‘Response’ toughest part of cybersecurity, says Wisconsin CIO

For Wisconsin state information technology officials, responding is the hardest part of  the popular cybersecurity framework provided by the National Institute of Standards and Technology. Among the five components of the framework — identify (risk), protect, detect, respond and recover — the state’s CIO, David Cagigal says resource challenges make response tough.

“Those first three are pretty easy for all of us,” Cagigal says in a video interview. “It’s No. 4, where we’re asked to respond, that’s where it really becomes more difficult and resource-constrained.”

Yet Wisconsin is doing a good job responding, he says, both at the state and local government levels. Local government is the “weakest link” for cybersecurity, Cagigal says, owing to local governments’ lack of resources and support.

“Some say they’re the have-nots,” Cagigal says. “Through no fault of their own. They don’t have the funding or the skills and the talents to be able to combat the sophistication of the attacks at the frequencies they’re occurring.”

Cagigal says he plans to ask for more funding for cybersecurity but that there are challenges in measuring how much funding is appropriate.

“How does the State of Wisconsin compare to the other 49 states? And it’s a difficult comparison because how do you measure the effectiveness of cybersecurity?” he says

On top of keeping cybersecurity operations tight, the state must also think into the future, constantly updating its cybersecurity workforce and opening new pathways for young talent to enter the state government. In Wisconsin, this often takes the form of partnerships with local universities, Cagigal says.

“We’re working aggressively very hard with the local schools in the college levels, interning both the public and private, taking the responsibility not only for the state but for some of our private partners to help facilitate and nurture the interest in cybersecurity as a profession,” he says.

Cagigal on his top priorities:

“Certainly cybersecurity would be number one, [and] probably number two and number three.”

Cagigal on how he sees his role changing with emerging technology:

“It is becoming fast-paced. As you look at consumer technology, the expectations of IT delivery are enormous. Any state, local or federal government is slow to respond because we have an enormous responsibility of security, disaster recovery and making sure that we’re protecting our information.”

These videos were produced by StateScoop at the National Association of State Chief Information Officers’ midyear conference in National Harbor, Maryland, in May 2019.