Mike Steinmetz took office April 17 as Rhode Island’s first cybersecurity officer.
Although he has been in this new position for only two months, Steinmetz has developed a network of state officials, academics, and industry experts. He stressed the importance of partners within the private sector and academia.
For example, Steinmetz said the Community College of Rhode Island, which has its own cyber range, has been valuable for people seeking certifications as cyber officers. He also said the University of Rhode Island is a frequent partner. Steinmetz said the university’s law enforcement forensics program is especially useful.
“That program could be the envy of any university anywhere in the world,” Steinmetz said. “They help build jobs in the state of Rhode Island. They’re great jobs.”
Steinmetz’s chief responsibility is to shape policy and provide guidance on cybersecurity to state officials. One of his tasks is training government employees on basic cybersecurity skills; he noted that humans often account for breaches.
He is working to set up training sessions for state government employees and emphasizing the maxim “think before you click.”
“Cybersecurity is not just a technology challenge, it’s a culture challenge,” Steinmetz said. “The focus is on the human being as the weakest link in the chain.”
Although Steinmetz does not have former Rhode Island cybersecurity officers to look to for advice, he communicates with fellow states that serve as examples for cyber strategies. He cited Virginia as one example. Virginia Gov. Terry McAuliffe has yet to create a state cyber officer position, but he has established Cyber Virginia, a cybersecurity commission.
Virginia’s cyber commission consists of state government officials and representatives from technology companies. Karen Jackson, Virginia’s secretary of technology, and Richard Clarke, CEO of Good Harbor Security Risk Management, chair the commission.
“I’ve spent some time with them,” Steinmetz said. “They’ve been willing to share and provide help and guidance.”
Steinmetz’s first official day was in April, but the position itself was created in October 2015 after the state’s Cybersecurity Commission, set up in an executive order by Gov. Gina Raimondo, issued a report calling for a cybersecurity officer.
Raimondo subsequently issued another executive order, this time on homeland security, ordering the establishment of the Governor’s Homeland Security Advisory Board. The board, which includes public servants who specialize in cybersecurity, intelligence, and information sharing, is tasked with improving the statewide cybersecurity framework.
Steinmetz has previous experience working with the intelligence community on homeland security matters. Prior to joining the state of Rhode Island, he was the director of governance and compliance in the digital risk and security division at National Grid, a British gas and electric company with branches in the U.S. He also served as a deputy chief of staff for the National Security Agency.
Raimondo’s executive order mandates that the board submit a report evaluating the state’s security posture by December 2017, and annually thereafter. Steinmetz said he is in the process of forming the board and setting up the first of their meetings.
“There are some important benchmarks in the governor’s executive order on homeland security,” Steinmetz said. “We’ll probably meet three times a year.”