Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

NLC Congressional City Conference

advertisement 
NLC Congressional City Conference:
Status of Cybersecurity with States
and Congress
 National association
Pamela Walker, Director of Government Affairs
National Association of State Chief Information Officers
 Fiscal recovery uneven, slow
revenue growth, budgets are
better, federal deficit reduction
impact?
 CIOs seeking IT operational cost
savings and alternative IT sourcing
strategies
 Opportunities for change and
innovation
 Living with the past - modernizing
the legacy
 IT security and risk! Game has
changed
 IT workforce: retirement wave,
skills, recruiting
 State CIO positions – major churn
State IT
Landscape
Today
CIO Priorities, Trends
and Perspectives
State CIO Priorities for 2012
1. Consolidation / Optimization: consolidating infrastructure and services, centralizing
2. Budget and Cost Control: managing budget reduction, strategies for savings
3. Governance: improving IT governance, authority, data governance, partnering, collaboration
4. Health Care: Affordable Care Act, health information and insurance exchanges, architecture,
partnering, implementation, technology solutions, Medicaid systems
5. Cloud Computing: governance, service management, service catalogs, platform, infrastructure,
security, privacy, data ownership, legal issues, vendor management
6. Security: risk assessment, governance, budget and resource requirements; security frameworks,
data protection, training and awareness, insider threats, third party security
7. Broadband and Connectivity: strengthening statewide connectivity, public safety wireless
network/interoperability, implementing BTOP grant
8. Shared Services: business models, sharing resources, services, infrastructure, independent of
organizational structure, service portfolio management
9. Portal: maturing state portal, e-government, single view of the customer/citizen, emphasis on
citizen interactive self-service, mobile apps, accessibility
10. Mobile Services/Mobility: devices, applications, workforce, security, policy issues, support,
ownership, communications, wireless infrastructure
Source: NASCIO State CIO Survey, October 2011
Cybersecurity in the States








Critical infrastructure protection
More aggressive threats – organized crime,
unorganized crime, hacktivism
Spam, phishing, hacking, and network
probes up
Data breaches – trust impact
Insider threats, third party
Executive support
Inadequate funding
Need more training, awareness
Growing IT Security Risks in the States









Protecting legacy systems
Expansion of wireless networks
Adoption of cloud services
Online transactions
Use of social media platforms
Mobile devices and services
Use of personally-owned devices (BYOD)
Miscellaneous devices (USB, digital cameras, MP3
players, etc.)
Third-party contractors and managed services
What are your State’s top five IT
security initiatives?
1. Data Protection
2. Information Security Risk
Assessments
3. Information Security Training and
Awareness
4. Application Security
5. Information Security Measurement
and Reporting
Lack of management support
10%
Lack of executive support
25%
Lack of support from business stakeholders
38%
Lack of clarity on mandate, roles and responsibilities
25%
Conflicting federal rules and requirements
6%
Lack of sufficient funding
88%
Lack of procurement oversight and control
19%
Lack of visibility and influence within the enterprise
38%
Lack of an information security strategy (i.e., shifting …
15%
Inadequate availability of security professionals
40%
Inadequate competency of security professionals
13%
Lack of State sector focused laws and regulations
10%
Lack of documented processes
17%
Lack of legislative support
23%
Increasing sophistication of threats
56%
Emerging technologies
21%
Inadequate functionality and/or interoperability of …
23%
Other
Not applicable/Do not know
15%
0%
What major
barriers does
your State face in
addressing
information
security?
Today’s State IT Workforce:
Under Pressure
 State CIOs say 21 - 30 % of state
IT employees eligible for
retirement within the next five
years
 Fiscal stress - hiring freezes and
elimination of vacant positions
 Nearly two-thirds say they
anticipate having to reduce IT
staff
 IT Security positions are difficult
to recruit and retain
Challenges Recruiting IT Security
Professionals
Skills and disciplines that present a
challenge to fill
52.4%
Secuity
Project
Managem ent
50.0%
App & Mobile App
47.6%
Architecture
47.6%
Analysis and
Design
40%
42.9%
45%
50%
55%
Comparison of total percentage of responses
Source: NASCIO State IT Workforce: Under Pressure, January 2011
Business objectives
Governance
Acquisition strategy
Jurisdictional issues
Security and privacy
concerns
Policy and legal issues
Exit strategy
Social Media: Connecting Citizens,
Presenting Risks
Social media adoption rates are broad across
state governments - 98% use free social media
tools on hosted, third party platforms. Social
media pose challenges to states in the areas of:
security
legal issues with Terms of Service
privacy
records management
acceptable use
NASCIO Cybersecurity Call to Action
Key Questions for State Leaders
 Have you created a culture of information security in your
state government?
 Have you adopted a cybersecurity framework, based on
national standards & guidelines?
 Have you acquired continuous vulnerability management
capabilities?
 Have you documented the effectiveness of your cybersecurity
with metrics and testing?
 Have you developed security awareness training for workers
and contractors?
Looking Ahead:
Leveraging
Looking
Ahead State Assets






 DHS, MS-ISAC and NASCIO
collaboration
NCSR
More IT consolidation,
shared– services
 More
intra-state
inter-state
Outsourcing: more
steering,
lessand
rowing
collaboration; state homeland
IT implications ofsecurity
healthcare
reform
advisors
Demand for performance,
results
 State Centers
of Excellence for cyber
education locals?
& research
Extending the enterprise:
 Funded
research,
Massive collaboration
- Web
2.0 scholarships,
internships
 Sharing best practices, recognition
More Administrative
Flexibility Needed
for States
Secure and Protect
Citizen Data and
State Digital Assets
Support the
Adoption and
Expansion of the
National Information
Exchange Model
(NIEM)
Support State Role in
Identity
Management and
Verification
Solutions
NASCIO 2012 Federal Advocacy Priorities
Congress and Cybersecurity
 The Cybersecurity Act of 2012 (S. 2105) introduced by Sens.
Lieberman and Collins
 Strengthening and Enhancing Cybersecurity by Using
Research, Education, Information, and Technology Act of 2012
or ‘‘SECURE IT” (S. 2151) introduced by Sen. McCain
 Focus on critical infrastructure, information sharing, FIMSA
reform, cyber workforce and international cooperation.
 House taking a piecemeal approach.
Connect with...
nascio.org
facebook.com
linkedin.com
youtube.com/nasciomedia
twitter.com/nascio
Related documents
Read Key Cybersecurity`s full description of
Read Key Cybersecurity`s full description of
ARS Results
ARS Results
Cybersecurity Strategy Brief to ITC
Cybersecurity Strategy Brief to ITC
BroadBand Building Future Skills for National Security and Business
BroadBand Building Future Skills for National Security and Business
Improving Critical Infastructure Cybersecurity
Improving Critical Infastructure Cybersecurity
Enterprise Architecture Maturity Model
Enterprise Architecture Maturity Model
Download
advertisement