Less rules and more talking. Sounds fun, right?
Mitch Herckis, Director of Government Affairs at the National Association of State Chief Information Officers (NASCIO), is a proponent of more communication and less outright bans for government cybersecurity. He recently spoke with Christopher Dorobek, host of the podcast DorobekINSIDER, on cybersecurity regulations on the state governing level, and generally on NASCIO’s federal advocacy key issues for 2015.
First of all, Herckis suggested that flat-out bans on technologies won’t work. Leaders are beginning to realize that employees will find a way to break rules and use unauthorized mobile devices and to put information on insecure services like Dropbox or other cloud sharing systems. Rather than bar mobile devices or cloud services outright, it’s becoming more of a common practice to establish these services as secure systems and closely regulate their use, rather than trying to ignore them.
This would help mitigate some of the challenges that state cybersecurity is up against, according to Herckis. One of the main issues is talent – there’s not a large number of professionals or students in the field, and for those who are, it’s often a temptation to choose the private sector over the public. “When it comes to the IT security workforce, the public sector cannot compete with the private sector, it’s just that simple,” said Herckis.
Some states have invested in internship programs, scholarships and attracting students at community colleges. But it’s also important to make sure that the existing professionals are well taken care of, so that they’re less likely to move to the private sector.
“We want to make sure essentially that we’re attracting qualified personnel, training personnel that we have, and retaining and providing for them, through further education or through opportunities to work on very interesting things,” Herckis explained. “Using the old Obama line, we need to make government work cool again.”
Another important theme that Herckis emphasized is the need for massive collaboration on tech challenges. This includes streamlining the online customer experience so that citizens can use one login for multiple government websites across agencies, which doesn’t happen now because of inconsistent cybersecurity regulations.
“Agency rules are different across various federal agencies, and they dictate these to the states,” explained Herckis. “Citizens oftentimes need to have a different ID and a different login for all these different programs, and they often don’t know which door to come to. It should be much simpler for people to access.”
Also, technology should be more upfront in national dialogues, to foster collaboration and improvement. “Particularly in the public sector when we’re looking to form a solution, the technology portion of the solution is brought to the table after we decide what type of solution we want,” said Herckis. It shouldn’t be such an afterthought.
There should also be much more communication between states and federal agencies, across levels. According to Herckis, states and federal agencies should systematize sharing of best practices and common mistakes to better their IT services. This includes both on the state-to-state level, and at the state-to-federal level.
Herckis leaves us with the notion that although there’s a great deal of work to be done, he’s faithful that with more talking and less rules, we’ll get there. “There’s going to have to be a greater awakening to what needs to be done around this, and greater consensus being built. And that’s happening, it’s just happening slowly.”