The state chief information officer says his team is eschewing the traditional executive branch focus with an eye on the entire enterprise.
As the threat landscape continues to change across state government, so does the breadth of the information technology department’s purview across the enterprise, says Jim Smith, chief information officer for the State of Maine, in a video interview from the National Association of State Chief Information Officers midyear conference in April.
“The difference on cybersecurity is where, really, before it was an executive branch exercise, now it’s a statewide exercise,” Smith says.
Collaboration on cybersecurity involves the state’s National Guard branch, the emergency management department, universities across the state, and other branches of government in Maine.
The state also needs to serve as a leader and an adviser to the private sector, Smith says.
“We’re saying not only do we have to protect the executive branch information, we have to help small business and citizens protect their assets,” Smith says. “You’ve got protection, cybersecurity, disaster recovery, business continuity — it’s a challenge because administrations change and commissioners change, so that’s a long-term strategy.”
But for Smith, the philosophy comes down to “protect what we have.”
In Maine, the Office of Information Technology sits under the Department of Administrative and Financial Services, where Smith has served as state CIO since 2012.
Paul Sandlin, the state’s associate CIO, says in the same interview that even though he and other Maine officials are proud of their information security efforts, cybersecurity remains a challenge due to the unpredictable nature of evolving threats.
“There simply is no security," Sandlin says. "We can build the walls, we can make them stronger, we can fortify it and so forth, but we’re never going to get to the place where we have absolutely confident that we’re completely safe. It’s hard for me when we have cyber conversations because I’m thinking, ‘We need to go to school, we need to change the way we think, we need social change in order to be able to [become more secure].’”
In addition to cybersecurity, Maine continues efforts to implement an agile methodology into operatations, Smith says.
“Things are moving faster now than they ever were," he says. "I think if we look at things like agile, and you think of agile as a product manager, that’s really a cultural change. It’s organizational change.”