CYBERSECURITY -- NASCIO President Craig Orgeron said state CIOs met this week with federal officials on strengthening cybersecurity collaboration between the two levels of government. Key topics of conversation included how to implement the newly released National Institute of Standards and Technology (NIST) cybersecurity framework in state governments and how to broaden the impact of federal funding provided to states for cyberprotection.
The cybersecurity framework – officially dubbed the "Framework for Improving Critical Infrastructure Cybersecurity" – was released by the NIST in February. The 41-page framework is meant to help operators of critical infrastructure develop comprehensive cybersecurity policies. The Obama administration described the document as a "how-to" guide for the critical infrastructure community.
A statement released by NASCIO in February applauded the framework for being both consensus-based and voluntary, saying it provides states with a common platform and a common language for cybersecurity at all levels of government as well as the private sector.
On Thursday, NASCIO President Craig Orgeron said the organization is now talking with federal officials on ways to move states toward adoption of the NIST framework. “Are there incentives? And how are grant programs tied together that would move a state forward?” said Orgeron, who is CIO of Mississippi.
NASCIO also is lobbying for changes that would make it easier for states to spend federal dollars on enterprisewide cybersecurity improvements. Current federal support for state cybersecurity often is tied to specific programs that are funded by the federal government and operated by states.
“Modernizing the federal cost allocation guidelines so when those dollars do flow to states, CIOs have flexibility and you’re not really constrained in a particular funding path would be a huge step forward,” Orgeron said.
Harmonizing federal funding practices with the recommendations contained in the NIST framework could drive significant cybersecurity improvements for states, he added. “It’s an incredibly exciting time. The NIST model has been very well received.”
“Each year NASCIO recognizes an individual who has demonstrated a clear understanding for the fundamental and transformational role that IT can play in efficient and effective government operations and Dave is more than deserving of this recognition,” said Orgeron in a statement.
NOW HIRING -- With the silver tsunami predicted to impact the government workforce for the foreseeable future, states are looking for ways to attract employees to the public sector. Like in many agencies, nearly one-quarter of Maine’s IT employees are eligible to retire in the next two years. To meet the demand, the state’s Office of Information Technology is reaching out to veterans’ resources, unemployment programs and colleges to find new opportunities for hiring. “We have to look under a lot of rocks,” said Kelly Samson-Rickert, the state’s director of workforce development.
Maine started an IT internship program in January 2013, seeking to expose students to the office’s work and IT-related careers. The internships are paid positions, and the participants work for three to six months, focusing on a project or position like help desk services, cybersecurity or Web design. And the initiative is paying off — to date the state has hired 15 interns (more than 50 percent of the participants, said Samson-Rickert), with several more currently in the process of applying.