Poppy Mills/NDDOT
The Peace Garden State’s new CISO was appointed in July to lead on state cybersecurity priorities. As a shifting federal government strategy moves some security responsibilities to states, a whole-of-state approach to cybersecurity is gaining ground across the U.S.
Gergen has been with North Dakota Information Technology (NDIT) for more than five years, and with the state government since 2012, giving him institutional knowledge of systems and interagency dynamics, he said. The new CISO was part of the team that helped stand up the state’s cyber operations center, and he previously worked with the Bank of North Dakota — which state officials say is the only state-owned bank in the U.S.
This history also provides him with the technical experience and background to better understand the strategic and day-to-day security needs of North Dakota government.
“I think it’s that familiarity — with the people, the teams, the systems, some of the challenges that we deal with — that are going to give me more of a day-one readiness that's going to be crucial for the job,” he stated.
Gergen will lead North Dakota's whole-of-state strategy in the CISO role. The state is uniquely positioned to support statewide security as part of this approach with STAGEnet, the statewide network created by the 1999 legislative session. The network provides Internet access and other services; all state agencies, colleges and universities, local governments, and K-12 entities are required to be on it.
“So, anything we can do to help them improve their security posture collectively improves the security of that network and of the state of North Dakota as a whole,” Gergen said.
Having all these entities working on that network has enabled state officials to more effectively and efficiently manage cybersecurity, Gergen said; a decentralized environment may lead to fragmented threat monitoring, resulting in delayed response. There could also be challenges with inconsistent security policies and standards. Having a centralized approach to cybersecurity also helps state officials better support smaller entities in the state that may have limited cybersecurity resources.
The state provides various cyber services to North Dakota local governments and educational institutions, including endpoint protection, vulnerability management, cybersecurity maturity assessments, and security awareness training.
“North Dakota has a reputation for kind of being a pioneer for the whole-of-state cybersecurity approach,” Gergen said, touting the legislation that helped the state lead on this approach early.
The CISO’s initial priorities are modernization and investment in tools that will help the state identify and respond to threats more efficiently. Currently, officials are working to centralize systems into one modern platform for enhanced endpoint security that will enable more automation, and eventually, will allow for AI-enhanced monitoring.
Education, especially around the evolving threat landscape, is also a key priority. Gergen’s team recently created guidance to help state officials better understand the risks related to deepfake media, with plans to make that guidance more widely available. AI-generated deepfakes are one piece of this evolving landscape.
Adversaries are already using AI, Gergen emphasized, so it is important to try to mirror that from a defense side by leveraging AI for anomaly detection and response automation. This is something state officials are exploring. The state is looking to build AI literacy among leadership and elsewhere.
“I see IT as an enabler of business, and I honestly see cybersecurity as an enabler of business,” Gergen said, underlining that the state’s centralized approach positions officials to support state agencies and other North Dakota entities.
The state’s collaboration goes beyond NDIT working with other public entities in North Dakota, though; officials have established a partnership with more than 10 states across the U.S. through their multistate Joint-Cybersecurity Operations Command Center, to share threat intelligence. As a long-term goal, these states aim to offer one another support in times of crisis, which Gergen underlined will be especially important due to recent changes in federal support.
“I think it’s going to be very, very, very important for that interstate collaboration to continue to grow,” he said.
