NASCIO hopes to work with feds on cyber workforce woes

The National Association of State Chief Information Officers will attempt to work with Congress and federal agencies to address government’s growing concerns about the future of its cybersecurity workforce, according to the association’s new annual list of federal advocacy priorities.

The four-item agenda, released Wednesday, outlines what state CIOs hope to get from Washington this year, as new infrastructure grant programs arise and the new Republican majority in the House brings a new era of divided government. But finding ways to improve recruitment and retention in cybersecurity is one area where NASCIO says it can make progress.

“It’s no secret there’s going to be a lot of partisan gridlock,” said Alex Whitaker, NASCIO’s director of government affairs. “We think it’s a good bipartisan issue if we’re able to move anything, this is something where we’ll find partners on both sides.”

NASCIO’s surveys last year of state CIOs and chief information security officers found both groups of state officials increasingly worried about their abilities to hire and keep employees. They cited numerous strategies to recruit and retain talent, including making government service appealing to millennial and Generation Z workers entering the primes of their careers, cultivating more diverse talent pools and offering remote-work options. (Many federal IT leaders have shared similar challenges in recent months.)

“We know that state cybersecurity workforce is a challenge and priority for all state CIOs and we look forward to working with the federal government on this important topic,” NASCIO President and Tennessee CIO Stephanie Dedmon said in a press release.

Whitaker said he’s had recent discussions on Capitol Hill that suggested a willingness to address the workforce issue, though there’s no legislative effort underway just yet. NASCIO says it also plans to engage with executive-branch agencies, too, particularly the departments of Labor and Homeland Security.

“The fact they know it’s a problem is encouraging,” Whitaker said. “There is no silver bullet. When I list the obstacles to finding capable people, I can list seven or eight things. They also have the same problem.”

As a short-term aid, Whitaker suggested elevating the U.S. Office of Personnel Management’s Scholarship for Service, which offers up to three years of financial support for post-graduate cybersecurity students who go on to work in government. While the program mostly routes participants to federal jobs, state and local agencies are eligible to participate, too.

NASCIO’s other main federal priorities are continuations of the group’s previous goals, particularly implementation of the cybersecurity grant program created by the 2021 infrastructure law. The Cybersecurity and Infrastructure Security Agency kicked off the four-year, $1 billion program last fall and is currently collecting applications and grant-implementation plans from the states.

While Whitaker said CISA has generally provided solid engagement with the states on the grant program, many NASCIO members continue to question how it will play out.

“For states waiting to submit a plan, we are hoping CISA positions themselves to provide information they need and that questions are getting answered,” he said.

Whitaker said NASCIO is also hoping to make more progress on other longstanding pieces of its agenda, including continued migration of state and local agencies to the .gov top-level domain, which offers more robust security features than commercially available sites. NASCIO’s also pursuing harmonization of the data-use and cybersecurity regulations that various federal agencies impose on states.