket moratorium on states saying states can’t enact their own laws is a total no-start for us.”
Congressional appropriators last week released a funding bill that updates numerous programs in the Cybersecurity and Infrastructure Security Agency and extends state and local cybersecurity grant programs.
Whitaker said the grant program is popular among state and local technology officials and could be renewed through House or Senate legislation, although the bills vary widely. Last November, the House passed the PILLAR Act, which reauthorizes the program through 2033. After absorbing $1 billion in the program’s first four years, the amount of new funding has not yet been determined, but Whitaker said state CIOs are primarily interested in making sure the program doesn’t disappear. “We want stability in both the schedule and the funding levels and amounts, because without that it’s hard for states to plan. Are we satisfied with the current funding levels? No, because the need is always growing.” It never diminishes. ”
Corrected on January 29, 2025: FirstNet recertification deadline is February 2027, not February 2026.
