 full agenda today so we're going to start with Mr. Carroll, Chair of the State Board of Education, understand Mr. Peltz. You also want to testify? Okay why don't you both come up at the same time? Just you know introduce yourself for the record. My name is John Carroll. I'm Peter Peltz. We're both members of the State Board of Education. Thank you for having us here. I'm the Chair of the Board, sort of recently thrust into that situation for various reasons, and I'm the person who is behind the seven-page answer to your questions. I hope they weren't too long, but the answers to your questions are the proper answers to somewhat nuanced. You know the general texture of your inquiry is is the Board's doing useful things and is it still necessary? And I think my answer to that question is sort of, but it ought to be doing a lot more. That is to say much of the way the Board has been conducting its affairs in the last many years is sort of an adjunct of the Agency of Education. As you know Act 98 of 2012 turned things upside down and until that time the Board had been effectively the Board of Directors of the Department of Education. It hired and fired the CEO of the Department and Act 98 of course turned that around and gave that authority to the Governor. And it would seem to me as a comparative newcomer on the Board that the Board never and for that matter the Agency never fully got that memo. And many of the things that the Board still does date from an earlier time. So for example much of what the Board does is overseeing the activities of the Agency of Education, sometimes sort of putting its stamp of approval on there. But very often these things are specified in statute. They're vestigial from an earlier time. And frankly the Board spends the majority of its time on this kind of administrative oversight to which frankly I don't think it lends a great deal of value. We are a group of lay people. We're very much in some senses like the legislature itself. We are independent citizens. We are different than the legislature in the sense that we are not partisan. We don't have political affiliations. We are not, I want to make very clear, we are not a group of advocates. You know many of the boards that you deal with are a collection of advocates from this point of view and that point of view what you might call the stakeholders in any particular issue. We have no stakeholders. We are individual citizens. In fact I noticed looking at the history of Act 98 there was a provision in the early bill of Act 98 to assign to the Board certain representatives of certain interest groups like the Principal's Association or the VSBA. And that was dropped out and I think that that was very wise and attentive to the Board's kind of unique function. It's a very diverse group. A few former educators, a lot of people from other backgrounds, former legislators and business people like my colleague Mr. Peltz. And the age is quite remarkable. The youngest member of the Board is 16, bless her heart. And a very talented and terrific young woman. And the oldest member of the Board is 60 years older. I don't know who that might be. And we have everything in between and we bring a diverse set of perspectives to our work. But we don't bring a lot of technical expertise. So in that sense this seems to us a little point in scrutinizing in detail what the agency is doing. They are more expert than we. Much of this is by habit and custom. Much of it is actually still enshrined in statute. And so we are working. In fact I have a phone conference tomorrow with legislative council member associated with the senate committee on education to begin formulating kind of what the chair calls a placeholder piece of legislation that we get started on documenting what these vestigial pieces of statute are. And presumably both the House and Senate committee chairs have indicated great interest in our goal of reinventing the Board. And frankly that is our goal to reinvent the Board. I want to, I know that the Board has its critics. Just a historical note that might be amusing at the very least. You know the State Board of Education has existed for well over 100 years. It had its early formative shape in civil war times. And it has existed and been terminated probably three or four times over the course of that 120 years. It is interesting to notice sort of when does the State Board get executed, exterminated. And it is usually at a time when there is a burst historically of localism. Local control becomes a fervent issue. It is always an issue in Vermont as you know. But it has these sort of peaks and valleys. And of course Act 46 kind of really nudged that bear. And you all knew that when you adopted Act 46. And you all knew that when you handed to the State Board the dirty work to actually implement it. And sure enough we offended many communities. And some of us I think felt a great deal. Many of us, whether we voted for or against the State Plan, felt a lot of regret about how we were changing the landscape for these communities. But we felt that we were directed by you to do so. Of course as a consequence we've taken a fair amount of beat for that. So historically the Board has gone in and out of business. Usually going out of business at a time quite like this when there is this stirred up fervent. Our goal, I think I would characterize what the Board does now is most of its time is on this administrative stuff. But another important part of what the Board does is your work. The General Assembly has, I would say the work we do for the General Assembly, right, the direction of the General Assembly would take over the years maybe 40% of our time. For example, Act 46, we were in that up to our eyeballs for eight solid months. I mean, there was nothing else going on on the Board except Act 46 hearings. Similarly, when it came to the small schools grants, the legislature in its wisdom decided that the metrics for awarding small school grants should be changed. It's a very controversial matter. And guess what? The State Board was assigned the duty to change. I just want to make a point, a couple of times you've referred to the committee as your or you. Pardon me. First of all, they are not the legislative members and there are two members appointed by the governor. So thank you. We have a different clarification and I didn't mean to tar you as a member of the committee. The point is that the governor and the former legislature, yeah, thank you for the clarification. Yeah, that's your fault. So the General Assembly has then chosen to assign to the State Board some pretty delicate issues. Act 46, small school grants, which again annoyed some people, but you knew that when you gave it to us to do. And then most recently Act 173, which we are right now starting to get involved up to our eyeballs in, where in the by statute, the General Assembly directed that it would be the State Board, not the Agency of Education, that would adopt rules for the reform of special education. And of course, the hard work of drafting the rules comes from the Agency of Education. But in fact, there are other entities, a group created by the legislation called the Census-based Funding Advisory Committee, which is an assemblage of special interest groups, stakeholders. And they have been kind of at loggerheads with the agency over the rules that the agency has proposed. And I think outside observers might note that the fact that the State Board ultimately has the final say on these rules has been, has contributed to maybe a convergence of views among the competing parties. Rob, have a question? I just wanted to take a quick step back while you were going through the history of the State Board. And has there ever been a point in time where you find yourself like you are now, where you have a Secretary of Education as opposed to what were they, a Commissioner or whatever board? I mean, has that relationship ebbed and flowed as well over time or are we in kind of a unique area now? My sense is that this is a comparatively unique time because for the first time in the better part of a hundred years, I mean, it's a long and variegated history, but the general theme has been that the Board has served as the Board of Directors of whatever was the State Agency of Education. And, you know, Board of Directors hire and fire and the Executive Director does what they say. Those days are gone and the Secretary quite correctly and occasionally has to point that out to the Board. And moreover, there's not much point in critiquing the work of the agency if we have no authority to direct that they make it better. So very frequently, things will come to us and we say, gee, this could be a lot better, but okay, we'll sign up. And sometimes we'll say that and the agency will voluntarily go back and improve it. I mean, there's a collaborative, respectful relationship between the two, but ultimately we need to move past the time of for the last hundred years where we were calling the shots. We are not calling the shots. I just want to also just clarify that education in Vermont is perhaps after healthcare, the single largest economic activity of the state. On any given day, any given school day, there are 90,000 Vermonters in our schools. Think about that. That's the entire population of five counties are not at home, not in their county, they're in schools. Think of the power of that. It's sort of like healthcare. It's a huge driver of the economy. In addition to the 75,000 students, there are about 15,000 adults, teachers, administrators, school bus drivers, food preparation folks, all kinds of folks associated with making schools work. There's 100,000 parents, roughly, who are not in the schools, but they're waiting at the schoolhouse door at the end of the day and they want to know what happened and most of them really care a whole lot about what happened in schools. So education in Vermont, K through 12, involves probably at least a quarter of all Vermonters and it's expensive. As you know, it's a third of state spending. It's a huge enterprise. It's also an important economic driver. It creates about 15,000 jobs, some of which are very well-paying. So it's kind of a big gorilla in the midst. Excuse me, Senator, would you like to... First of all, my apologies. I guess I didn't get the memos and I've been up at National Life along with Tim Briglet looking for a parking space. Anyway, so I apologize for missing the first part of your presentation, but just from what I've heard, I guess my question is why do we feel that we need to have a board of education to direct the future of education as opposed to the agency of education? When we have agency of natural resources, we don't have a board of natural resources. And the fact that all the members are appointed by governors, not the same governor, but appointed by governors as opposed to coming from local school boards or... So I guess that's my bottom line question, is what... And the legislature did assign all of these things to the board because it was there. If the board hadn't been there, those things would have been assigned to the agency. That's the way I see it. I mean, I'm not sure because I'm not in the Education Committee, but... If I may, I'd like to answer that. Do I invest? Again, Peter Pelts, I was on the House Education Committee for eight years, and I was on the committee when Act 98 passed. It was not... It was controversial. There was... But I can tell you why I voted for it. I really think... Well, first of all, our constitution, the state has a vital role in providing education to the youth and preparing them for their adult lives. They called it virtue in the constitution, but they were really looking at it, and it was in the best interest of the students and getting them ready for their adult lives. That hasn't changed. And when we did this, I thought that the role of the board should be a gatekeeper, a buffer between the administration and the legislature and the district levels. I thought that was... It's a very important role to play just to make sure that there is a position for the board to act in the best interest of the districts. I asked to be appointed on to the board when I resigned from office in 14, and I still very strongly about that. And just to sort of demonstrate, I mean, it... I think the governor has appointed some really good members. We coalesced. It's nonpartisan. 46 was a hard, hard not to crack into work together. We did it collaboratively, and I think we did it well. And I think that stands well for our position in regards to why we should be there and why we should continue. I really feel very strongly that... I'm not to disparage, but just the bureaucracy of government, of educating our kids is very significant. And I really think the role... The state board has a role in sort of being that buffer. And to demonstrate this, we have decided at our last meeting that we will no longer meet during the regular hours of the day. We're going to meet late in the day and then go to regional... I'll go throughout the state to have meetings and have our regular meeting at three o'clock. And then at five o'clock, we will open it up to the public to hear from the public on what their thoughts are and how we can best represent their interests. So I hope we continue in that vein and really clearly define that. The agency owns this. I mean, we have no staff. We have no budget to provide a staff. So we're really sort of at a transitional point in terms of trying to get us focused and be very efficient in what we're doing. Thank you. I do, maybe you get clarified a little closer, but your comment about the state ed being a large bureaucracy... Well, I happen to agree with that somewhat. My question would be, is the current structure with you folks being kind of a separate entity, does it add to that bureaucracy, at least from the user end of things as opposed to from your end? Let me just clarify. When it's working properly, the state board has no power. We have no power to direct. We have no power to demand testimony or anything. The state board in its best form inquires, that is, asks tough questions and integrates conflicting information, which is all around the state, and informs the General Assembly and the Governor about issues that perhaps, and or informs the agency or informs superintendents, whoever is closest to implementing solutions. If I may, I'd like to return to Senator White's question. Why not? Why have a board when the natural resources people don't? Education is not constructed in any way like any other government enterprise in Vermont. Nothing like it. Education in Vermont has at least five major constituencies and power centers. So when you, for example, use the term that the agency directs education in Vermont, frankly it influences it, but education in Vermont is so democratized and so locally based and so heterogeneous that frankly nobody directs it, not even the General Assembly or the Governor and certainly not the agency or the board. Yes, the agency can adopt rules and regulations which require certain behaviors, but frankly what happens in the classroom is far beyond the influence and control of anybody except perhaps the principal and the teacher involved. It's an extremely decentralized democratic institution. There's the federal government, there's the state agency of education, there are regional superintendencies, there are multi-town school districts, single-town school districts, there are schools, hundreds and hundreds of them, there are classrooms, thousands of them and oh and by the way, a hundred thousand parents who also think they know something about education. All of these are players in this process of education which is not directed from the top at all. It's nothing like a corporate organizational structure. It's heterogeneous and so the question gets to be who sees the whole thing, who has no stake in any of it and sees the whole thing and that, I think, is the unique role of the board. We're not players, we don't have power, we shouldn't have power to direct or force. We're not a legislative entity. There were times when the board got over its skis as they say and did do that and shouldn't, at least in this leadership that will never happen again. Our role is to, number one, we need to be available to the legislature to do what it has asked us to do, things like Act 173, like Act 46. If you don't have the state board you won't have anybody in the field with a broad non-political base to implement some of your directives and moreover without a state board you basically will have no entity in the state that has a non-partisan independent overview of education and has the license to attempt to bring about consensus and shape the future of education. Can I ask a couple of quick questions, John, and Peter? And these are very, because of time constraints that I'd ask you to consider just very briefly. I'm sure you understand that we Sunset organizations, the administrative branch comes to us or like an agency and says, here are the organizations you want us to review, we think these three should no longer exist and should be Sunsetted. So my first question to you folks very briefly is it your expectation the state board of education does not want us to Sunset them? Yes. Do not. Do not. The state board does not. You don't, okay, that's first. Second of all is it's your intention to work, continue to work with the agency of education and the administration to clarify whatever that new relationship is with your new role and your relationship with the agency of education. Of course, but also religious, and that's been evolving since 98 was an act. Okay, all right. The third one, as you just answered, well, let me phrase the other question first. You do realize what a precarious position the state board of education is in at the moment. Perhaps you could help us understand what makes this public. So I'll give you the example I come from Stowe. Now, I'm not involved in any of the local school boards in Stowe and I'm not involved in any of the, I don't have any decision-making authority with Stowe. You can't go down and get a cup of coffee without hearing about the state board of education, etc. I realized that the sort of base closing duties were given to you folks and you had to carry them out. Nobody likes that kind of function, but you are in a somewhat precarious position. Yes. So that's that that acknowledged. And then I do want to answer if you're willing to work with the committees of jurisdiction and the legislature after you've sorted that out to explain yourself better with all the stakeholders involved, you know, and not so much as a small group like the six members here in this commission. Is my expectation that you'll do that? You'll house and senate committees of jurisdiction? Oh, absolutely. I mean, I've already met last week with both the chairs of the two committees. I should think government operations also has an interest in this. And it's our hope to introduce legislation or that the chair, the committees will introduce legislation to restructure the relationship between the agency and the board. It probably moved toward independence of one another. I think we're a pain in their butt sometimes. And, frankly, that's what statute requires us to do. And we have no desire to do that. It's not a very good use of our time. So all those legislative changes will have to be around here a lot to explain why they're worth doing. And our hope is that your committee will say this board needs to change, they want to change. And let's give them some headsroom to work that out with the General Assembly. Okay. And then one last question I have. Would you be willing at some point or some to return to this commission and say, here are the changes that we've made. Here's how we think we're making progress. Here's the groups that we've brought into the process. Here's what we've been doing. And I would hope that the dialogue and the exchanges between the legislature and the board would be healthy. The board has not always been at strong standing with the legislature. I would hope that we could really develop a relationship that would work both ways. Which curiously has been done by 46 and 173 and other things that have been, we've been empowered to deal with. That didn't happen in the past. And if that's where we're continuing to do it, I hope that relationship and the exchange improves. In other words, that we really do develop a working relationship. I might just observe that my colleague here is a card carrying Democrat and I'm a card carrying Republican. And he's been on the board much longer than I. And he's the one who wanted to come here and be with me to advocate with you. And that also may, if I say, there is, I have never seen any partisanship at this board. It's a good, healthy exchange, good, good, healthy exchange, informed exchange. But we have a lot of work to do. I concur. And we hope you will encourage us to move forward with that work. And if we fail at that, frankly, I don't want to be on the board that's doing what we've been doing. It's just not a good use of anybody's time. Six year appointment. That's it. That's six years in a long time. That's all that I was going to do on my question. So just to follow up on Matt's questions. And some of the statements you made about not having a power, you know, the legislature gave you power under Act 46 and under Act 173. Thank you. To do certain things. And I'm confused as to where you, as the board, wants to be, do you want to be in a sort of oversight role where you're looking at the agency of education does and what's good for Vermont schools? Or do you want to be actively participating in policymaking through what you've done with Act 46 and with Act 173? Well, I think the board is always available to do the General Assembly bidding. And so in the case of that, it was of Act 177, we're certainly shaping rules. But the general policy is already cast and stoned by the legislation as it should be. We don't want to, just don't want us ever to get close to creating law. I want to have very clear boundaries so that the general, that the board is working at the direction of behest of the General Assembly. Beside that work, though, I would like the board to become kind of a think tank about education in Vermont and gathering information, not by the way, just looking over the shoulder of the agency. Because the vast majority of what really happens in education isn't happening at the agency. It's happening in the schools and in the districts. And that's where we need to spend more time is where it's on the ground where it's happening and be number one, talking about accountability and number two, talking about visioning a better system than we have. God, briefly, we cannot make policy, but we can help you enact it and make it work. But I guess, following up on that, it's unconcerned. I mean, okay, so we passed education legislation. You know, typically the agency of education would be responsible for implementing that. But at least in these two instances, Act 46 and Act 173, the legislature, for whatever reason, chose to have the State Board of Education do that. And I guess I'm just, should we be doing that? Because there is some confusion about who is taking legislation and, you know, creating the regulations and, you know, driving that down to the school boards and the schools. Can I just observe that a lot of the law did specify what the agencies did in regards to this. They set the table and then they say, okay, it's up to you to make the decisions. But they set the table. That's exactly correct. It was in that case a collaboration where the actual rules or state plan was drafted by the agency, handed to the board to then sign off on it. And we made some changes, still being a good example. But in general, the less rulemaking and directing the board does is probably better because we don't have the expertise that educators do or the resources. Yes, and definitely not the resources. There are, though, exceptional cases where you feel, that is the legislature feels, that we want an independent entity of citizens, not civil servants, making the final decision about this. That's precisely what you did in Act 173. We were available and reasonably capable of doing that work. Rob, did you have a question? Well, I did. I'm just curious as to how you get the feedback from the local levels. Does it come directly? Do you end up having to get it indirectly through the Department of Ed, as far as, you know, what got me thinking about this is I, it was just really quick this morning, but I'm listening to the proficiency-based learning that sounds like that there's a little confusion and some concern about that. It sounds like you folks went out and made some decisions that were within your purview, but yet, and again, I just heard this quickly, but it seems like that the Secretary of Education is out there trying to explain it. Is that indicative of how this is working currently, the relationship? I was on the committee, or on the committee, when that bill passed, and it gave the authority to the local district to do, I mean, and so there wasn't one formula that had to be applied universally. It was up to the local districts to apply it, so and I think that's been the big issue, and that really didn't have anything to do with us, and we talked about it, but there was really no role that we had to be able to, so we were just advisory, but we can't, we had played no role in that. This is sort of an illustration of the kind of democratic, heterogeneous way that education unfolds in this state. There was no template given by anybody, the legislature, or the agency, about how proficiency-based learning should be done. It was left to every school to figure it out. That's the way Vermonters seemed to want to do a lot of things, is at the local level, local control, highly heterogeneous, and so you get very different results, and you have some schools that have really done quite an amazing job at implementing PBL, and some that have really botched it, and that's what happens when you leave it to folks to figure it out, and that was, I think, quite clearly stipulated in the statute that you would do this, but how to do what was left to each district to figure out, just like curriculum. Curriculum in every school district in superdency is a local matter. The state board has no control over curriculum. We set standards, but we don't set curriculum, so I think part of what we see, and it's a concern of the board, is that with any new initiative, you get, in some schools, you'll get terrific implementation, and it really benefits the children right away, and you can see it, and it was a smart law, and then in other districts, it's very slow to roll out, and maybe never does, and those children are at a disadvantage as a result. So part of the challenge that we face in our state is this wide variation between strong districts, well-resourced districts, and districts with different resources, and frankly, different aspirations for their children. It's like we're dealing with two different nations sometimes, and that's how it felt during Act 46. Jeanette? No, I am not going to ask my question, but that is true with lots of things. It isn't just education. If we look at our justice system, we have 14 different justice systems in Vermont, because we have 14 separately elected state's attorneys, and we have 14 different elected sheriffs. So I just came from Otterbury with a meeting with Mike Schirling, and I mean, there are issues there too, so it isn't just education. Yeah, it's Vermont. We do things here. And it does seem to me that the legislature passes, I mean, I'm surprised that I wasn't involved in Act 46, but I mean, I voted for it, but I misunderstood it. I have to admit it. And the legislature passes legislation, and then the executive branch implements it and administers it, but here we have a non-elected, non-accountable to anybody group implementing the legislation. And I'm not sure that that's... Anyway. Well, that's for you all to decide. It really is. And I hope you think about what would it be like without the board. I mean, that's... I think we play a vital role, otherwise I know that we have the quality of the people that are on it. Quite honestly. Well, no matter what we do here, any recommendation that we make clearly goes to the two education committees, and they're the ones that... So we don't have any final say. Right. But you have influence, and we're hoping to encourage you to give us room to improve. And thank you for offering us time. Thank you. I think we need to wrap up there. Yes, of course. Thank you very much for testifying, Mr. Carroll. Thank you. Thank you for coming. Thank you all. Thank you. Thank you again. Thank you. We're glad you could be here for the last time. Not for most people. Let me go see if the gang is out there. Let me just give a little background here of what happened, and why you're all here. It's Laura's fault. So I... We are tasked with looking at boards and commissions, and which should exist and which shouldn't exist, and which ones might be combined to be more effective, and because we know that a lot of boards and commissions kind of get created, and then they outlive their usefulness, and something else pops up. So I was having this conversation with Laura, because this is an area where I know nothing, and I really, it is not my area. So I was having this conversation with Laura, and she said, well, you can't... How can you decide what kind of governance you need if you don't know what it is? Not big IT, but little IT. And she said the oversight committee has been working, and I'm not sure if they've been working with you over the summer, but you are involved in this, that you've been working on looking at what it is we need to know about. Is that fair? Well, what it is we need to know before we can start asking the questions about how should we govern? And you're not looking at governance necessarily, but you're looking at what it is we need to know about this whole area. So we decided that it would make sense to just have a roundtable discussion about where you guys are, and what it is we need to be thinking about before we start thinking about governance. Does that make sense at all? So may I... Yes, may I do that now? Yeah, you may. So specifically the joint IT oversight committee has been looking at cyber security, and also some of the larger IT projects. And I think that what I really wanted to share with you when you and I met was that the cyber security issue was very serious, and that the legislature does not have a handle on it, and that we really needed to focus energy on getting a handle on it, which is going to be difficult, and that I hope we would focus our efforts on that in this session, as opposed to creating a new oversight structure for governance structure. And then you said, well, why don't you come and talk to us? And that's why you're here. I should say that we started our effort, though, by trying to get a handle on the totality of IT in Vermont, starting by looking at, in effect, every agency of state government, every department of state government, every independent officer, the legislature, the judiciary, of just creating a map that says, what is the IT structure? Is there one there? Who's responsible for it? What is the relationship between IT and the agency of digital services? What's the role of the chief information officer, if any, with respect to these? And we found stuff all over the map. And to me, it's clear that, well, of course, I ask the question, why do we need a government structure since everything we have is working so well right now? And it's not. That's a cynical view. There are lots of things that appear to be uncoordinated. The overlay of this, I think, is to also be thinking about IT in a broader sense, because the whole issue of information technology and telecommunications, for example, are increasingly intersecting. We used to deal with them separately. We used to say that telecommunications is the responsibility of the Department of Public Service because that's the old regulated telephone company model. But now, where IT stops and telecommunications begin is a line that nobody really knows. And it's increasingly intersecting. And certainly, when you look at the horizons and the AT&T of the world, their feet are clearly in both camps in terms of both the internet and also the transmission of telephone signals that used to be solely the regulated telephone company's role. So that, to me, is one of the bigger issues that we really need to think about. What's compounding all of this, though, and making it more complicated is the role of the federal government versus the states. In the old model of telecommunications, we have oversight through the Public Service Department and the Public Utilities Commission. We've got control of these telephone companies. But as the telephone companies move into the internet and as the internet moves into transmitting telephone signals, many of us use Comcast or whatever as our landline now. And indeed, many Vermonters don't use a landline at all. Their telephones are solely in the net. And all of that is the almost exclusive, there's some exceptions, responsibility of the federal government. It preempts many of the things that we can do. People knock on our door and say, you've got to prevent 5G because it's going to kill us and end the world. And our answer is we can't do anything about it. We do not have even the ability to control what our potential health hazards, if there were any, because that is the exclusive problems of the federal government. So that compounds anything that we may want to do vis-a-vis governance. So that, to me, is the issue. And I think Laura and I have discussed briefly that maybe this is a year in which we really need to study what is the model that we have regarding this whole governance structure of IT as opposed to moving precipitously. I mean, there are all kinds of ways that we can move precipitously and so on. The second thing though, in my mind, though, that we may need to do, and this is something we may need to do this year, we need to talk about it further, is strengthen the role and clarify the role of the State Chief Information Officer. Because one of the things in terms of the matrix we did is declared at least to establish the fact that we're all over the board and the notion of some dotted line responsibility to the Chief Information Officer for information technology throughout the state may be a role. Don't kill everything until we study it about how things are organized now, but look at the role of the Chief Information Officer as an effective dotted line responsibility to stay on top of IT throughout state government. That may be something a limited step that may make sense at this point. And I know there are differing views of that, but so that's kind of the long-winded summary of just what I see in the landscape. Yeah, I know that this came up last year. So Senate GovOps is in the room right here, and institutions is here, and finances here. We're right there. And whenever anything would come up in finance and institute, it seemed that it was going like this, well, we do that, but we don't do that, they do that, we do that, but they do that. And so from a governance standpoint, we started saying, well, who is responsible? And who does run the shop? And we couldn't figure it out. You guys might have been smarter than us, but we couldn't figure it out. And so that's, yeah. And the Senate is, you know, we don't have a committee like the House does that deals with... I've addressed that with the pro tem and said that we need to sign it someplace. We need to, yeah, put it in some place. But realistically, the way we're structured, there are things that each of these entities does that are sufficiently unique that even if we had a separate committee, and I'm not necessarily advocating that, the other committees, but things that are in their jurisdiction are still going to be involved. They are, but we do need to have a central, I think, that's going to be the main committee. And then as things, I mean, if it's a utilities issue, clearly it's going to have to go to finance, but I think we need to have one place where they can look at it more comprehensively. What is it? I don't know what it is. I think that's part of the problem is that I don't know what it is. So that's what you're here to tell us. Well, I think maybe it might be useful for you to hear from Secretary Quinn as to what his view is. One of the things I thought was very interesting is we started dissecting this roles and responsibilities issue. And of course, we talk about the Chief Information Officer. Well, he's the Chief Information Officer for the Executive Branch. And you've got a separation of duties issue right out the gate, because you have the judiciary and you have the legislature, and they're in very somewhat different places in terms of how they're structured. And the Chief Information Officer can't necessarily tell them what to do. Before we started our work on joint IT oversight, they didn't even meet. And we've got them now meeting on a regular basis together and collaborating. And clearly... We believe. We believe. But clearly that's an issue. You have obviously the legislature somewhere intersects with the Executive Branch in terms of the internet and some connectivity issues, but in other places, it doesn't. So can I ask another question? You don't have to ask. So with regard to this group, we're sitting here now, and then you have a number of different boards and commissions that are coming in afterwards. Do we relate to those people that are coming in? And if so, how can this panel be helpful with those boards and commissions? Well, I guess what you can do is if there are things on those boards and commissions that you know right now that you've already looked at, share with us. Because we will be... Each board and commission that comes in here is handed a standard questionnaire that we ask about as to whether or not they should continue to exist. If they should, what modifications, if any, should be made in legislation with respect to what their mission is. So that's basically what we'll be doing this afternoon with these various boards and commissions that are on our agenda today. And anything that this roundtable discussion can help us in educating us as to what that is. And I should say that they're coming in today as the first step in the process. If we were to recommend the elimination of a board or commission, we would typically take testimony from other people who are interested parties. And so I know you have that Public Utility Commission and the Department of Public Service on this list. Yes, okay. And one of the things is... One of the questions is... I don't know if you guys saw the questions, but one of the questions is if your mission is still relevant, whatever it is that you were doing, could it be better accomplished someplace else? I mean, this particular board needs to exist in order to carry out that mission or to oversee whatever it is. And we have heard from in other areas, people who've come in and said the mission is still relevant, but it could be better handled over here instead of by this board. We don't need this board. Is that true? So before we get into some of that, can I just mention quickly a couple things very briefly? I know Senator Brock. I know Secretary Young. I don't think I know Representative... Are we going to set it out there? That's correct. All right. I don't know... Suzanne Stark. Suzanne Young, Secretary of the Administration. John Quinn, Secretary of Digital Services in the state CIO. Morris Billy, a chair of joint IT oversight, and on the House Energy Administration. Are you from Dover? Yes. I'm Senator Randy Brock, representing Franklin County and part of Grand Isle County, and I'm vice chair of the joint IT oversight committee. I'm Suzela. I'm the state chief performance officer and one of the governor's non-legislative appointees to this commission. I'm John White, Senator from William County, and I chair Senate GOV-OPS. John Gennon, state rep for Wilmington, Whitingham, and Halifax, and I co-chair this committee, and I'm vice chair of GOV-OPS. Senator Brian Colomore from the Rutland District. I'm Matt Kraus, I'm one of the gubernatorial appointees. I'm Robert Clare, I'm a rep from Berrytown. Thank you, Matt. That was an oversight. Well, you looked him. I'm Tim Breglin, and I'm a state rep from Fetford, and I'm the chair of the Energy and Technology Committee. And the technology slice, very specifically, is not technology writ large. It's technology in state government, very specifically. And the committee also has oversight on the house side of the building of telecommunications as well. Okay. Is my rep on your... Who's your rep? Heidi? Sure. Okay. So then I had a couple of quick points, and I'll be quiet. So I'm a 30-year state employee, so I'm going to direct this to Mr. Quinn. It's not a question, just a comment. For 30 years, I served in state service. Every time we asked IT for something, the automatic response, not automatic, but most of the occasions was, we can't do that. So it was always frustrating to me in state service that that was the typical sort of default response. So all I would ask you to consider is that the default response is, we'll figure out a way to do that. Okay. The second thing is, just very briefly, I'm a very practical kind of person, and I always think that this is a huge subject. I mean, it's a really large subject. And I always think to the human being, what is there... What would they like to see? What sort of solutions? And so for a couple of them, one, the feds are tackling anonymous spam phone calls, which is, as a citizen, I love. Take care of that. That's a problem for me. I could phone calls and say 802 all the time. That's good. I'm happy that they're doing that. I would ask you to consider, as a group, the same kind of thing, focus on some very concrete solutions to problems. And one, I'm sure you've always heard or continue to hear is coverage, self coverage across the state. You know, you're in a car, you're traveling someplace, out it goes, and that type of thing. So I would only ask you to consider, as you take a look at the big subject, the large entities, to not forget the little solutions that the average citizen would appreciate. I mean, the average citizen focus on that. That's a good thing. I like that. Okay. That's it. I'm done. I would just add that I think you've got a good point. But there's an enormous amount of work, not just something like the joint IT oversight committee, but the committees of jurisdiction to deal with some of these issues like cell phone coverage. I know we did a lot of work between the Energy and Technology Committee in the House and Senate Finance, on which I serve, of producing both a broadband bill and a bill designed to tackle the very points that you make. And I do have another bill that I'll be introducing this year. It's to reinstate capital punishment in Vermont. Now, it is limited, though. It will only apply to robo-collars. What that bill, though, focuses on is the works of other states, like Indiana, for example, has adopted some criminal penalties and fines for robo-collars. And people do get picked up nationally elsewhere. And the notion of creating fines and so on for those people who get picked up in national sweeps, and Indiana, for example, has got something like $12 million in the past five years for robo-collars as a result of their work. So we are doing something about it. Okay, from John? Yeah. Would you like to hear from me? That would be you. Sure. So to echo some of what Senator Barack said and what Representative Spelia said, you know, things are still a little disjointed across state government. But what I would say is since 2017, when we created the Agency for Digital Services, we've been focused on the executive branch. Each agency, each department had their own IT person or multiple people. And so, excuse me, over the past couple of years, we've been reorganizing them and making us more efficient and trying to spend smarter. We've documented in the first two years $5.5 million of cost avoidance by being able to reuse what we already have across state government, being able to use employees across agencies rather than just in one agency where they may have been before 2017. Now, if they have a specific skill set, we're able to look across the enterprise and pull those people around, which has been valuable to the enterprise overall and saves money. So I think we've done some good things from that standpoint in regards to cybersecurity. When you look at the state's posture prior to 2017 and then now, we have visibility across the enterprise. We know what we have and where we have it. We know what our assets are. We didn't before. We were, our risk to a cyber threat was much greater than it is now. It's still great. It's great for all states. But right now, we're in a much better position to be able to not only stop of incoming threat, but be able to respond in a faster, more coordinated way. So those are some of the things that we've done in the executive branch as a new agency. And those are just some of the highlights. But, you know, some of the areas that aren't included in the agency of digital services are separately elected offices. So whether it be the Attorney General's office or Secretary of State's office, three branches of government, the legislature, the judiciary, radio services and public safety. That's quasi ID. They use a lot of technology to run their radio network, but they have the expertise there. And we coordinate with them fairly closely on what they're buying and how it's being implemented to make sure certain security standards are being followed. The telecom piece still falls under the public service department. That's more regulatory. And so we haven't, you know, that we leave that to them. We do not get in that business. And then there's the 9-1-1, which I think there's going to be a report by the Secretary of Administration's exam by the end of the year making some recommendations there. But, you know, I look at that myself and it's going to be, you know, one of those things. Sure, they use IT, but so does every other agency out there to run their agency or their group. And then the HIT, the Health Information Technology Plan, that's run out of human services. But we're involved with that through statute and through just general oversight. So whether it be vital or any other organization that connects to our network, we look at their security standards to make sure whatever they're doing doesn't increase our risk to a cyber threat. So they have to follow certain standards that they're going to connect to us. So a lot of valuable things that we've been doing, but there's still some, you know, better coordination that could happen. Rod, you had a question? I got a couple on it and it could be some... One of the issues that seems that we've had, especially before the creation of your position, was that we've never had the ability to quantify what we had, what we were spending on IT, what we had for resources in IT. Have we been, are we at a point now where we can say, you know, how many folks we have in IT, what we spend, say, on the executive branch side on IT, and more importantly, what we have for in-house capability. I've heard the example a few times like the Health Connect. One of the reasons that it has been the ongoing, I guess I'd have to say failure that it has been, is that we just did not have the in-house capability to deal with one, even what we were asking for, and two, to deal with it after the fact. Are we in a better place now in regards to that? And the last one is, is I know that on the human resources side, there's an awful lot of activity going on about dealing with legacy programs and all those come with an enormous price tag. Do we have a plan in place for that sort of stuff? I don't ask you a lot, but helps it. Okay, so I'll try to address some of those unless someone else wants it. So we've done an inventory across the government before. We didn't know who was IT and who wasn't. We have about 386 IT professionals across the government. That includes business analysts and project managers and IT managers and system developers. We know what we have for assets. We know what we have for the number of computers, the number of servers, the number of switches. We manage over 20,000 devices in 1,400 applications. That's about one application for every 6.5 state employees, which is a lot. It's a lot of applications for that group to manage. There's about 10 security professionals for all those applications. So that's one area. I think we had seven before the Agency of Digital Services. So as positions come up, as vacancies come up, we look at every single position very carefully to see what is the skill set that we need, what is the priority. So we've transitioned three people to security already. We've built a business office, which was something that I overlooked in the beginning. We used A&A business services and we really needed our own for the amount of services that we provided in the build back structure. So we moved a bunch of business office positions around and have a full suite of business office professionals, including payroll and those type of things. Are we properly staffed or do we have the right skill sets in some areas? Some areas it's very challenging. So system developers, people that are developing connections between systems, people that are developing certain code for regulatory or legislative changes on legacy systems that are up to 40 years old. Those are really challenging positions to fill. They're challenging not only for state government, but they're challenging for Vermont employers. Just with the demographic issues, the unemployment, the low unemployment rate, Vermont doesn't have a large pool of IT professionals, anyways, across the state. So it becomes very challenging in the structure that we have in place across the state as far as being able to telecommute broadband issues makes it a little harder to hire outside of Chittin County for the most part. So do we have the right skill sets? Not necessarily. We hire out and do staff augmentation where we can't find those. We do private. We use companies inside and outside of the state, preferably in the state where we can, but it's been a challenge for us to staff our offices. I missed the last question. The legacy systems, yes. That's a challenging thing for us. I think we've been talking about it quite a bit as an administration. How do we move forward with IT? How do we keep up with the changing landscape? How do we fund these IT systems that are anywhere from a million dollars to 40 million dollars or higher? And how do we do it in a way that's sustainable? One of the things my agency is looking to do is consolidate towards platforms. Consolidate towards trying to think of something that everyone would know. You could call Microsoft a platform, something that's common to everyone, a common email type of client. Get everyone almost type of email clients, which will reduce the number of staff that we need internally and focus our skill set in certain areas rather than focusing on 1400 different areas and trying to keep skill sets. We're trying to narrow those down. One of the other areas is case management. We have hundreds of case management tools across the state. We're consolidating where we can to one platform. Everyone may still have a separate instance, but we're going to focus on getting everyone on that platform rather than needing 40 people to manage that. We may only need 10 people in the future. We're focused on things like that, and that's how we're trying to get off the legacy systems. Technology is changing every day, which makes it challenging. By focusing on those cloud type of solutions where we get out of the business of having to upgrade, every time we do an upgrade on our ERP system, for example, it's three and a half or four million dollars. We have to do one of those every three or four years. We want to get out of that model. We want to move to the cloud software as a service where the company that's hosting that has to do those updates and we're continually up to date. So we'll level out the spending projection and be able to plan longer term because we'll know with that company we'll see an average increase of four percent or six percent, but it'll always be up to date and always secure. Ryan? It's something I just want to follow up on because I think it tracks with what Secretary Clinton was saying, and it's something more that the legislature has to consider. It might not be in the purview of your committee, but it's thinking about how we actually go about funding IT. And I think there's a traditional mindset of it's a capital expenditure. When we're funding IT, we're buying a bunch of big boxes that we're putting on people's desks and they're going to sit there for 10 years until we replace them 10 years later. And we move way beyond that as a society. And how we fund a lot of IT expenditure in our budgetary process is through the capital budget. And I know that drives that committee crazy because a lot of this expenditure is really general fund type expenditure. It's annual operating expenses. And I think real innovative private sector companies no longer think of their IT spending as this is a capital expenditure. It's something that we put on our books and depreciate over 10 years. Now these are annual expenditures. The Secretary of State, Quinn, was saying a lot of this stuff is subscription services that you're paying for year after year, things that are updated, but it's not a pay for it and forget it type of project and then we'll come back to it in 10 years. These are expenditures that go over time. And in a perfect world, and we're a long way from there, this would be more general fund focus as opposed to things that we bond for and pay for over time. I think one of the things that also we ought to be thinking about is the strategic changes in the way IT is being run. We've learned, for example, from Vermont Health Connect that this massive, large project, as opposed to what we're doing now, and I think Secretary Quinn can perhaps address it more specifically about cutting things into smaller chunks so that we can measure them and then adding oversight both from the IT oversight committee and from the joint fiscal committee and others to look at those chunks as they're being done to measure how we're doing relative to what it is we're trying to do so we can stay both on budget and on target. And John, you may want to expand on strategic changes. Yeah, I think when you look at how we would go about a big monowethic system like my Health Connect before, it was all integrated, every piece connected in some way and one piece failed, the whole thing went down. We're now building the integrated eligibility platform, for example, in modular, small pieces. So we can measure out each piece, monitor each piece, and if we only get through three of the pieces and we have to change our priorities and cut funding, we have three pieces that will improve the lives of the promoters, right? They'll be able to use those pieces. We'll be able to build off from them. It won't be a failure because we'll have things that we can actually use, things that we spent money on is where the old approach was, well, we only got part way through the project. There's no real functionality that works yet. And so the change there in strategic direction is definitely a lesson learned from the past and it's not something just Vermont has learned. It's nationwide. So I want to follow up if I could on both the Secretary Quinn's remarks and Senator Brock and forgive me if I'm three steps behind because I feel like I am, but from the perspective of a priest from a small parish, here we go. And I don't know whether this is a legitimate perspective or not, but many of us can remember the EB5 diagram that showed, in essence, a bunch of spaghetti-looking stuff. And that's how I feel about the way we are right now. And I don't know whether it's feasible or reasonable that we at some point will have one person, Ms. or Mr. IT, that can control everything or not. And I don't know whether we should. So I guess I'm still trying to get a handle on who controls what, because we've had issues in GovOps before where something happened. And then we went back to say, well, who's in charge? How did this happen? And what decision was made along the way that allowed this to happen? And we kind of, like, didn't get an answer. Can I follow up on that? And I know that you're focusing on state, the state government system, but how do we integrate that with, what's the role here with non-state government systems out there? I know the Public Utilities Commission regulates utilities, the regulated utilities, but what's our role with that other world out there that isn't in state government? And how do we integrate that? And do we have any control in terms of? Well, I don't know, in terms of getting answers to what decision was made, why did this fail, why did this happen? But this is the spaghetti that I think that Senator Collamore is talking about. And there is spaghetti here. There's no question about that. Because we're dealing with, A, some things that are totally outside of our control, for example, those things that are federally preempted that are still interconnected with what we do. One of the things in terms of looking at a governance structure, it's very difficult to take a governance structure and put one person in charge of everything because we have different organizations, different branches of government, different agencies that have systems that they have to manage. And that's why I'm suggesting that, at least as an effect as an interim step, that we should be thinking about dotted lines as opposed to a whole bunch of single lines. Because there are responsibilities in terms of things like technology, technology standards, information security standards, and so on, that should be consolidated really across government. And that, to me, is the role of a chief information officer. And that's normally the way it's done in a private sector. But at the same time, people who own businesses within government, such as the agencies and departments and independent offices, they have responsibility for their own systems. And there is a command and control piece there. The dotted line and direct line have to integrate with each other. The dotted line is standards. It's consistency. It's those kinds of things that get driven through government. On the other hand, agencies do need to control their own systems because they're responsible for managing them on a day-to-day basis. So there will be a degree of spaghetti, but not the kind of spaghetti that we saw in the EB-5 diagram. I think one of the things that we have been talking about on the IT oversight committee, though, is on the governance structure, taking it a little more slowly to really define what it is and how it ought to work. And that may be the kind of study that needs to be done between now and the session beginning in 2021 to create a structure that really works and that has thought through all these things rather than aren't doing so on the spar of the moment. So it's kind of a two-step process that at least I and I don't know if I speak for everybody on the IT oversight committee just think that may be an appropriate way to manage this. So I guess I have a question. Where does the overall vision, where do we think that's coming from? For instance, like something as simple as should something be cloud-based or, I don't know what the term is, site-based, server-based, okay. And my sense is like when I heard you say we've got like 1,400 different type of programs that we're trying to stay on top of, who's going to have this say as to whether how customized a program is versus you're just going to have to deal with what's out there commercially and figured out? Where does that happen? I can jump in. I really appreciate having this conversation because it's a very important one. You've touched on funding, you've touched on infrastructure, you've touched on governance. And I have a few more years on you in state government and I recall in the AG's office when we built our own system and we owned it and we built on it. And it's really very recently in my last tenure in the AG's office that this notion that we're duplicating other systems out there in state government came to really anyone's consciousness and that we can do better and we can start working with other agencies and departments on similar platforms. But 2017 and the creation of the Agency of Digital Services I think was just the absolute right thing to do and I think it's been very successful from my perspective as a consumer and as the head of an agency and also the one that has to sort of figure out how are we going to pay for our IT needs. So I will just echo that I think we are, it's going to take a while, but we're starting to online the spaghetti at least internal to state government that we are talking at the cabinet level, at the enterprise level about our IT needs. We're starting to talk about what are priorities for each of our agencies and how are we going to fund those and what's going to be the funding source and that has been a conversation we couldn't have had I think any more any earlier than this summer because of the work that Secretary Clinton his team have done in terms of inventorying our assets inventorying our needs and inventorying the risks on the cyber risks. And so I think a lot of work has gone into that's going to be very fruitful to this conversation. We purchase cybersecurity you know for the first time as a state hasn't been a product that's been out there for very long but you know we've started to really look at IT as an enterprise basis instead of each little program or department has their own thing that they do for their own. So moving to platforms that Secretary Clinton's been great if you have a need it's like well we have we have this over here that will help don't go duplicate you know efforts. So I can't say enough about I think the work that's been done to date that's going to help inform the conversation. I think when you talk about outside IT when we need to go to outside contractors I think that we've got a pretty robust review process for certain projects again at ABS where we're applying the standards that we want all our contractors to comply with in terms of privacy, cybersecurity and the like and I think that that's you know critical to when we have to go outside and I think the real nut to crack is the things that are certainly around outside us that rely on IT to deliver services and telecom. I mean it's become a much more compressed world I think than when it was all separate and I think that's the real challenge for all of us is the telecom piece of it and the federal government's preemption on cable one. I'll just add to that that I mean ABS is the internal executive branch agency of digital services and while John and his people are responsible for what goes on in the executive branch not including the separately elected offices he is also responsible for how the state entity of IT integrates outside but not for things like outside telecommunications and you know all corporate other thing and as to funding I would make a comment that representative Briglin made about the general fund one of the reasons we have like hundreds of of customer management systems and you know case management system is the federal government it's historically each individual you know CNFDA number would say oh you couldn't use this money to buy tea so everyone went out and bought it and so they have been a large contributor to the reason we have the problem that we have I mean I remember I staffed a committee that was made up of Mike Shirling who was the head of the Burlington alive at the time Burlington you know bright whatever that thing was called and one of the guys from my web browser and anyway so the three of them and we did a review of IT and one of the one of the things that was really interesting is when we were talking to all of AHS about at the time trying to do the 200 million dollar giant access project and I remember some of the testimony was like well yeah but if we build it this way and this is the way we don't want to do it we can cover these other 60 programs could you just build what yet what you have to build for could you keep it at what you need which is an eligibility system so the the federal money is a real you know it's a real temptation for people to just run out and get it and spend it and and not think about the long-term implication having ADS there as a as a bridge against that to say okay let's see what you want let's see what you need let's see what other people have can we work this together can we take what someone has and add you to it it's so much it's such a better conversation than just run out and get that federal money but the feds have not been helpful I mean they they have been part of the reason we have the structure that we have that isn't true just with it that's very tempting to set up a program absolutely yes so how do we first of all I want to mention it's doing a great job on this commission so I want to put a plug in here is her boss right I did have a couple of things that I just wanted to bring up first of all I'm appreciative that the state created a an agency for the digital services that's a real big promotion and I'm glad that they centralized everything because that's important too I used to work for my entire career in department of human resources and the last couple years it was very good about getting notices that somebody had opened something up it opened up a virus et cetera don't do it et cetera so it was fast response and I really appreciate that but I do have a couple things that are of concern to me this seven thousand state employees and many of them have access to terminals and with the best of intentions sometimes people access stuff they're not supposed to and the last I had heard my left state service that VSEA was going to work with the state on ensuring that employees weren't spied upon but that they're the places that they were accessing et cetera were going to be controlled if you will okay so that's one thing it's sort of there were a lot of folks who I was told by not big facebook person that they're on facebook all time or ebay or something of that nature so that's kind of a not a good thing for state employees to be using those services I wanted to know if in the cybersecurity field you were accessing Norwich University they have a very big program over there for cybersecurity you are okay so okay and then just one other piece uh where does AI fit in this because I assume this is Brian mentioned who's the big boss going to be in in a few years it'll be AI I mean that's you know they'll be controlling all of this and you'll have input into it but they'll be making the decisions and and using various apps et cetera to control it all it won't be a perhaps an individual but AI fits in here someplace let's work that way so so I do the only one I want to have maybe a comment was to sort of vsea that's the last I'd known that vsea in the state were discussing sort of how seven thousand state employees were going to use these new terminals the services that were available making sure that citizens got their money for it right so I'm not going to go into human resources policy at all but what I will say is that the tools that we've been installing or implementing across what I would call our perimeter our intrusion detection system and prevention system looks for certain types of URLs looks for certain types of websites we block those at the at the gateway into our into our perimeter right so the ones that we know about that are just downright bad we block those right away to make to make sure that we're preventing ransomware and viruses from coming in it's not a hundred percent full proof none of them are right but a lot of that stuff is blocked on the outside at this time we we don't monitor usage of state you do not I know my agency is not in charge of monitoring time usage of state employees that would be a question for you know department human resources but we haven't been instructed with implementing anything like that but overall the tools that we've been putting in place are really to mitigate the risk if employees do stumble on to a website that may be harmful to the state government data so and I would add one of the risks that we're currently trying to get our hands around on with that joint T oversight is what risk legislators pose to the systems we're you know we're working to put together a class for legislators as well as you know our municipalities who you know are tying into the system I think it really it'd be really good to touch on the Norwich University thing for a second two years ago I believe it's two years ago we created a partnership with Norwich University to bring in cyber talent into the workforce and the state workforce and to give students the opportunity to work in an environment that has about every type of technology you can think of here right you know we have legacy technology that's 40 years old that's hard to secure and we have new technology we have everything in between so we've created this partnership that does not only internships but a security operation center at Norwich University where students can get real-world experience watching our log data coming in from our firewalls and things like that and detecting potential intrusions or attempts at intrusions in your network so it's been a really good partnership and I think it's benefited the state I think we've hired three people from the program already full-time so it's definitely been you know one of the better things we've done all the states are having a hard time hiring cyber talent but this seems to be working out really well for us so thank you well I would also add Norwich has helped coordinate this cyber class that hopefully we'll have legislators taking as well as municipalities I'm an alumni of Norwich and I'm really pleased that they well I don't want to put a plug in but I'm pleased that they as an academic institution they don't sort of sit on an ivory tower that they're out there into the community into the you know where they can help out you know resources or the organizations in the state okay we're small anything that they can do to assist is is really vital one of the other things I failed to mention was we implemented a security awareness training program for our state employees last time I looked we had I think 4,600 people that had taken the awareness training and walks you through different modules whether you know it's identifying an email that may be a spam or phishing attempt or you know how to identify websites or links that maybe you shouldn't click on and we just bought a new software that's going to further refine that effort and be able to offer more trainings in depth over the course of the year the last thing I would add is we did pass an AI commission we created a commission a couple years ago I saw something I don't I'm not as in tuned with a legislature with a legislative member is there they're you know more closely attuned to what's taking place I heard something about that but you know AI is going to connect to all of these things in some fashion like I say you know AI is going to be able it'll be able to manage every all the information that's coming along and coming in yeah I mean I know that you are talking in the future tense but I mean it's it's not present tense okay sorry and it's growing so two things first of all our IT staff at the legislature is me so nervous about clicking on anything that my family gets really annoyed at me when they send me a link to something and I say don't trust you it's not opening it but anyway delete delete delete but we tell people not to click on any emails from a hormone because they may contain spam so I'm kind of going back a step here I'm a little concerned that just given what you were talking about with the federal preemption that we can't that is there any governance structure at all that can look that can somehow and I don't know what it is but you're talking about two different things right so when we look at so what John is not secretary Quinn is not no I'm not talking about state I'm not talking about the state here state government okay no I am going back farther to okay where Brian and I were about in the wild world out there that it seems to me we need some focal point that looks at kind of the world of IT out in Vermont not in state government necessarily and I don't know what that is I don't know what it looks like but how do we do that we we just heard from the state board of education they apparently have no authority to do anything but they do things but their their goal is to look at the kind of world of education and make recommendations to the agency and to the governor and to the legislature but do is there any such thing that we can create or have that would do that same thing or is that your role I don't know outside of state government so that we can see you're talking about infrastructure over the horizons of the world and the AT&T's and when we ask them questions and they just say could I just I don't know I just bring us back to what our mission is for the sunset advisory committee yeah and commission and that I think was very valuable for us as a commission to hear from these five people on on the variety of and complexity of the situation but the primary goal seems to me here was to get testimony to help us in our deliberation about these committees that we understand a little bit better right not that I'm not wanting to talk about the greater world but it seems to me that that's probably something that the legislature as a whole needs to work on with you know contact with administration but for purposes of this I think we should if we need any more information that will help us in our deliberations about the remaining committees and boards that we're looking at today I think we should ask those questions but sort of a wider discussion about governance and outside of state government I think we should probably leave to some committees of chairs well that's what I was wondering if they these people in their wisdom could say well one of these is yeah is something that could expand into that what I was thinking or okay none of these are or you should eliminate all of these and start all over again or so you have different focuses on so like the agency is all internal right yeah and then you look at the puc and the department and those are really looking external right you know at our infrastructure right the property parcel data is municipalities no what's the web portal board web portal board is is is uh electronic transaction state government conducts for money you know like permits and licenses just just for a little clarity the parcel data advisory board john adams is actually an employee of ads they run the geographic information center and provide maps and data to towns municipalities state entities so we are outward facing a little bit with that group so I mean are you going through like the E911 board is coming in and I'm just wondering if that's is that something that could potentially fall underneath you know the purview of the agency services well but I think Suzanne has right yeah the legislature has tasked the secretary of administration looking at that very question which is where should the E911 board reside if not in its current iteration as an independent board when you look at their functions they have IT function they have they have the telecom function they have a public safety function I mean they they are kind of crossing a lot of different areas that fit in different parts of state government so it's it's not a new conversation I've gone back and looked at several reports and studies over the last decade that have tried to crack them out of the E911 board and where they should reside or should they move to public safety so we're looking at that now and reports doing jam and you know we asked for that report in particular for the very reasons that the Secretary Young has mentioned we've seen failures and it's the kind of failure at at the end of the day when a person can't get an E911 call through I know a question I asked in Senate finance is who do we blame and the problem is there are a number of fingerprints on it and that goes back to the spaghetti chart and that's why I lean towards having at least some dotted line responsibility to the technology piece the chief information officer because there is an information and there's an information transmission role that's there standard setting monitoring oversight as opposed to direct responsibility can link some of this stuff together better than it is being done right now because we do have holes and we have serious holes can I just make one comment we haven't really heard from you representative so maybe a couple minutes but following up on two points we're the sunset advisory commission we like that sunset organization that we really get excited about that I know it's you've got a nail with a hammer so there's any organization that's listed here or other ones that you know of that have lived their usefulness we're certainly pleased to hear that information but I do just want to give you it I don't want to take the possibility but just give you I didn't believe it so the PUC I think absolutely I'm kidding I think Senator Conor's question is the key one that I think you should have from center as you're thinking about again whether to cut whether to turn the dial slightly on what some of these commissions might be focused on and what your recommendation is back to the legislature which is accountability you know as I look at these different commissions and boards and how they're set up and having heard Mr. Carroll who's a constituent mind and and Mr. Peltz testified earlier as a legislator and a chair of a of a committee that has oversight we're always looking for who's the neck we can choke who's you know something goes wrong who do you reach out for and and Senator Brock said also is you know when you have the spaghetti structure you know you you what you reach out for and grab is a handful of sand and there's you know there's nothing there to really hold accountable so I would say that's issue number one looking at these different boards where's the accountability and what's the function the boards that you're looking at this afternoon my sense is some of them I've never had interaction with but played very different functions some of these boards operate with kind of an executive capacity they actually have functions where they are they have oversight of an executive that reports to them and that's a very different function than an advisory board and that's not to say that an advisory board is important and let me make a pitch for one which is I think I agree with what's been said today in terms of ADS plays a very important function in state government that we didn't have before which is pulling together from different parts of state government a function that was I don't want to say out of control but again there was no accountability for it and now we have an agency that has the capability of doing that certainly the mandate but you know where you know where that goes in different parts of state government for example the legislature has a committee that deals with IT within the legislature where that goes with regard to secretary Quinn's oversight of the secretary of state's office the treasurer's office the AG's office that accountability is not there and do we want to consider as a state government you know more oversight there but in terms of an advisory role IT and cybersecurity changes so frequently that I think there really is an important role for a third party independent advisory role to state government to ADS on cybersecurity where you've got kind of the best minds in Vermont who are working on cybersecurity who can give an outside perspective whether it's to the secretary or other parts of state government to deal with IT I think it's I think this is a place that's very fertile ground to have that type of advice um and that kind of cross-fertilization if you will and it's because it's such a it's an area that is subject to so much change and I will say that's in contrast to many other parts of state government where you know things just you know policy changes move at a much more measured pace this stuff is changing daily and I think it's important as high caliber or you know maybe there's a need for improvement we have within state government I think we need people from outside state government advising us on what best practices are so I would make a pitch for uh there's an advisory role here that's that's very important and there's one other role that we haven't really talked about it it may be outside of the purview of what you're doing on a sunset advisory commission is I think we need a much stronger audit role because there needs to be not just the oversight and work being done within state government we need to have an independent set of eyes to look at IT problems from an auditor's perspective we have one IT auditor in state government right now the same as we've had for the past 15 years and IT has played a place a much stronger role a much more prominent role in what we do right now and that I believe is a real inadequacy that needs to be addressed so I assume senator brock here one IT auditor is not sufficient for no and and to hire people to come in and do outside reviews is extremely expensive yeah extremely expensive and this is also a problem that we've looked at overall uh in our work on the joint IT oversight commission is are we able at the salaries that we pay in state government to hire the people that we really need at the level of expertise that we need and so what we wind up doing and we this was a classic example we saw in Vermont health connect we didn't have the horsepower to do the work and we weren't able to hire them at state government salaries even inflated to market factor analysis and so as a result we go out to a contractor we pay four times the rate that we would pay if we had the person on our staff in the first place and that again is something that we we've enlisted the human resources folks to to look at to perhaps give us some guidance in that regard too and this is someplace that I think is also moved in a different direction in the private sector in the last 10 years which is 10 15 20 years ago you went to the private sector and looked at places that used to be considered you know I'll say cost centers and most private businesses which was human resources and IT have really changed their strategic focus you look at any private sector business worth their while now and they are looking at human resources and IT as that's a core that's a core strength of the business and people who are involved in those areas are major strategic players in the organization you know it's not you know it's not that you know IT used to be a backwater and that's not the case in in well functioning organizations now it's a strategic role and I think it's important that we think about you know from your perspective as you're looking at state commissions and and who's working on these issues it's a major strategic function and we have to have kind of best minds and practices kind of looking at that it's not this is not a backwater it's it's kind of it's central to what we can do so one thing that that concerns me I've heard from a number of people is the lack of oversight of the non-executive groups whether it's the legislature or the secretary of state's office is there any effort being made now to consolidate oversight with respect to those other non-executive agencies I mean because it seems like if they're not part of they're not under the oversight of ADS they may be doing things that are good from a cyber security or other perspectives so we are not we have not come forward yet with our final recommendations but and that is not one that we've been talking about what we've been talking about at this point is just having the three branches come together to talk on a regular basis which was not happening so you know and then you've got these outside independently elected offices etc so you know the notion of creating a cyber council um certainly the governor has a cyber council you know which I think you may have a little bit different scope I think there's room for looking at that for sure it's not also as a role that the auditor's office is uniquely able to play to go across those branches and state government to look at problems throughout the enterprise which is why I do emphasize that and senator brunt do you think currently the auditor is focused enough on these technology issues well if the auditor were given an armored carload of money to be able to fund the hiring of the kind of expensive services necessary to provide that oversight that may be the case but right now it's not staffed to be able to do it and he's not funded to be able to do it and the auditor's office is also one of those independently selected offices so the legislator can certainly ask us to do some things and generally you can expect that they will be responsive to that but we've not asked and if we're are we losing money by not asking I mean are we would we be better off paying the money up front to have the auditors done than to well then all of this this work would be would be done obviously in increments and prioritization but to ask the auditor's office just to look at information technology risk in a general term come back with a plan for doing that that might be something that that might be worth doing I know we've had conversations with the auditor's office we've had the auditor in I think he's due to come back to us with just some additional information that we asked for about approaching the subject we are looking at potential recommendation around cyber standards you know how we have the means to you know putting something like that in statute as well as notification on breach breaches of systems you know it's it's been it's been interesting to learn what we don't know so am I hearing that part of the conversation really is how much of this do we try to do in-house as opposed to outsourcing it is that part of the debate or something I think we I'm a plan person so I think we really have to you know like think about what are the next objectives that we have here and then figure out if we have the capacity in state government I think you know we're hearing a lot about the value of outside independent audit I think yeah I'm just we've talked about potentially adding recommending adding some capacity at JFO we have Dan Smith there on IT projects you know is there the ability should we should we add some capacity there for cyber security you know just work it up we you don't you don't use any is it highway hey we oh car is the chinese where's the chinese you don't use any of that wow hey wow hey thank you no and given the escalation in my role in 2017 we were able to quickly issue a directive to the all-state government saying that we won't be using that technology there were six or seven types of technologies that we banned based on federal guidance okay all right yeah I'm up except E911 has some of that don't they John yeah oh they don't know there was got rid of that there was some wall way equipment in a data center that had been decommissioned but still in the rack but yes there is none in the E911 system that I am aware of okay thank you yeah who's on the committee I'm just curious on your Melissa committee just the three of you uh no it's myself Seth Chase who's also from energy and technology Marty felt us from appropriations senator Brock senator Pearson and um senator Ketchel Ketchel I'm so glad we were able to solve all the issues today what is the so what is the issue that you would like to solve I would like to have us solve that's what I was trying to ask about with the advisory I don't know if these groups if these boards and commissions are the right ones to have and some of them may be so specific that they need to exist and some of them may not but I what I was trying when I was comparing it to the board of educationists I was thinking about what Tim actually said very eloquently is that we we need to have some kind of an independent body out there that is made up of those leaders in that and I wondered if that's what we need I to advice the state on where to go cybersecurity what to do what to think about without having it be a governmental body I just and I don't know if one of these can still that role if I I don't know you're talking about creating a new board in the in the five minutes we have left with the exception of the fact that John you're gonna testify in the work of the board later does anybody of our guest or have anything that they would like to add specifically about these boards and commissions that are on our agenda for the rest of the day good question very cool I noticed a few were removed and so from the initial agenda so I think there were quite a bit of ops lessons on the first agenda and now I think you're going to hear from the E-911 board and that's the work in progress in terms of governance and whether it should be advisory or not property parcel data advisory board seems to to be one that's functioning but you don't have to hear from them and and that's a role for municipalities the PUC and again and the Department of Public Service are just totally different volumes that I would not even profess to have the thought of abolishing without great thought and and insight into that and the web portal board which does serve a function in the state government the secretaries are represented on that board my representative who's not here this week you know says he's pretty excited that there's a little bit of new energy and new direction on that board which I expect Secretary Clinton will fill in on but as far as other boards related to IT I didn't come up with any others that I think are still in existence or functional so I know she had vital on your your uh yeah I was a little confused by that because I didn't really look at vital uh at least the vital board is a creation of state government but that's more of a semi-autonomous entity that has been charged by state government with a particular function right I wasn't sure it was in the purview of this board to sunset that board but maybe it is well we might I mean I I don't know that it is in our purview but our what our role is I think is to look at them and then to say is there um is there a recommendation it would be I would assume health and welfare yep and that would take that up along with the administration and then and and if and if it's still functioning the way right then are there legislative changes that need to be made to make it more appropriate to what they're actually doing now than what they might have been doing when they were created right from my perspective it is and it's their job to prove to us that we're not supposed to okay but did you say there were ones that were on the initial list that aren't there were some really obsolete ones that intrigued me the commission the committee to examine strategies to enhance software information uh technology sectors that were in session law that have since sunset by themselves yeah have they since ended by themselves or yeah yeah I mean they had a court doing January I'm assuming they don't exist anymore in January 2013 so there was some um at least not the agenda I saw I think that you may have the information on that okay excuse me because some some some of them some boards we found that they were created to produce a report but they still exist in statute they never were they never went away or they're in session are gone Betsy will I think she is well I would put in up for the telecom and connectivity advisory board that's a board that's making grants I think it's good to keep some transparency there is this the one that's doing the grants for the whatever those little things are that was really technically she's talking about coverage going the radios no that would be the department um this is with the universal service on connectivity and activity initiatives yeah okay okay and so keeping that kind of separate board I think it's just good for good height yeah anything any others on there remind equipment distribution program advisory council I guess we'll hear from them yeah yeah there are some and I and I don't know I'm not right off I can't pinpoint exactly what those two boards do but there are some folks that are very specifically affected by programs that staff some of these boards and again there's a sunlight factor there making sure that things are happening yeah yeah yeah and I just will hear from them this afternoon okay all right well thank you very much for training us thanks for coming in we appreciate you