The National Association of State Chief Information Officers (NASCIO) and the National Governors Association (NGA) today released new guidance on how state and local governments (SLGs) can better collaborate on cybersecurity matters.
“More and more states are adopting a whole-of-state approach,” said Doug Robinson, NASCIO’s executive director. “State CIOs know that cybersecurity is a team sport and local governments are important to everyone’s shared success.”
The guidance, entitled “Stronger Together: State and Local Cybersecurity Collaboration,” addresses what NASCIO and NGA described as the “dramatic uptick in ransomware attacks across the country,” as well as other cybersecurity concerns facing SLGs. In the publication, the two organizations outline “promising programs that states have initiated to enhance collaboration with their local government counterparts for cyber resilience,” and provide high-level recommendations for state officials to strengthen partnerships with local governments.
“Governors and states are at the forefront of cybersecurity, which is a collective responsibility and one of their most important priorities when it comes to protecting people and systems,” said Jeff McLeod, director of NGA’s Homeland Security & Public Safety team. “We know that effective strategies to prevent and recover from cyberattacks involve all levels of government, including local partners, as well as partners in the private sector.”
The guide uses 13 states – including Illinois, Iowa, Texas, and Pennsylvania – as case studies, and examines existing successful programs in each state. After examining success stories, the guide offers up actions states should undertake immediately.
States need to “at the very minimum” build relationships with local governments. NASCIO and NGA suggest that states do so by working through state municipal leagues and county associations with an “emphasis on local information technology associations.”
States also need to raise awareness of existing services already being offered to local governments. The guide cites NASCIO’s 2019 State CIO Survey, which found that only 31 percent of states have a formal awareness and marketing campaign designed to promote state offerings to local governments. States can improve awareness in by holding cyber summits and engaging in stakeholder education, NASCIO and NGA explain.
The guide encourages states to explore potential cost savings of including local governments in their service contracts. This would be done by consulting with local governments during the contract planning and solicitation process. States should also provide a “conduit for discussions about pooling resources among shared risk pools at the local level,” the organizations suggest.