Public sector IT spend set to explode

Article originally published in GovTech Review, original article available here. 

As resilience challenges escalate, where should government IT spend be directed?

Despite the uncertainty associated with a federal election, as Australia is due to face shortly, the reality is that everyday governance doesn’t stop and normal administrative work continues regardless of who is in power.

How much will departments and agencies have to carry on? Well, according to forecasting from Gartner, public sector IT spending is set to grow by almost 9% this year. That equates to more than $15.5 billion in new spending at all levels of government. Software investment alone is projected to see double-digit growth of nearly 20%.

The question now is where should that money go?

Funding needs to keep pace with mounting resilience needs

These projected increases might seem like a lot, but so are our crisis-prevention and resilience-enhancing needs.

Just consider the cascade of crises we face: new COVID-19 variants and emerging subvariants; geopolitical conflict — including deteriorating relations with major trading partners; cyber threats; supply chain disruptions and staffing shortages; rising inflation; and natural disasters.

Each of these critical events has upended our society, pushing us to the brink — even with business continuity management, resilience and crisis-planning frameworks in place.

To combat these challenges, government needs to deploy increased funding wisely. 

Strategies to increase resilience and ensure continuity

New modes of thinking should help, like the revised Australian Government Crisis Management Framework (AGCMF) — the official government approach to preparing for, responding to and recovering from crises.

The AGCMF pushes for managing risks holistically, via an ‘all-hazards’ approach that includes mitigating, planning and assisting states and territories, where appropriate, in managing emergencies.

It’s a good start, but the AGCMF alone won’t be enough. There’s far more work to do to increase resilience and ensure continuity of critical systems.

What’s more, with Omicron now receding, this is the time to re-examine and re-invent our business continuity, resilience and crisis planning needs, incorporating lessons learned from fighting multiple crises in the last few years into new frameworks and strategies.

Why now? Well, it’s hard — if not impossible — to implement and operationalise wholesale strategy shifts in business continuity, crisis planning and resilience in the middle of a major critical event.

Digital solutions to help implement meet our continuity and resilience challenges

Novel strategies will require major investment in resilience-enhancing and business continuity management systems, purposely built to create a common operating picture (COP), to make smarter decisions faster in the complex threat environment.

Indeed, many of our legacy critical event management systems aren’t up to the task of implementing an all-hazards approach, having long been too focused on individual emergency risk.

What’s needed, instead, are innovative all-hazards platforms that ensure the best data is shared as much as possible across multiple agencies and jurisdictional feeds.

What kind of solution?

Using automation and new forms of analytics, the appropriate resilience and continuity management platforms will need to manage multiple, events simultaneously — from natural hazards to cyber attacks to business continuity disruptions. These same systems can also be deployed across the entire seven-phase continuum of a critical event to improve decision-making.

What else should government leaders and public servants look for? Having worked closely in private and public sectors, implementing strategies and integrated security, safety, crisis and emergency management software, one of our key recommendations is critical event management software with the following capabilities.

• Crisis management: Advanced solutions built on international standards, such as ISO 22398, should apply best practices to plan for, respond to and manage critical events and exercises. The solutions should also enable faster responses, better collaboration using plans and playbooks, smart workflows and real-time dashboards and insights, ensuring better incident response, decision-making and continuous improvement.
• Incident response plans and checklists: Best-practice libraries should come included, enabling organisations to create crisis strategies and action plans easily for different types of events.
• Critical infrastructure protection: Innovative solutions should also keep up with the escalating risk to key assets, assessing those risks in advance and monitoring critical facilities throughout the emergency response process.
• Welfare checks: Solutions should enable organisations to send welfare check messages to their event response staff or any other type of contact. Organisations will then be able to collect replies easily, to identify who needs assistance and prioritise follow-up actions.
• Crisis communications: These single systems should help organisations manage complex communications, centralising, approving and standardising their crisis response. These solutions should also provide effective communication pathways for all aspects of incident management.
• Emergency management: These tools should provide all that is needed to manage any incident effectively through its entire lifecycle of mitigation, preparedness, response and recovery, following ISO, ICS and other national standards. They should also keep the whole team following the same plans, communicating on the same platform and viewing the same operating picture — from any place or device.
• Incident and resource mapping: The solution should come equipped with powerful mapping tools. 

Finally, billions in projected new funding might seem like a lot; we can’t, however, afford to wait to invest the windfall in operationalising changes in business continuity and resilience.

Indeed, now is the time to re-examine our resilience and business continuity needs, spending what needs to be spent on digital technologies to support new all-hazards frameworks that are more responsive to the new normal.

Fortunately, the technology innovations in business continuity, critical event management and resilience (more broadly) can give us all a fighting chance to deploy resources effectively, to keep everyone safe and our country and businesses thriving when the next critical event comes our way.