* NBC 5…
Illinois Gov. Bruce Rauner has unveiled a broad-based cybersecurity plan. The Republican announced the framework Tuesday. He says cybersecurity is one of the most pressing issues facing the nation and Illinois.
The plan outlines goals to protect state information systems. But it covers only executive branch agencies directly. It wouldn’t have prevented incidents like the cyberattack on Illinois voter data last fall.
Administration officials say they don’t know the final cost of the plan, but that it will come from existing Department of Innovation and Technology resources. The administration has proposed $900 million for all information technology services in the state’s next budget.
But officials say an additional $250 million was needed to connect agency systems, much of which has already been appropriated. Rauner says a cost-cutting pension overhaul could be one source of funding.
The full press release is here.
An earlier news report tagged the total new money at over a billion dollars and I used that number in this morning’s fax. Sorry about that.
* From the comptroller’s office…
Illinois Governor Bruce Rauner has proven he is willing to close Illinois’ social service agencies and put pinstripe patronage, consultants and computer contracts ahead of the poor, sick and people with disabilities:
· The Governor has budgeted $1.3 billion in appropriations and capital funds for his Department of Innovation and Technology (DOIT), more than is budgeted for the Department of Public Health, the Department of Veterans Affairs and the Department of Agriculture combined. With 1,482 employees, DOIT has a bigger staff than Eastern Illinois University.
· The Governor took $112 million from the Health Care Provider Relief Fund, which uses federal Medicaid reimbursements for – as its name suggests – Illinois’ beleaguered health care providers. At his direction, that money went to consultants and contracts for computer software, instead of doctors and hospitals, who are waiting six months to a year to get paid.
· To fund his struggling $250 million Enterprise Resource Planning (ERP) initiative, his handpicked Comptroller transferred $71 million from the state’s General Revenue Fund in the final days in office to funds used in part to pay for ERP.
· Citing a lack of accountability and transparency, the Comptroller has frozen $27 million in funding for the ERP pending a program review. His administration refuses to answer questions about the ERP, release program timelines or provide an accounting of work performed by the consultants for the millions of dollars they have received. The administration has not provided answers to basic program questions sent by the Office of the Comptroller in a March 10 letter.
The Comptroller’s Office supports modernizing the state’s technology and keeping Illinois’ computers secure, but not at the expense of oversight. Especially at this time of financial crisis, when social services are being decimated, the Governor does not get a blank check to spend whatever he wants on pinstripe patronage without accountability. Accountability is crucial given the glitches and cost overruns reported with ERP programs around the country (see below.)
The $27 million in ERP program funding that was placed on cash management represents just two percent of DOIT’s FY2018 proposed budget – it should not inhibit DOIT’s ability to purse its core mission.
The biggest threat to Illinois is the lack of a balanced budget – not cybersecurity and not the system of checks and balances that require accountability among the branches of government – and The Governor is the only one who can solve that problem. If The Governor believes these ERP expenditures are so critical, he can immediately submit and pass a budget that fully funds them.
* But not all Democrats are upset…
This strategy received bipartisan support from members of the General Assembly. “This is not someone’s pet project. This is critical to the infrastructure of Illinois, to the safety of our citizens and residents. As we have seen other state few people have taken over the grid system, shut down the grid system. That could effect our hospitals, our emergency centers.” said Rep. Jaime Andrade, (D)-Chicago.
* Mark Maxwell at WCIA TV has filed another good story, which has some responses to Comptroller Mendoza’s claims…
(E)ach year that passes without the completion of the governor’s Enterprise Resource Program, [Gov. Rauner] claims Illinois is losing out on roughly one billion dollars.
Hardik Bhatt, Secretary of the Department of Information Technology (DoIT), gave a more conservative estimate, figuring the technology upgrade would save the state between $130 million and $300 million annually. He says those are hard numbers based on actual savings, not potential losses suffered in hypothetical cyber attacks, although those additional losses could also be incurred. […]
Staffers at Illinois’ Department of Information Technology tell WCIA the state and its residents remain at risk with each day that passes without a more secure system in place. Sources close to the ERP developments would not describe specific threats, claiming the public acknowledgement could potentially alert hackers to their internal progress, but did insist critical government infrastructure remains at serious risk in its current state. […]
Mendoza claims she “hasn’t heard back” from Governor Rauner’s office in response to a letter she sent demanding details about the progress, cost, and date of completion of the ERP. But Bhatt flat out denies that accusation, saying he “reached out a few times,” and once even talked at length with Mendoza’s senior strategist and former campaign manager Lauren Peters about the specific upgrades addressed in the ERP. Bhatt describes their conversation as “engaged” and “thorough.”
The other tiff revolves around whether or not Mendoza has legal authority to halt payments to the ERP. Earlier this month, a Circuit Court judge ruled the Office of the Comptroller does have autonomy and discretion to determine which account can be used to issue payments to state vendors, including third party consulting tech firms. Governor Rauner’s office has filed an appeal to that ruling, arguing these funds were already appropriated in the General Assembly which grant the DoIT legal grounds to spend state funds. The department claims those vouchers have already been issued, and because they’re backed by a specific appropriation, the comptroller has an obligation to pay them.
* Maxwell also pointed to a couple of the stories included in Mendoza’s press release about the IT contractors…
* $46m jobless benefits system has over 100 defects
* Deloitte again in cross fire, this time in R.I.
* California sues SAP over failed payroll software project - The project dates back to 2005 and has cost taxpayers more than $250 million so far
* California settles lawsuit over failed state payroll system
* Marin County and Deloitte settle ERP lawsuit under gag order
- Oswego Willy - Wednesday, Mar 22, 17 @ 11:12 am:
For me?
Any Administration that trots out agency heads and they’d own budget director and as a whole can’t cite any cuts necessary within a budget framework… how can I look at this Administration’s price tag and commitment in this realm and see the budgetary thoughtfulness necessary to make the state agencies safe?
A head scratcher to the monetary and budgetary honesty, even outside the commitment and placing budgetary value to that commitment.
Just a head scratcher.
- DuPage - Wednesday, Mar 22, 17 @ 11:18 am:
Rauner wants to cut pensions and use the money to fund his computer upgrade consultants. No, that is not a good idea. Governor, put it in a budget with additional revenue to cover higher education, backlogged state bills, and other critical items first. Then see about handing out sweetheart no-bid contracts to your buddies.
- Ghost - Wednesday, Mar 22, 17 @ 11:22 am:
the ERP system is a new accounting and human resources and timekeeping system.
It does not actually provide any security; just updating old software. the old system is based on old mainframe systems. these are clunky by incredibly secure. the sevurity holes come from windows based environments. the ERP is replaceing mainframe based programs with windows based databases. technologically speaking it creates more security vulnerabilities. mainframes are way more secure. It does dump out oded databases and interfacez; but those interfaces can be redone in house. hire 50 programmers at 100k salary and benefits and you still save millions
- Nick Name - Wednesday, Mar 22, 17 @ 11:23 am:
“Rauner says a cost-cutting pension overhaul could be one source of funding.”
What color is the sky in Gov. Rauner’s world? Asking for a friend.
- DuPage Bard - Wednesday, Mar 22, 17 @ 11:25 am:
Munger transferring $71 mill out of GRF right before she left office? Rewarded with a $135k Deputy Gov job and all her employees get jobs as well. “Just send the money over you’ll be taken care of after this is all done…………see I told you it would be ok” BR
Corruption, fraud, waste and abuse
Madigan!!
- Mr. K. - Wednesday, Mar 22, 17 @ 11:26 am:
I knew DoIT would be in the crosshairs sooner or later. It’s the only agency I’ve worked with that has, apparently, no budget issues. Staffing issues, yes — but budgetary issues? We’ve been wondering where all this money is coming from. Now, finally, some light.
Think NRI was a mess? I’d like someone to suss out the inner workings — and the byzantine and expensive management org chart — for DoIT.
DoIT is NRI times 100.
- wordslinger - Wednesday, Mar 22, 17 @ 11:26 am:
Cybersecurity for executive branch departments is one of the most pressing issues facing Illinois right now?
Who knew? Please explain, governor.
Are the Russkies attempting to interfere with Rauner’s policy of not paying the billions owed state contractors? Is Assange sabotaging the process of busting out public universities and community colleges?
Because those initiatives seem to be going smooth like stuff through a goose right now.
- Michelle Flaherty - Wednesday, Mar 22, 17 @ 11:28 am:
Cyber security is so important that it is the top priority of the second half of his four year term.
- erp user - Wednesday, Mar 22, 17 @ 11:31 am:
It does not work,period. The consultants do pretty charts, base accomplished goal on ones they selected. What is the point of a system without reports. Whoever heard of 3 general ledgers? Alot of money with no return doing a crisis. The question should why now?
- Handle Bar Mustache - Wednesday, Mar 22, 17 @ 11:36 am:
Rauner claims he cut the CMS budget. He dishonestly takes credit for “shrinking” government.
In fact, he moved IT staff from CMS into his new “Dept of IT” agency - and added people to it!
He campaigned on cutting the bureaucracy - here’s one whopper of a case where he’s growing it bigly.
- (un)Happy - Wednesday, Mar 22, 17 @ 11:50 am:
Training to be an ERP user. This software is designed for business not Government. The required approvals alone will set us back YEARS. For example: in order to issue a box of pencils from an agency’s office supply inventory to a unit within the same agency, ERP requires approval of the Supervisor of the requesting unit, approval from the budget office, Procurement approval, and approval from the inventory supervisor.
It’s a seriously convoluted system that doesn’t relate to the functions of government or statutory requirements.
- Deft Wing - Wednesday, Mar 22, 17 @ 11:54 am:
I get that having a compliant Comptroller is better for the Gov., especially so in the absence of a budget. But that shipped has sailed (appointing a person who lost a local State Rep. race should have been the first clue).
But this constant public bickering with Mendoza is not only time wasting, it is ecidedly un-gubernatorial.
Maybe it’s finally time to lead, Gov.?
- Deft Wing - Wednesday, Mar 22, 17 @ 11:56 am:
… decidedly un-gubernatorial.”
- NIU Grad - Wednesday, Mar 22, 17 @ 11:58 am:
“With 1,482 employees, DOIT has a bigger staff than Eastern Illinois University.”
I imagine most of these are existing, union IT employees who were merged into the agency. So is she pushing layoffs or….?
- Inspector Gadget - Wednesday, Mar 22, 17 @ 12:09 pm:
-Deft Wing- I’m a little confused.If its decidedly un-gubernatorial then it must also be un-comptrolorish. It seems to me that Mendoza has been campaigning for higher office from her first day as Comptroller. Mendoza is just as wrong in this war of words….
- Anonymous - Wednesday, Mar 22, 17 @ 12:14 pm:
When is Rauner going to acknowledge that additional revenue isn’t a want but a need? When the state falls $12 Billion behind on bills, saying one bill should be paid quickly means necessarily that other vendors should wait even longer.
- Oswego Willy - Wednesday, Mar 22, 17 @ 12:15 pm:
===It seems to me that Mendoza has been campaigning for higher office from her first day as Comptroller.===
Really? How so?
Please cite specific examples unrelated to Mendoza doing the Comptroller.
Thanks.
- P. - Wednesday, Mar 22, 17 @ 12:36 pm:
In the FY2018 state budget doc DOIT requests $7 MILLION for “statewide cyber resiliency and disaster recovery planning, assessement AND a Security Operations Center” and $8.5 million for replacement hardware to support security and disaster recovery. Now they need $1 BILLION?! Really?
- Eman - Wednesday, Mar 22, 17 @ 12:37 pm:
Don’t know if it’s intentional or not, but feeding new reporters agency staffers as sources is a pretty good move by Rauner’s press shop.
“New to town? I’ve got just the people you need to talk to. They work for an agency, not the governor. Completely unbiased. Trust me.”
I mean, did Mark Maxwell reach out to Mendoza’s office for comment on any of this, or just watch her speech and call it good? Either way, seems like someone in Rauner’s office sure has won over Maxwell. From his op-ed, I mean story:
Mendoza’s “decision to freeze $27 million and effectively disrupt the construction of high-powered transparency machine may also speak to her priorities, or perhaps those of her political allies.”
That’s pretty cringe-worthy in terms of straight news.
- Kevin Highland - Wednesday, Mar 22, 17 @ 12:52 pm:
“With 1,482 employees, DOIT has a bigger staff than Eastern Illinois University.”
Most of those 1482 are being paid out of their /legacy/ agency’s budget. So I think most of that DOIT money is going to superstars & contractual services.
- A Jack - Wednesday, Mar 22, 17 @ 12:52 pm:
Shouldn’t the Auditor General appoint an independent audit firm to review the ERP system along with money spent and components delivered? That seems the most reasonable way to resolve this dispute between two Executive branches. We would also get some transparency on this very expensive project.
- Oswego Willy - Wednesday, Mar 22, 17 @ 12:54 pm:
- Eman -
You must be new to the Rauner Vertical Integration of media in Illinois.
Rauner only needs “one” columnist, “one” reporter, “one” Editorial Board… “one” outlet to engage the messaging tentacles elsewhere to quote, re-report, editorialize, even pile on to the beginning instance of Rauner messaging.
Two years plus, almost 3 years, Rauner’s Crew has been wildly successful, almost unchallenged.
This isn’t even remotely new.
- Skeptic - Wednesday, Mar 22, 17 @ 2:04 pm:
“quote, re-report, editorialize…” “misquote, regurgitate and evangelize…” There, fixed it.
- The Dude Abides - Wednesday, Mar 22, 17 @ 2:09 pm:
@erp user To answer your question, if the Governor wastes money on IT and cyber security then that’s less money available to spend on such things as social services, state universities, doctors, dentists and hospitals for medical care for state workers and many vendors with the state.
This is systematic, he is purposefully doing this. He is still hopeful that if these folks suffer long enough the Democrats will cave and give him his precious turnaround agenda. He wants the crisis to continue but he wants enough money socked away to control the crisis. That’s why he is upset with the comptroller and why he petitioned the Supreme Court to quickly resolve his dispute with the Union. He needs that money to keep this self created crisis manageable.
- Oswego Willy - Wednesday, Mar 22, 17 @ 2:12 pm:
- Skeptic -
Everyone needs an editor, lol
You added some spices to my bland soup.
- Daniel Plainview - Wednesday, Mar 22, 17 @ 2:49 pm:
What’s the matter, Rich, we can’t refer to your best DoIT (CMS) source as a huckster these days?
- Rich Miller - Wednesday, Mar 22, 17 @ 3:00 pm:
===your best DoIT (CMS) source===
Don’t flatter yourself. You’re not that bright or insightful. Your post was deleted because it violated the rules.
- Johnnie F. - Wednesday, Mar 22, 17 @ 3:06 pm:
Just what exactly do the Rauners support about education? What good does it do to support early childhood education if you want to pull the rug from K-12 and higher ed? The Rauners only support public education if it is essentially made private but paid for with public money.
- Judgment Day - Wednesday, Mar 22, 17 @ 4:12 pm:
The DoIT folks are doomed. IMO, they actually do have very legitimate concerns to deal with, but they are trying to ‘customize’ off-the-shelf ERP System(s) to accomplish their goals.
First off, here’s what ‘ERP’ is supposed to be:
“Enterprise Resource Planning, or ERP, is a large-scale software program designed for modern businesses, both large and small. A simple definition is that ERP systems aid the flow of internal business processes and allow for communication between a business’s departments and its internal functions and data.”
That’s a pretty fair definition. But with that in mind, compare to what the State of Illinois is currently using. Many State computer operations are using (IBM) AS400 technology ‘mainframes’ - basically obsolete mid 1990’s era technology. This equipment is only going to last so long, and most of the software (and people to run the technology) are either out, or are leaving the work force. They basically have run out of time.
Honestly, the State is doing the only thing they can do. They are trading money for the one thing they can’t buy, which is time. That’s in an ideal world, but then they hit the issue of ’scalability’, and that’s where the ERP customization issues are popping up. And those issues are likely to continue. And that’s before you get to ‘inter operability’ issues.
Plus there’s another problem, which may be the biggest problem of all. Multiple upgrade path(s), all happening at the same time.
Think of managing a Project where you are having to do (at minimum) the following:
1) Migrate all HARDWARE from ‘Mainframe’, bypass Windows era technology, and instead move to web enabled technology.
2) By definition, the above means you are also going to migrate all OPERATING SYSTEM SOFTWARE from ‘Mainframe’, bypass Windows era technology, and instead move to web based technology.
3) Which means you now have to have a plan in place for keeping all the existing legacy function (both hardware, software, and applications software) up and functional while building the new applications.
4) Then (and btw, you are just at the kickoff point), you have to start to deal with getting the new APPLICATIONS SOFTWARE up and running. And then you get to find out what you get to customize, or worse, push changes in the way things are done on a usually resistant, entrenched bureaucracy. Which sounds like what they are currently into.
….And hope the wheels don’t fall off.
As an aside, if I were Mendoza, I wouldn’t throw too many bricks at the entire process. Some folks might just go back and look at some of the wondrous work that occurred within the City of Chicago with all of their ‘adventures’ in the wonderful, wacky world of Information Technology during all her years with the City of Chicago.
Slightly off topic: A recently retired friend who ran ERP project implementations gave me this:
The seven stages of all ERP Projects:
Stage 1: Exhilaration. Let’s get this done!
Stage 2: Disenchantment. There’s problems!
Stage 3: Search for the guilty. Find the people screwing this up & fire them! (a/k/a/ “You’ll never work in this town again!”)
Stage 4: Torture of the workers. No further explanation required.
Stage 5: Conviction of the innocent. (a/k/a “Well, we got to blame somebody”)
Stage 6: Glory for the executioners / Distinction for the Uninvolved.
Stage 7: Wash, Rinse, Repeat…..
Just sayin…..
- Generic Drone - Wednesday, Mar 22, 17 @ 4:47 pm:
Watched Rauner speaking about this last night. He cited the need of updated cybersecurity because the state is entrusted with private information of citizens and employees and we need to protect that information. Well with the exception of unvetted replacement strike breakers. Then it’s ok to hire anyone off the street. Right Gov?
- scott aster - Wednesday, Mar 22, 17 @ 4:47 pm:
Rich….so is this ERP system to replace the AMS software installed by the Comptroller in the Mid 90’s that replaced the old Burroughs system that Roland and Dawn wasted 40m trying to replace?? And that Danny Hynes cancelled the maintenace contract in 2001??? If the NEW ERP software is “SAP” then this is not a traditional “GOV” provider.
- Smitty Irving - Wednesday, Mar 22, 17 @ 7:33 pm:
scott aster - CUSAS II died under Burris long before Netsch.
- DuPage Dave - Wednesday, Mar 22, 17 @ 7:54 pm:
The numbers cited by Bhatt are clearly made of baloney. They are spending money hand over fist on ERP and Deloitte and trying to spin it as savings. These figures are suspiciously like the $100 million in deferred maintenance figure at JRTC quoted last year which has become $300 million this year. Just throw a big number out there and maybe people will believe it.
- Arthur Andersen - Wednesday, Mar 22, 17 @ 9:24 pm:
What Auditor General? Haven’t heard from that office in months.
- Anonymous - Wednesday, Mar 22, 17 @ 10:22 pm:
No worries, Bruce will appoint Jason Plummer to head Cyvber-security.