Some things are better done together. And when it comes to information technology, that may be especially true. Pooling resources and thought leadership among state and federal IT professionals can help counteract hackers, provide access to talented IT workers and streamline the procurement process, according to experts speaking at the NASCIO Midyear 2017 Conference this week in Arlington, Va.
In fact, NASCIO has made it a policy priority to advocate for federal partners to work with state CIOs to improve cybersecurity. During a conference breakout session, representatives from Connecticut, Ohio and Minnesota, as well the federal General Services Administration (GSA), emphasized how federal programs can make life easier for state IT departments.
“We have to be taking full advantage of the resources we have available to us at low or very low cost, to be able to say, ‘Yes, we’re doing everything we can with the resources we have, and, by the way, we may need a little more,” said Connecticut CIO Mark Raymond.
Connecticut accesses a Department of Homeland Security program that streamlines security clearances for state IT staff, as well as DHS-sponsored cybersecurity preparedness exercises, training and certification, and awareness and literacy initiatives. Raymond urged state leaders to access DHS-sponsored iSight Threat Intelligence by FireEye. “No one knows about it and I don’t know why,” he said. “Any state entity can sign up.” The service highlights vulnerabilities and actual threats, and also analyzes the accuracy of media coverage of cybersecurity. “So when you get a question from the governor saying, ‘Hey, I heard about this,’ you’re prepared to say, ‘Yes, I know.’ You’re prepared on a daily basis with this information.”
In Ohio, the state worked with GSA’s 18F digital services unit in simplifying and streamlining its request-for-proposal (RFP) process, said state CIO Stu Davis. The state-federal team tackled a challenge that other state governments no doubt face: Many vendors simply do not look to public sector work, preferring to avoid the expensive and often complex process. The analysis involved a straightforward question, Davis explained: “How do we simplify everything associated with an RFP to make it easily understood on what we’re trying to do, and easily understood on what our requirements are?”
One area that needed reform was RFP terms and conditions, which had included a requirement that respondents had past experience working with states of approximate size. The new streamlined RFP brought results: For a recent data analytics project, more than 75 percent of the responding companies were new bidders to state work, according to Davis.
Minnesota CISO Chris Buse highlighted the federally funded Scholarship for Service Program, which grants students in accredited cybersecurity programs funds if they agree to work in government for a time equivalent to the number of years they receive funding. The grants include tuition and stipends up to $22,500 per year for undergraduate students and up to $34,000 per year for graduate students.
The program is competitive for students to enter, meaning that government agencies have access to top students. “This is a really big deal in the government space if you’re looking for cybersecurity professionals,” said Buse, who hired six graduates of the program last year. “I had 200 resumes of top students who all had master’s degrees, and multiple programming languages. You’re picking from the cream of the crop. … I think this is a really nice way to get top talent in government.”
On the federal side of the equation, Dominic Sale, deputy associate administrator at GSA, encouraged state IT leaders to look to the many available federal resources, including the Federal Risk and Authorization Management Program, or FedRAMP, which provides standards for security assessment, authorization and continuous monitoring for cloud products and services. Although it is aimed at how to protect federal data in the cloud, state governments could look to the standards to guide their own efforts. “That is something states could take advantage of today,” said Sale.
Read articles from StateTech’s coverage of the NASCIO Midyear 2017 Conference here.