The National Association of State Chief Information Officers (NASCIO) annnounced it supports and urges adoption of the new cyber security bill announced by Senator Coleman of Minnesota. In an effort to protect state governments and their residents from the daily barrage of attacks that threatens their cyber infrastructure and sensitive personal information, Coleman introduced the State Cyber Security Protection Act of 2008 on September 10.

This legislation establishes a State Cyber Security Pilot Program within the Department of Homeland Security to provide money to strengthen cyber security within state governments. The pilot grant program is authorized at $25 million a year for 2 years and the maximum a state can receive is $3 million. The program also stipulates that funds must be spread around to states with varying population levels to ensure both large and small states receive these resources.

"While there has been a tremendous amount of focus on protecting the federal government's cyber infrastructure, I am concerned that not enough attention is being paid to protect state governments against highly sophisticated, unseen enemies," said Coleman. "States collect and maintain a large amount of personal information from their residents such as Social Security numbers, driver's license numbers, as well as medical and housing information. Effective cyber security is essential in preserving the privacy of personal and sensitive information and protecting federal programs administered by the state using this information."

Coleman added, "We should be encouraging state governments to work hand in hand with the federal government and collaborate in cyber security protection, recovery and restoration and this legislation will further allow them to do just that. It is in everyone's best interest to ensure state governments can effectively serve their citizens by ensuring their cyber resources are secure, protected and continually upgraded."

"The National Association of State Chief Information Officers (NASCIO) has been making the point for a number of years that Homeland Security cannot be maintained unless the IT and network infrastructure of the nation are secure and remain reliable. State IT networks and systems form a critical part of that larger infrastructure, and that being the case, the funds made available through the Pilot Program are extremely important to the states and state CIOs," said Gopal Khanna, CIO, State of Minnesota and NASCIO Vice President.

"We commend Senator Coleman for his leadership in recognizing the need for and promoting cyber security best practices, innovation, and knowledge transfer in the states through the Cyber Security Pilot Program. Giving states the opportunity to compete for resources to demonstrate improving their cyber security capabilities and footing is greatly appreciated," said John Gillispie, CIO, State of Iowa and NASCIO President.

According to NASCIO, the cyber infrastructure that enables state government to both conduct business and protect federal programs administered by the state is under attack each day by external and internal threats. This cyber infrastructure includes electronic information and communications systems, and the information contained in those systems. These threat vectors continue to grow in numbers, as well as severity. Today's cyber security threats directed at state governments are characterized as:

  • Constantly evolving due to rapidly emerging technologies
  • Growing ever more sophisticated, target-specific and virulent
  • Disruptive and profitable by organized crime and a preferred method for generating income through cybercrime activities
  • Increasing geopolitical and criminal exploit attempts directed against states
  • Escalating internal threats as data becomes increasingly mobile and employees are unwittingly lured to release sensitive information into the public domain.

Two years ago the state of Minnesota instituted their Enterprise Security Program and developed a 19-point plan to dramatically increase the state's security infrastructure. The state designed and installed some enterprisewide security detection equipment that addresses some of the most pressing threats identified in this plan. The state also built a sophisticated vulnerability and threat management system to