CISOs underscore need to organize centrally around cyber

State information security officials need to better organize around their roles, responsibilities and weaknesses when fighting cyber threats, experts said.

SALT LAKE CITY — Chief information security officers need to find ways to better embrace their roles and invigorate government staffers in other departments, according to members of a panel at the National Association of State Chief Information Officers’ annual conference Wednesday.

“We have to start thinking about security in every silo, and we’re starting to weave the thread through,” Danielle Alvarez, Florida’s chief information security officer, said.

But breaking down those silos remains a challenge in some areas, said New Jersey CISO Bill Essner said. One of Essner’s main efforts was to find a way to automate the cyber information sharing process through the state’s newly established information sharing and analysis organization, which was established through NJCCIC — New Jersey Cybersecurity and Communications Integration Cell. If states can share cybersecurity information and data effectively across state borders, it could help them improve the cyber environment in their own state — whether it’s siloed or not, Essner said.

“For incident reporting, we want all citizens in New Jersey to respond to an incident and report it” to the NJCCIC, Essner said. “But our focus is not just on New Jersey. We want to sit down with everyone and figure out how to automate this process.”


Meanwhile, Mark Raymond, the chief information officer for Connecticut, said increases and advancements in technology have made it difficult for government IT officials to keep up with cybersecurity.

“The increased focus on security is something that’s very difficult to catch up on and to stay on top of,” Raymond said. “We’re trying to deal with the complexity to make sure we remain safe when everything around us is changing at such a rapid pace.”

During the discussion, NASCIO released a CISO report offering ways to maximize the potential of CISOs. CISOs, it says, should aim to be effective communicators and strategists. The report also recommends that CISOs report directly to the CIO, and that they focus on building the state’s cybersecurity strategy and policy.

For the report, NASCIO surveyed 47 states — 44 of which have active CISOs. All 50 states have a position at the state level with the CISO title, the report said.

Echoing members of the panel, state CISOs in the report identified budget constraints as one of their top challenges in the survey’s “advice from the trenches” section.


“State CISOs are faced with the same challenges as private sector CISOs,” Josh Spence, West Virginia’s state CISO said in the survey. “But typically, [states] have fewer resources at their disposal.”

Latest Podcasts