CIOs to Guvs: Pay More Attention to InfosecNASCIO Call for Action Primarily Directed at New Governors
With the National Governors Association assembled in Washington this past weekend for its winter conference, the National Association of State CIOs used that gathering to issue a cybersecurity call for action, directing the attention of the governors - including 26 new ones - to a key IT security challenges states face.
"It's imperative that new governors and other state policy leaders be aware of the cybersecurity threats that states face on a daily basis." Kyle Schafer, NASCIO president and West Virginia CIO said in a statement announcing the initiative. "This call to action is meant to assist state leaders in understanding the threats and developing appropriate process and policy to mitigate risks."
States are being challenged to secure their IT systems. According to GovInfoSecurity.com's State of Government Information Security survey released in February (see Gov't Infosec Pros Question Fed's Security Resolve), a majority of state and local IT security organizations struggle to recruit and retain qualified security specialists, with a majority agreeing that the skills shortage puts their IT systems at risk.
NASCIO's own research confirms those findings. NASCIO policy analyst Chad Grant, in a recent interview (see Placing in Context Infosec Skills Gap), said the IT employment environment is being exasperated by the pending retirements of baby boomers.
NASCIO research also identities other problems states face in securing IT (see States Struggle to Find IT Security Personnel) such as that hiring freezes and elimination of vacant positions continue to be the greatest challenge for state CIOs when developing, supporting and maintaining IT services for state government.
A survey last fall by NASCIO of state chief information security officers showed that nearly nine of 10 respondents said the lack of funding proved to be the biggest barrier to securing their states' IT systems. And, nearly eight of 10 respondents said their states' IT security budgets have been cut or remained the same from the previous year (see CISOs Paint Gloomy Picture of State IT Security).