Following work with the National Governors Association and a five-month cybersecurity task force, Kansas has greatly improved its cybersecurity collaboration compared to a year ago, state Chief Information Technology Officer DeAngela Burns-Wallace told StateScoop in an interview Friday.
As is the case in many states, Kansas’ state government is engaged with the private sector, local governments and federal agencies to better understand the threats they face, particularly following Russia’s invasion of Ukraine this year, which was accompanied by threats against U.S. infrastructure. Burns-Wallace said that the NGA policy academy and new insights gleaned from Gov. Laura Kelly’s cyber task force made it easier to find cyber resources when events like the invasion of Ukraine occur, but they also alerted officials, including herself, to ripe opportunities they hadn’t been exploiting.
“The power of [the task force] really was having the stakeholder’s voice across the state, different sectors and creating opportunities for collaboration,” Burns-Wallace said. “One of the most powerful things that we found is there’s a lot of work happening across the state of Kansas. We had a lot of synergy in different places. What we didn’t have was a full understanding of our landscape and a level of coordination and collaboration that we actually believe can help move the needle in strengthening our cybersecurity stance.”
The task force wrapped up last December, delivering to Kelly a report with 41 recommendations — 17 of them deemed “critical.” Topping the list were recommendations to identify short-term and long-term governance models to continue a “whole-of-state” approach to protecting networks and data. It also called for new cyber roles, such as a “cyber navigator” or “cyber liaison” responsible for coordinating between public and private organizations.
“Because we opened up these lines of communication, both for those that were sitting on the task force as well as other partners and entities that we brought in, it has made the ability to share information and to leverage resources I would say 10-fold,” Burns-Wallace said.
Participating in NGA’s policy academy, she added, helped accelerate the work of the cybersecurity task force, which she estimated might have taken a year to complete otherwise.
“NGA really helped bring key best practices to the table, bring other states and their models to the table as we were thinking about it and understanding what was going on in Kansas,” she said.
She also mentioned the frequent communications the Cybersecurity and Infrastructure Security Agency sends to state and local governments, reminding them to share information about the potentially malicious activity they’re seeing on their networks. Whether it’s notifying of an emerging threat or sharing a webinar, Burns-Wallace said Kansas is doing more.
“We’re leveraging into that so that if we are seeing any type of activity that we’re trying to ensure across the state that we are sharing that in a way that we can be proactive and leverage some of our resources into in accordingly,” she said. “It is a different place than we were, say, a year ago in that level of communication and coordination.”