Connecting state and local government leaders

Report: State CISOs Need to Throw Their Weight Around

 

Connecting state and local government leaders

Budgets are tight and talent is scarce, but the cyber leaders can change that with their increasing sway within governments.

State chief information security officers are better positioned to address budget and talent shortfalls in 2018, having solidified their role as government’s top cybersecurity leader in the last two years, according to a new report.

New York City-based consulting firm Deloitte and the National Association of State Chief Information Officers’ biannual survey of all 50 state CISOs and their equivalents once again found scarce resources and increasing cyber threats are their primary concern.

But among state CISOs, 63 percent reported their authority is established by statute or law—up from 49 percent two years ago.

“While CISOs and CIOs have done a tremendous job over the years developing much needed governance plans and building relationships with state leaders, the funding and talent needed to fully address cyber risk is not there,” said Srini Subramanian, state and local government risk advisory leader with Deloitte, in a statement.

CISOs can start by using their growing clout to push for dedicated cyber program funding, the report recommends. Of the survey participants, 48 percent said their state lacked a separate budget line item for cybersecurity.

Only two unidentified states reported a cyber budget increase in the last two years. Federal agencies spend a greater percentage of their IT budgets on cyber than many states, according to the report.

“In this year’s survey, emerging technology initiatives in areas such as artificial intelligence, smart enterprises (smart cities), and blockchain technology rank at the bottom of the CISO initiative list, indicating that they may not yet be a priority for CISOs,” reads the report. “To take on emerging technologies, CISOs should actively participate with state CIOs in shaping the innovation agenda, collaborate with state digital and innovation officers and lead the charge to help program leaders embrace and securely adopt new technologies.”

The survey further found state cyber teams remain small with 67 percent of CISOs reporting they oversee 15 or fewer full-time employees and 61 percent saying their staffs had competency gaps.

Private sector and higher education partnerships can help address such challenges, according to the report.

Virginia CIO Nelson Moe told Route Fifty his state takes workforce development and data security seriously and that he and CISO Mike Watson are forging both public and private partnerships to stay on top of things.

“The commonwealth is in the middle of a restructuring and sourcing program, where we’re moving from a single-provider model to a multi-provider model,” Moe said. “We hired a company, Atos, to be part of a managed security service provider, and in the December timeframe they’re going to be embedded in the actual technology stack for us helping provide support to address threats.”

Dave Nyczepir is a News Editor at Government Executive’s Route Fifty and is based in Washington, D.C.

NEXT STORY: For State CIO Leadership, Strong Communication Is More Important Than Tech Expertise