The National Association of State Chief Information Officers on Wednesday released its list of federal advocacy priorities for 2020, with three of its four ambitions focused on improving cybersecurity for state and local governments.
The group’s top priority continues to be a call for harmonizing the raft of cybersecurity regulations the federal government enforces on state governments. The often conflicting regulations and overlapping audits that result, NASCIO has argued before, are unnecessary and disruptive, drawing state technology leaders away from more pressing matters.
Matt Pincus, NASCIO’s director of government affairs, told StateScoop the organization expects the Government Accountability Office to release study results in March that may recommend the White House’s Office of Management and Budget coordinate changes in cybersecurity governance across federal agencies.
“I think we are cautiously optimistic about what GAO comes back with, but that doesn’t mean that the work is done,” Pincus said. “I think that’s when the work actually begins because this is a complex and complicated issue. [NASCIO Executive Director] Doug [Robinson] likes to say this is a 10-year problem and so I think we’re in year five of it.”
Meredith Ward, NASCIO’s director of policy and research, said that while progress has been slow, the state CIO community has always understood that changing federal regulations in giant agencies like the FBI, Internal Revenue Service and Social Security Administration wouldn’t happen overnight.
“We don’t expect that it’s going to take 48 hours to untangle everything that’s been institutionalized over the last 20 or 30 years,” Ward said.
NASCIO’s second priority is to secure regular cybersecurity funding for state and local governments, an addition to the annual list that follows a year in which ransomware attacks reached record numbers.
State and local governments alike have frequently found themselves underfunded and outmatched as threat actors develop increasingly sophisticated techniques and viruses that rely only on a single point of failure across an agency’s network. Smaller organizations, especially small towns or cities that have just one or two IT employees, and none dedicated to information security, are especially vulnerable.
“From our perspective, asking for additional resources is a two-fold step,” Pincus said. “The first is trying to influence state government to actually allocate resources in their budget that are dedicated just for cyber. We know that only about half the states are budgeting line-items for cyber and that’s obviously a concern.”
The second step, he said, is passing federal legislation that would boost funding for state and local cybersecurity, such as a NASCIO-backed bill passed unanimously by the Senate in November to create new grants and other programs to help states and localities with their cybersecurity efforts.
NASCIO is also prodding Congress to pass a bill designed to help state and local government agencies move their websites onto the .gov web domain. That bill, introduced in the Senate last October, would make it easier for non-federal entities to get on the federally administered domain, which includes security features not usually available .com or .org websites, such as active vulnerability monitoring, a round-the-clock help desk and mandatory multi-factor authentication for administrative users.
Migrating to the .gov domain is also thought to give people connecting with their government a sense of legitimacy. According to the General Services Administration, less than 9 percent of local government websites use a .gov domain.
NASCIO’s fourth and final federal advocacy priority is a request that the federal government recognize the authority of state governments in developing and testing new and innovative technologies. A NASCIO document released with its priorities names the “internet of things,” unmanned aerial systems and blockchain as emerging technologies that states have played a key role in developing as they serve as “laboratories of democracy.”
Artificial intelligence and robotic process automation are highlighted as the most important technologies to fall within this category, estimated by 65 percent of state CIOs to be the most influential technology within the next three to five years, according to NASCIO’s most recent membership survey.
“We would like the federal government to recognize what states are doing and then I think from a general principle, just to showcase some of the amazing things states are doing with the use of AI, IoT and RPA,” Pincus said. “A lot of states are trying to figure out how to use these new technologies to make citizens’ lives easier and state government websites easier to navigate.”
Minor clarifications were made to this story after publication.