Awareness a challenge for CIOs pursuing ‘whole-of-state’ cyber
As more states open their cybersecurity initiatives and other IT services to local governments, tribal nations and educational institutions, advertising those services is emerging as a top challenge, state chief information officers said at a conference Monday.
Wisconsin CIO Trina Zanow said her state has within the past year begun pursuing a “whole-of-state” program that includes heightened communication with federal agencies, local governments and K-12 school districts. While a handful of states, notably North Dakota, have long offered cybersecurity and networking services across the public sector, Wisconsin is taking steps to join the ranks of states offering other entities access to IT services.
“We have various pillars of responsibilities, and we know it takes the entire state to help all activities we’re doing,” Zanow told StateScoop after a panel discussion at the National Association of State CIOs conference in Louisville, Kentucky. “And it helps to know who’s best at what pieces.”
Zanow said her strategy includes leaning on different agencies’ expertise: Public universities are helping with education, while the Wisconsin Department of Military Affairs is assisting with critical infrastructure defense. But pervading the effort is a challenge of advertising that services are available.
“That’s one of the reasons we changed our external-facing website, so that we can share some of that information with them so that when we come have a presentation or a discussion, we’re educating them even a little bit more before we walk into the door,” Zanow said.
Iowa CIO Matt Behrens told StateScoop that building awareness of his state’s services among smaller governments is the foremost concern of Iowa’s whole-of-state program, which includes cybersecurity and general IT services.
“We’re working hard right now on an outreach and communications push across the state just so they know what the services are, how to use them and how they can help them get better,” Behrens said.
Iowa has been offering cybersecurity support to county governments for the last seven or eight years, he said, but further expanding offerings to all public-sector across the state has required officials to think differently about their services. Iowa already runs a security operations center, but Behrens said the state’s looking to expand that capability, too.
“One of the things we’re excited about is a 24/7 SOC that can connect and provide that support to local governments,” he said. “We know that they need the help. We’re able to put together services that in a lot of instances we already have, and try to expand the value of this for everybody.”
While much of states’ assistance to local governments will come in the form of advice and guidance, states also soon plan to begin distributing grant funding: The Department of Homeland Security last month published its notice of funding opportunity for the $1 billion grant program for state and local cybersecurity included in last year’s infrastructure spending law.
And while some state IT leaders have reported that the Nov. 15 application deadline poses little concern — Colorado CISO Ray Yepes told StateScoop in a recent phone interview that his state has been ready — others are scrambling to understand the finer details of the NOFO.
“The problem with the NOFO is there’s somethings in the NOFO that actually contradict the bill and we’re trying to decipher some of that,” Zanow said.
Federal funding aside, the prevailing attitude among a growing number of CIOs is that state governments not sharing their expertise with other rungs of the public sector is no longer an option. In Wisconsin, Zanow said, the effort can be traced back several years to the formation of a cyber response team.
“We were very much focused on response and incident response, and now we said we can’t just stop there. We have to educate,” she said. “There’s a lot that’s going on. Resources are scarce across the board, so we’re trying to make sure we’re sharing ideas. We’re talking about transformation. We’re talking about compliance.”