The National Association of State Chief Information Officers (NASCIO) is advocating for increased cybersecurity partnerships with the Federal government, according to its 2017 advocacy agenda.
The Federal advocacy agenda, which was released Jan. 18, outlines the four issues that NASCIO will focus on this year:
- State chief information officers’ (CIOs) seek strong intergovernmental partnership on cybersecurity.
- Flexibility in Federal funding regulations that encourage legacy system modernization and cloud adoption.
- Information sharing and safeguards, meeting citizen expectations.
- Successful implementation of First Responder Network Authority (FirstNet) plans in each state.
According to NASCIO’s FACT sheet, 80 percent of state chief information security officers (CISOs) say the lack of sufficient funding is the chief barrier in addressing proper cybersecurity measures. NASCIO recommends states work with the Federal government to create a “national cybersecurity strategy and encourage development of state cybersecurity strategies.”
Mark Raymond, CIO of Connecticut and president of NASCIO, told MeriTalk that Federal government partnerships are vital for states. Many Federal agencies, such as the Department of Homeland Security (DHS), Health and Human Services (HHS), and the Social Security Administration (SSA) have programs delivered at the state level.
Because Federal programs often manifest at the state level, Raymond said that Federal partners should provide clear and consistent guidance around their regulations. He said this would be especially useful because programs from different Federal agencies have different requirements. For example, one agency will timeout its networks in 15 minutes, and another agency will timeout its networks in 30 minutes.
“States and Federal government are linked at the hips. Federal programs are implemented through states,” Raymond said. “Different programs give different views. This makes it more complex.”
Raymond also stressed the importance of flexibility in Federal funding regulations. Most Federal grants come through the “silo” approach, meaning that funding must be spent on a designated IT infrastructure project. The system prevents states from using enterprise solutions or shared services that have the potential to save money, Raymond said.
“We have to account for how we’re using funds, but recognize shared components in enterprise capability,” Raymond said. “We should only pay once, but use funds in an effective manner.”
The Federal government should also support the National Information Exchange Model (NIEM), NASCIO’s report states. NIEM is a set of standards for information sharing that “all government lines of business” use.
NASCIO will also focus on public safety networks across all 50 states, according to its agenda’s fourth goal. FirstNet offers a wireless data network for first responder groups. According to the Middle Class Tax Relief and Job Creation Act of 2012, FirstNet has to give states a National Public Safety Broadband Network (NPSBN) plan. States can either opt in to the FirstNet plan or opt out and create their own network plan.
States that opt out will need to inform FirstNet, the National Telecommunications and Information Administration (NTIA), and the Federal Communications Commission (FCC) before assembling the resources for their own plan. Raymond said that state network plans that generate additional revenue need to return that revenue to FirstNet and, for this reason, most governors will probably stay with the FirstNet plan. He said that fewer than five states have stated plans to opt out.
In Connecticut, Raymond said that his focus will remain on cybersecurity. He stated that his team issued a report on cybersecurity on Jan. 1, and they will release a more detailed strategy plan in the spring. He is also working with state, local, and Federal partners to establish more digital government solutions. While Connecticut has trimmed its number of digital servers from 1,300 to 170, he said he will continue consolidating.
Additionally, Raymond said he will continue to explore cloud solutions. He said that 70 percent of states have cloud-first strategies, which urge state CIOs to examine ways to use cloud services when starting any new program.
“I’d be surprised if a state did not have a cloud migration plan,” Raymond said. “I don’t know if we’ll all move, but we can fully expect to see continued migration.”