Cybersecurity priorities can differ across state and county lines, but shared threats can affect networks regardless of where they originate.
State chief information officers (CIOs) and chief information security officers (CISOs) should take note of the federal advocacy priorities released by the National Association of State Chief Information Officers (NASCIO), specifically those that aim to align state and federal cybersecurity regulations.
NASCIO seeks to contribute to policy within the federal government on state information technology (IT) practices. On Jan. 23, NASCIO’s executive committee selected three main priorities of interest for 2019:
- Normalize the audit process and integrate federal cybersecurity.
The partnership between state and federal governments to administer programs is complicated by compliance with federal security regulations related to data.
“Disparate regulations are an obstacle for states working to proactively enhance their cybersecurity posture and deliver innovative digital government for citizens,” James Collins, NASCIO President and Delaware CIO, stated in a press release.
While state CIOs seek to comply with regulations, they are also faced with the need to gain savings for taxpayers through IT integration. Additionally, federal government audits of state data centers can produce inconsistent findings. State CIOs then have to dedicate additional resources to compliance rather than cybersecurity initiatives.
“We are encouraged by the engagement of our federal partners to harmonize cybersecurity regulations and look forward to advancing that work in 2019,” Collins said.
- Urge participation of membership in committees.
Cybersecurity issues require engagement across a community. State CIOs have pointed to cybersecurity as their No. 1 strategic priority for the last six years, according to NASCIO’s annual state CIO Top Ten priorities. State Senior Advisory Committees (SACs) and Urban Area Working Groups (UAWGs) govern Federal Emergency Management Agency (FEMA) grants in accordance with their responsibilities, which include directing funds to fill in capability gaps, revising homeland security programs and creating a cohesive planning network.
SAC and UAWG members include additional members of state and local governments, health officials, nonprofit organization representatives, and other community members who can contribute their knowledge to create a comprehensive overview of cybersecurity threats faced by the community.
The role of state CIOs and CISOs in these committees is to include information about threat data to better develop cybersecurity threat responses.
- Acknowledge state authority and continued innovation with regards to developing technologies.
A fact sheet from NASCIO states that “within state government, there is a growing recognition of the need for state CIOs to address emerging technologies by design rather than default.” Sixty-seven percent of state CIOs indicated that their role with regards to emerging technologies centers around collaborating with agencies on decision-making.
“NASCIO supports the ability and authority of state governments to continue to serve as laboratories of innovation as it applies to emerging technology,” the fact sheet continued.
What are some cybersecurity priorities you’re keeping in mind this year? Let us know in the comments below.