As more than two dozen gubernatorial administrations across the U.S. set their agenda, state CIOs are reminding them of the critical need to improve cyber-security.
The National Association of State Chief Information Officers sent a “call to action” last week to the new governors that outlines the plethora of challenges and risks pertaining to cyber-security in state government.
“With 26 new administrations, it’s imperative that new governors and other state policy leaders be aware of the cyber-security threats that states face on a daily basis.” said Kyle Schafer, NASCIO president and West Virginia CIO, via a statement. “This call to action is meant to assist state leaders in understanding the threats and developing appropriate process and policy to mitigate risks.”
The document outlines a five-point summary of present challenges, which include administrations turning more often to IT solutions as a means to improve efficiency amid fiscal crises. But personal information continues to be at risk, as state networks are being attacked on a daily basis, according to NASCIO.
The association said an enterprise model for cyber-security is the preferable approach, no matter the state’s governance structure. A culture of security must be created across the government, according to NASCIO. “The most effective cyber-security programs produce accurate assessments of the risks associated with each system the government maintains, and for the network as a whole,” the paper said.
The call to action said one bright spot is that tight budgets are creating opportunities to improve states’ cyber-security postures by “baking” it into restructured departments and new processes. Furthermore, the federal government is realizing that states need more money to address cyber-security gaps. The U.S. Department of Homeland Security will do assessment of states cyber-security in fall 2011, according to NASCIO.
Finally, NASCIO urges the new governors to consider some basic questions: