The state has been consolidating IT in recent years to support evolving technology needs under the leadership of CIO and Information Technology Services (ITS) Administrator Alberto Gonzalez, and with an array of technology advances.
Officials recently held Cyber Discovery 2025, a coordinated exercise in which participants defend the state against simulated cyber incidents. The exercise, May 16-June 12, pitted one team implementing “controlled attacks” on state infrastructure against another focused on threat detection. The yearly event, which started in 2022, is a partnership with the Idaho Army National Guard and involves state and local government entities, college students, and military personnel. Participation is open to other state national guards, too.
It's a training opportunity for both the state and the cyber programs within the military, Gonzalez said. While other states implement this type of training, Idaho’s approach is different, he said — using a “true environment,” which is more realistic than a controlled training environment. Notably, participants also identified real and credible threats from other countries during the event.
“They’re finding real problems — real vulnerabilities — for the state,” the CIO said.
Courtesy of Idaho Information Technology Services.
“Our security posture is the best it’s ever been,” he said, noting that cybersecurity’s ongoing evolution requires the state to continuously stay up-to-date with the right tools, monitoring practices and training.
Idaho also recently created a threat hunting team to find abnormalities and support the ongoing work of the state’s existing cyber response group. Around 16 million attacks against the state per month are captured by automated tools; approximately 500,000 remain, and the teams can help combat those.
Separately, state officials shared information on Idaho’s cybersecurity practices at Cyber Shield, including the Cyber Discovery event and its State and Local Cybersecurity Grant Program.
Through the grant program, starting with Fiscal Year 2026, ITS will work with the Idaho National Guard and higher education to set up an apprenticeship program. The state will support 25 to 31 entities with cybersecurity assessments, including cities, counties, school districts and tribal governments. Apprentices, many of whom will be recent graduates from Boise State University or the University of Idaho, will lead remediation efforts with state oversight. Here, ITS will primarily be a cybersecurity service provider, which the grant enables the state to deliver.
Cross-sector partnership is an important piece of Idaho’s cybersecurity strategy. Leaders work closely with higher education institutions like Boise State, a university that has invested in cybersecurity and AI through an internship program. The university has gone above and beyond, Gonzalez said, but has been facing program challenges due to funding. The state partnership has enabled its work to continue with a joint approach. Now, he said, students at higher education institutions have a path to live and work in Idaho, as they can demonstrate their cyber skills with ITS or a local government entity.
As federal cybersecurity guidance is shifting, the state has the Idaho Technology Authority leading on establishing state-level tech policy. One new governance change came from House Bill 35, which passed this year. The new law requires multifactor authentication to be included as part of the security stack for all state agencies, and it provided ITS some authority over cybersecurity directives.
IDAHO IT: BEYOND SECURITY
ITS has been developing an AI framework this year to guide agencies’ use of the technologies, and it is now complete, the CIO said. Officials presented the framework to the governor’s office and the legislative AI committee in June; it is expected to be published later this month to enable “the common use of AI tools” in Idaho state government.
State technology leaders are supportive of agencies’ AI use, which Gonzalez said is why Idaho has gravitated toward guidance rather than governance — as the latter could limit agility while AI rapidly changes.
“We want to have the tools and the education for [state workers] to understand the benefits and risks associated with AI,” he said, underlining that those who want to build a large language model or use AI for productivity should be able to do so. “We just want to be part of that discussion so that we can do a data readiness and an AI readiness assessment … to safeguard citizen data in the state of Idaho.”
ITS is exploring several proofs of concept for AI, but with an eye on risk management. Gonzalez said he himself is in favor of AI but emphasized the importance of responsible use.
Data privacy has been a key priority for ITS leadership this year. ITS hired Privacy Officer Taylor Bothke, to support the work. Bothke is also serving as the Americans with Disabilities Act program manager, and will support the state’s work to meet the approaching 2026 deadline for a federal mandate that requires all digital assets be accessible to people with disabilities.
The state’s IT consolidation process carries on behind the scenes, with only one more agency remaining, Gonzalez said — the Idaho Department of Health and Welfare.
