The annual conference of the National Association of State Chief Information Officers continued to emphasize the importance of collaboration among state and local governments in panels and reports on Wednesday.
As top targets for ransomware attacks in particular, state and local agencies benefit from working together to protect against risks, NASCIO and Deloitte say in a joint cybersecurity survey, “States at Risk: The Cybersecurity Imperative in Uncertain Times,” released Wednesday.
“While recognizing the autonomy of local governments, there is a value to having states build a collaborative relationship with local governments and institutions of public higher education. Especially when undertaking modernization initiatives, all parties can benefit from sharing knowledge and resources and coordinating approaches,” the survey states.
Effective Cybersecurity Requires a ‘Whole of Government’ Approach
The survey reveals 56 percent of state government CISOs are “not very confident in the cybersecurity practices of their local governments,” while another 35 percent are “only somewhat confident in the cybersecurity practices of their local governments.”
Meanwhile, only 28 percent of states have collaborated extensively with local governments, according to the survey; 65 percent reported limited collaboration with local governments.
In a NASCIO 2020 Annual Conference panel earlier in the day, North Carolina Chief Risk Officer Maria Thompson endorsed a “whole of government” approach to cybersecurity.
“A lot of times, we focus solely on the executive branch agencies,” Thompson said during her panel. “[Cybersecurity] cannot be separated by the branches, including the legislative and judicial. We are missing something if we don’t consolidate those from the security perspective.”
Bad actors “relish” the separation between government agencies and the lack of holistic monitoring across the enterprise, Thompson said. “A whole-of-state approach is needed to bring those pieces together.”
A whole-of-state approach may augment cybersecurity at all levels of government, noted the Deloitte-NASCIO cybersecurity survey.
“Many states offer a variety of services that are available to local governments and public education entities, including incident response, security management operations, network and infrastructure, strategy, governance and risk management. Yet only 27 percent of states provided cybersecurity training to these entities last year,” the survey notes.
The survey advocated improving adoption of those services through awareness campaigns, cybersecurity summits and workshops.
State CIOs Extend Services to Cities and Counties
In another NASCIO panel later in the day, New Jersey CISO Mike Geraghty emphasized the importance of flexibility in collaboration with agencies, advising that states avoid “telling somebody what to do.”
“It wasn't a matter of us telling people what to do but actually working with them to institute cybersecurity programs and to provide services,” Geraghty said of the success of the New Jersey Cybersecurity and Communications Integration Cell.
“It's actually doing rather than talking about what we do,” he added, identifying threat intelligence sharing and incident response support as key collaborative initiatives.
On Tuesday, NASCIO released its 2020 state CIO survey, “The Agile State CIO: Leading in a Time of Uncertainty.”
“High-profile cyber incidents including the August 2019 attacks on local governments in Texas, the coordinated attack on Louisiana public schools and the Baltimore cyber disruption have been widely publicized. Because of the publicized — and many more unpublicized — incidents, states in 2020 are increasingly collaborating with local governments to enhance their cybersecurity posture and resilience. In fact, the vast majority of CIOs (76 percent) in 2020 reported increased collaboration and communication with local governments in the last year,” the survey states.
State CIOs were asked by the survey, “What services does the state CIO organization offer to local governments?” They responded:
- Network services, 59%
- Data center hosting, 55%
- Geographic information systems, 50%
- Telephony, 48%
- Security, 48%
In summarizing New Jersey’s approach to collaboration, Geraghty suggests, “Focus on what your customers need rather than what you as an organization want to build.”
Check out more coverage from the NASCIO Annual 2020 conference, and follow us on Twitter at @StateTech, or the official conference Twitter account, @NASCIO, and join the conversation using the hashtag #NASCIO20.