State IT Leaders Give Voice to Cybersecurity Challenges

Ask and you shall receive. Wouldn’t it be nice if that were the way Congress doled out funding and IT resources?

State IT leaders didn’t exactly establish a request line for cybersecurity investments, but they did communicate their needs — and their roadblocks — to colleagues at the federal level. According to a press release from the National Association of State Chief Information Officers (NASCIO), state IT leaders were asked during a recent House Homeland Security Committee hearing to identify what they needed to improve their cybersecurity tactics.

Connecticut CIO Mark Raymond and other leaders present at the hearing named three critical roadblocks:

• Insufficiency of budgets
• Increased sophistication of threats
• Lack of qualified cybersecurity professionals

“State CIOs are committed to securing state networks, protecting the digital business of state government, and coordinating with diverse stakeholders to ensure government continuity in times of disaster,” said Raymond, who also acts as vice president for NASCIO, according to StateScoop.

The threat of cybersecurity is particularly pointed for state and local leadership. A survey conducted by the Governing Institute in partnership with AT&T and the National Cyber Security Alliance (NCSA), and reported on by StateTech earlier this year, found that “80 percent of elected and appointed officials and their staff do not know if their state has an emergency response plan in the event of a cybersecurity attack.”

States need more partnership and collaboration on all levels, but most notably from the federal government.

“It is incredibly important to share the state CIO perspective on cybersecurity and emergency management with federal lawmakers. This hearing has been a great opportunity to raise awareness around cybersecurity and states’ ability to respond to and recover from disasters and cyber disruption,” Raymond testified before the House Homeland Security Committee.

States Struggle with Hiring IT Talent

Although cybersecurity talent is particularly scarce, state and local governments are in a bind when it comes to hiring IT workers in general. There is a dearth of tech talent in the U.S. overall, and any tech talent available domestically is often gobbled up by the private sector, which can offer higher salaries and better perks than state and local governments.

According to NASCIO’s State IT Workforce: Facing Reality with Innovation, released last year, 86 percent of states have trouble filling open technology positions, and 46 percent of survey respondents say it takes three to five months to fill senior-level IT roles.

States and localities are finding creative ways to make their positions more appealing. For example, Seattle is emphasizing the impact that young people in IT can have when they work in government organizations rather than for larger, mature private-sector companies, which may have narrower job descriptions and layers of bureaucracy.

“We can give our employees and recruits the ability to have a broader scope of influence than in the private sector,” Michael Mattmiller, chief technology officer for Seattle, said in a StateTech article. “When we bring someone in to do an Office 365 deployment, they’re doing it for an 11,000-seat organization. That's a huge logistical challenge and responsibility we can empower them with.”

With cybersecurity in particular, the stakes are high and the sense of mission and accomplishment is immediately impactful. That’s why Maine CIO Jim Smith has made it a priority to build a pipeline of IT talent very early on, at the high school level. That way, students can go into college understanding the career opportunities they may have by pursuing education in technology and then, ultimately, a career in IT. So far, the state’s awareness and education activities has been well received by the students.

“The students get a sense of the risks and challenges of cybersecurity. It is really exciting for them,” said Smith in a StateTech article last year.