A new requirement calls for state chief information officers and chief information security officers to be included in the governance process for two influential federal grant programs.
(Inventorchris / Flickr / StateScoop)
A change revealed this week by the Federal Emergency Management Agency is expected to give state and local technology leaders a stronger voice in the governance process for national cybersecurity and emergency preparedness programs.
Guidance documents for applying to the fiscal 2018 Homeland Security Grant Program released by FEMA on Monday show there is a new requirement for greater involvement of state chief information officers and chief information security officers in the governance process. The program includes eight Department of Homeland Security grants totaling more than $1.6 billion.
Recipients of 2018 State Homeland Security Program and Urban Area Security Initiative grants "must include" their CIOs and CISOs on their Senior Advisory Committee and the Urban Area Working Group. Those groups decide where federal funds for homeland security are allocated in every state and urban area, said Tom DiNanno, who administers FEMA’s grant programs.
"This was a philosophical change this year that we were going to focus on national priorities, and one of the secretaries' priorities was cybersecurity," DiNanno said. "Previous years, [state CIOs and CISOs] had no seat at the table. This year, they have a seat at the table. It really is that simple."
With a primary goal of being prepared for disasters that range from the next California wildfires, Caribbean hurricanes or large-scale cyberattacks by a foreign actor, the FEMA programs were designed to address what DiNanno calls "a clear and existential national security threat."
Following the direction of Congress, FEMA is charged with funding up to 85 percent of nationwide risk and has designated 32 urban areas eligible for funding under the Urban Area Security Initiative.
The National Association of State Chief Information Officers issued statements on Tuesday applauding FEMA's inclusion of state technology leaders in the national cybersecurity governance process. The group says state CIOs and CISOs are "uniquely positioned" to assist state and local governments in responding to cyberattacks.
"Cybersecurity is a top priority for state CIOs," said Bo Reese, NASCIO president and CIO of Oklahoma. "Our CIO and CISO community looks forward to collaborating with our state emergency management and homeland security partners to enhance the capability of state and local governments to prepare for, protect against, respond to, recover from, and mitigate all hazards including and especially cybersecurity threats."