Governors hear from security officials, state CIOs about cyber security

Although the headline was lost among budget cuts, state capital protests and public sector layoffs, efforts to gin up interest in cyber security during the National Governors Association Winter Meeting last weekend were heard loud and clear. Calls from the National Association of State Chief Information Officers (NASCIO) and a briefing by General Keith Alexander, Commander of the U.S. Cyber Command, helped governors remember how important their digital infrastructure is in the electronic age.

According to a report released ahead of NGA’s Winter Meeting, NASCIO issued a “call to action” to help spotlight cyber security risks and the policies needed to help mitigate those risks.

Last September, NASCIO and Deloitte issued a survey, finding many states lack the proper resources to adequately protect some of their citizen’s most personal information. The NASCIO / Deloitte survey also found that internal and external threats to personal identifiable and personal health information are growing.

CivSource spoke with Srini Subramanian director of state government security and privacy services at Deloitte about the survey and what states can do to overcome cyber security challenges. In an interview, Subramanian said most states have a documented cyber security strategy but there are significant challenges with execution. Subramanian noted that in many cases, state CISOs rarely even have the authority to get started. “Too many state CISOs have only dotted line relationships within agencies, giving them no real connection to what’s happening with information security,” Subramanian said. “States that establish CISO authority through statute can create more effective outcomes.”

Kyle Schafer, NASCIO president and West Virginia CIO said the call to action was meant to help state leaders understand the threats and the need to develop appropriate processes and policies.

Meanwhile, NGA Winter Meeting attendees who participated in a meeting of the Special Committee on Homeland Security and Public Safety heard General Keith Alexander, Commander of the U.S. Cyber Command and other federal leaders echo these calls for action, telling governors they needed to better protect their computer networks and electronic systems. Specifically, General Alexander briefed the governors on a partnership between U.S. Cyber Command, the National Security Agency and the Department of Homeland Security and showed how a similar partnership among states and state agencies could be utilized in the event of a cyberattack.

“Threats such as identity theft, network viruses, loss of sensitive information and other malicious activity are part of the ever evolving world of cyber information and communications,” Maryland Gov. Martin O’Malley said after the meeting.

“As public servants, we Governors have a responsibility to protect their citizens’ safety and work together with our corporate partners to defend our nation’s digital infrastructure, ensuring that private networks that control financial systems, electrical grids and communications systems are secure.”