NASCIO Urges Adoption of State Government Cyber Security Bill

The pilot grant program is authorized at $25 million a year for 2 years and the maximum a state can receive is $3 million.

by / September 12, 2008

The National Association of State Chief Information Officers (NASCIO) annnounced it supports and urges adoption of the new cyber security bill announced by Senator Coleman of Minnesota. In an effort to protect state governments and their residents from the daily barrage of attacks that threatens their cyber infrastructure and sensitive personal information, Coleman introduced the State Cyber Security Protection Act of 2008 on September 10.

This legislation establishes a State Cyber Security Pilot Program within the Department of Homeland Security to provide money to strengthen cyber security within state governments. The pilot grant program is authorized at $25 million a year for 2 years and the maximum a state can receive is $3 million. The program also stipulates that funds must be spread around to states with varying population levels to ensure both large and small states receive these resources.

"While there has been a tremendous amount of focus on protecting the federal government's cyber infrastructure, I am concerned that not enough attention is being paid to protect state governments against highly sophisticated, unseen enemies," said Coleman. "States collect and maintain a large amount of personal information from their residents such as Social Security numbers, driver's license numbers, as well as medical and housing information. Effective cyber security is essential in preserving the privacy of personal and sensitive information and protecting federal programs administered by the state using this information."

Coleman added, "We should be encouraging state governments to work hand in hand with the federal government and collaborate in cyber security protection, recovery and restoration and this legislation will further allow them to do just that. It is in everyone's best interest to ensure state governments can effectively serve their citizens by ensuring their cyber resources are secure, protected and continually upgraded."

"The National Association of State Chief Information Officers (NASCIO) has been making the point for a number of years that Homeland Security cannot be maintained unless the IT and network infrastructure of the nation are secure and remain reliable. State IT networks and systems form a critical part of that larger infrastructure, and that being the case, the funds made available through the Pilot Program are extremely important to the states and state CIOs," said Gopal Khanna, CIO, State of Minnesota and NASCIO Vice President.

"We commend Senator Coleman for his leadership in recognizing the need for and promoting cyber security best practices, innovation, and knowledge transfer in the states through the Cyber Security Pilot Program. Giving states the opportunity to compete for resources to demonstrate improving their cyber security capabilities and footing is greatly appreciated," said John Gillispie, CIO, State of Iowa and NASCIO President.

According to NASCIO, the cyber infrastructure that enables state government to both conduct business and protect federal programs administered by the state is under attack each day by external and internal threats. This cyber infrastructure includes electronic information and communications systems, and the information contained in those systems. These threat vectors continue to grow in numbers, as well as severity. Today's cyber security threats directed at state governments are characterized as:

  • Constantly evolving due to rapidly emerging technologies
  • Growing ever more sophisticated, target-specific and virulent
  • Disruptive and profitable by organized crime and a preferred method for generating income through cybercrime activities
  • Increasing geopolitical and criminal exploit attempts directed against states
  • Escalating internal threats as data becomes increasingly mobile and employees are unwittingly lured to release sensitive information into the public domain.

Two years ago the state of Minnesota instituted their Enterprise Security Program and developed a 19-point plan to dramatically increase the state's security infrastructure. The state designed and installed some enterprisewide security detection equipment that addresses some of the most pressing threats identified in this plan. The state also built a sophisticated vulnerability and threat management system to

perform regular vulnerability scans of all 152,000 information technology assets in state government and the colleges of Minnesota State Colleges and Universities. At this time, nearly all laptops and portable media devices are now encrypted (containing non-public data) through new standards and software.

Previously, Coleman joined Susan Collins (R-ME), ranking member of the Senate Homeland Security and Government Affairs Committee, in sending a letter to all 24 federal agencies requesting a timeline of when they will meet the recommendations put in place by the Office of Management and Budget (OMB) for increased cyber-security. Following the Department of Veteran's Affairs breach last year that put millions of veteran's personal information at risk, OMB directed federal agencies to implement five security protocols. Coleman, Ranking Member of the Permanent Subcommittee on Investigations, requested the Government Accountability Office (GAO) to conduct a government-wide review of current cyber-security policies and practices. GAO's consequent report revealed that most of the agencies examined have not employed all of OMB's recommendations.