The survey reveals 56 percent of state government CISOs are “not very confident in the cybersecurity practices of their local governments,” while another 35 percent are “only somewhat confident in the cybersecurity practices of their local governments.”
Meanwhile, only 28 percent of states have collaborated extensively with local governments, according to the survey; 65 percent reported limited collaboration with local governments.
In a NASCIO 2020 Annual Conference panel earlier in the day, North Carolina Chief Risk Officer Maria Thompson endorsed a “whole of government” approach to cybersecurity.
“A lot of times, we focus solely on the executive branch agencies,” Thompson said during her panel. “[Cybersecurity] cannot be separated by the branches, including the legislative and judicial. We are missing something if we don’t consolidate those from the security perspective.”
Bad actors “relish” the separation between government agencies and the lack of holistic monitoring across the enterprise, Thompson said. “A whole-of-state approach is needed to bring those pieces together.”
A whole-of-state approach may augment cybersecurity at all levels of government, noted the Deloitte-NASCIO cybersecurity survey.
“Many states offer a variety of services that are available to local governments and public education entities, including incident response, security management operations, network and infrastructure, strategy, governance and risk management. Yet only 27 percent of states provided cybersecurity training to these entities last year,” the survey notes.
The survey advocated improving adoption of those services through awareness campaigns, cybersecurity summits and workshops.