5 Cybertransition Tips for Incoming Administrations

Which candidate will win the election? How will cybersecurity strategies change locally? What technology projects will be funded, or cut, or mothballed? How can we prepare for the unknown? Can I move up, or back, or over, or into an incoming administration leadership role?

These are just a few of the hundreds of questions that are being asked in governments all over the country as we head toward Election Day 2018. The number of open and contested gubernatorial election races this year is staggering. Change is in the air, and there will certainly be new governors, mayors, legislators, commissioners and more coming soon to a government near you.

Regardless of their political leanings, civil servants in government technology and security roles are anxiously preparing for their new leaders to arrive. Those who have been through executive transitions before expect new visions with fresh goals and modified definitions of success.

So what can we learn from similar situations in the past? Are there best practices to help prepare for the future? Absolutely.

Learning from the Past

Back in 2002, change was also in the air. Michigan Gov. John Engler was term-limited, and we knew that new leadership would be arriving after the votes were in.

Our Michigan cybersecurity team started working on the Secure Michigan Initiative in May 2002, with a full-court press to build a strong cybersecurity plan by Election Day. Despite losing staff to early-outs, we organized an enterprisewide cyber-risk assessment based on the latest NIST guidance. Our results made the case for new funding for cyber, including prioritized project lists with costs and benefits identified.

When Democratic Gov. Jennifer Granholm was elected, we presented the plan to top cabinet leaders. After initial disappointments, our new CIO Teri Takai, along with our new Homeland Security Advisor Brigadier Gen. Michael McDaniel, saw the benefits and provided grant funding for cybersecurity projects, even as other programs were getting cut. We implemented the majority of that IT security plan within the two terms that Granholm served.    

A similar list of questions was formed prior to Republican Rick Snyder becoming Michigan’s 48th governor in the 2010 election. As in most states, a formal transition plan was prepared to brief the incoming team on current IT projects and plans.

But our technology leaders went further, proposing a bold set of new cybersecurity strategies that would help shape the Snyder administration’s priorities based on needed cyberprotections. Snyder not only embraced these security ideas once elected, he expanded them. He championed the Michigan Cyber Initiative for eight years.

5 Cybertransition Tips

So what can help prepare your cyberagenda for the incoming transition team and beyond?

• Do your homework. Know your enterprise’s people, process and technology strengths and weaknesses. Use existing strategies, audit findings, risk assessments, penetration tests, phishing simulation results and more to prepare your proposals.
• Segment your plans. Not everything can get done at once. Offer 100-day milestones, along with six-month, one-year, two-year and four-year deliverables. Show past successes, but realize that the new team will want to highlight new opportunities addressing emerging cyberthreats.   
• After Election Day, know the incoming team’s plans for tech and cyber. Who was on the bus with the governor-elect? What do their speeches and website say about technology and cybersecurity? Adjust proposals accordingly.
• Get on the “boats that are leaving the dock.” I often hear that “there is no money.” But resources are always being allocated to something. Align plans with the new leadership’s priority technology projects and join those efforts.

Don’t give up. Realign, reprioritize and reassess your cyberstrategy as necessary when new information becomes available. Our initial requests in 2003 were met with blank stares. But persistence led to grant funding and more resources applied to cybersecurity.  

Cybersecurity is a (rare) bipartisan issue. No public leader wants to be the victim of a cyberattack that paralyzes government. Be proactive and position your team to have the right cybersecurity projects that are “shovel-ready.”