NASCIO: States, cities need more cybersecurity help

The Homeland Security Department needs to step up efforts to help state and local governments improve their cybersecurity environments, including providing more leadership, coordination with various programs and agencies, training and education, and other critical needs, according to several state and local government officials.

The National Association of State Chief Information Officers (NASCIO) and the Metropolitan Information Exchange, which represents municipal and county CIOs, jointly released findings from surveys they conducted of CIOs or chief information security officers (CISOs) last August.

The survey shows good and bad news about how they’re faring in security matters, including protection of information systems, the creation of policies and guidelines, enforcement, budgets and staffing, and other issues. The survey listed five high-level recommendations and 18 lower-level ones.

But in a telephone conference today, several state officials stressed that federal officials need to focus more on cybersecurity.

The federal government “neglected to make this a priority to see and understand how important it is to states,” said Denise Moore, Kansas’s CIO who chairs NASCIO’s cybersecurity committee. “We’re starting to bring that awareness more and more.”

Kansas CISO Larry Kettlewell said that although cybersecurity has been raised as an issue following the 2001 terrorist attacks, state and local officials have been waiting for better guidance from the federal government and DHS, which was formed in 2003. He said there’s been a tremendous lack of continuity at DHS.

“We will continue to try to engage DHS,” he said. “So we know who to call in Washington when there’s an incident, and they know who to call in the states and the localities.”

Generally, the survey identifies many cybersecurity shortfalls and gaps nationwide. Officials said most governments follow best practices and adhere to federal guidelines when provided with grants.

But they said that there is a loose relationship among federal, state and local officials on this issue, and that shouldn’t continue. Certain programs and agencies should have more involvement on this issue. For example, Moore said officials have underutilized the FBI’s InfraGard program and Multistate Information Sharing and Analysis Center.

She said they also need more help in combating external attacks and inside threats. They also need to issue more timely alerts. States and local officials want better training and education for their information technology employees and believe DHS’ National Cyber Security Division could help by providing fellowship programs.

Rep. Bennie Thompson (D-Miss.), who is the ranking minority member on the House Homeland Security Committee, said the federal government can create incentives to spur the private sector to develop better security products and systems, promote development of security expertise in academia and hold more cybersecurity exercises, among other things.

He said a critical need is filling the post of assistant secretary of policy for cybersecurity at DHS because a disconnect remains between among officials from state and local governments.

“The federal government is simply more than a point of contact on the issue of cybersecurity and must recognize current efforts are not up to task,” he said.

Democrats are apparently releasing a report today on cybersecurity incorporating some of the issues raised by the state and local report.