Best practices for cyberleaders anticipating administration changes this November.
Which candidate will win the election? How will cybersecurity strategies change locally? What technology projects will be funded, or cut, or mothballed? How can we prepare for the unknown? Can I move up, or back, or over, or into an incoming administration leadership role?
These are just a few of the hundreds of questions that are being asked in governments all over the country as we head toward Election Day 2018. The number of open and contested gubernatorial election races this year is staggering. Change is in the air, and there will certainly be new governors, mayors, legislators, commissioners and more coming soon to a government near you.
Regardless of their political leanings, civil servants in government technology and security roles are anxiously preparing for their new leaders to arrive. Those who have been through executive transitions before expect new visions with fresh goals and modified definitions of success.
So what can we learn from similar situations in the past? Are there best practices to help prepare for the future? Absolutely.
Back in 2002, change was also in the air. Michigan Gov. John Engler was term-limited, and we knew that new leadership would be arriving after the votes were in.
Our Michigan cybersecurity team started working on the Secure Michigan Initiative in May 2002, with a full-court press to build a strong cybersecurity plan by Election Day. Despite losing staff to early-outs, we organized an enterprisewide cyber-risk assessment based on the latest NIST guidance. Our results made the case for new funding for cyber, including prioritized project lists with costs and benefits identified.
When Democratic Gov. Jennifer Granholm was elected, we presented the plan to top cabinet leaders. After initial disappointments, our new CIO Teri Takai, along with our new Homeland Security Advisor Brigadier Gen. Michael McDaniel, saw the benefits and provided grant funding for cybersecurity projects, even as other programs were getting cut. We implemented the majority of that IT security plan within the two terms that Granholm served.
A similar list of questions was formed prior to Republican Rick Snyder becoming Michigan’s 48th governor in the 2010 election. As in most states, a formal transition plan was prepared to brief the incoming team on current IT projects and plans.
But our technology leaders went further, proposing a bold set of new cybersecurity strategies that would help shape the Snyder administration’s priorities based on needed cyberprotections. Snyder not only embraced these security ideas once elected, he expanded them. He championed the Michigan Cyber Initiative for eight years.
So what can help prepare your cyberagenda for the incoming transition team and beyond?
Don’t give up. Realign, reprioritize and reassess your cyberstrategy as necessary when new information becomes available. Our initial requests in 2003 were met with blank stares. But persistence led to grant funding and more resources applied to cybersecurity.
Cybersecurity is a (rare) bipartisan issue. No public leader wants to be the victim of a cyberattack that paralyzes government. Be proactive and position your team to have the right cybersecurity projects that are “shovel-ready.”