Members of the National Association of State Chief Information Officers came away from their annual federal advocacy meetings feeling that their roles are being noticed more in Washington, the group said Thursday.
The association’s annual “fly-in” meetings — held virtually amid the ongoing COVID-19 pandemic — gave CIOs and state chief information security officers an opportunity to push NASCIO’s federal priorities, including cybersecurity and IT modernization grants, broadband expansion and regulatory reform, said Matt Pincus, the group’s director of government affairs.
“Every speaker we had really touched on all the federal advocacy priorities,” he said. “I think it’s a testament to the CIOs and CISOs that their work is being recognized.”
Among the lawmakers NASCIO met with were Rep. Jim Langevin, D-R.I., a co-chairman of the Cybersecurity Solarium Commission, and Sen. Maggie Hassan, D-N.H., who has pushed the federal government to do more to counter ransomware attacks against state and local governments and schools. Both Langevin and Hassan discussed NASCIO’s goal of creating a sustained federal grant program for state and local cybersecurity.
‘Very frank feedback’
NASCIO members also met with Cameron Dixon, a career technologist at the Cybersecurity and Infrastructure Security Agency who is overseeing the agency’s implementation of the DOTGOV Act, which aims to make it easier for state and local agencies to move their websites to the federally administered .gov top-level domain, which includes multi-factor authentication and other security measures as standard features.
Dixon, Pincus said, “solicited some very frank feedback,” especially with respect to potential waivers of the $400 annual fees the federal government charges state and local agencies to register .gov sites.
“There was a lot of conversation about how CISA’s going to try to remove the fee,” he said. “They’ve been public in saying that is their stated goal.”
Pincus also said that CISA, which will take control of the .gov domain from the General Services Administration later this month, has also been “very good” at reaching out to groups of state and local officials beside NASCIO.
Plans for stimulus
But a more immediate concern for NASCIO’s members is how they’ll be able to take advantage of the $350 billion in state and local aid included in last month’s $1.9 trillion American Rescue Plan. Pincus said CIOs expect the funding will be much more flexible than the state and local aid in last year’s CARES Act, which was restricted to projects directly tied to pandemic response.
“We’ve already heard from governors and CIOs who’ve made it their stated goals to do broadband, cyber, new unemployment insurance and new DMV systems,” he said.
The Treasury Department has until mid-May to issue guidance on how states will be able to use their grants. Until then, Pincus said, “we’re in a holding pattern.”
Pincus said CIOs are also examining the contents of the $2 trillion infrastructure package President Joe Biden introduced Wednesday, which includes $100 billion for broadband, on top of the billions that have already been spent across multiple rounds of pandemic relief.
“That’s a staggering number that would be a huge game-changer,” Pincus said. “Broadband is a top-five priority for the CIOs now. I think our members have a much clearer idea from their experiences over the past year. The thing they’ve mentioned as the issue most preventing expansion is funding.”
Federal CISO’s state experience
Although the fly-in meetings did not include anyone from Treasury, NASCIO members did meet with several White House officials, including Maria Roat, the deputy federal CIO, and Chris DeRusha, the federal CISO, who addressed how states fit into the Office of Management and Budget’s cyber priorities, and the ongoing fallout from the recent breaches of SolarWinds and Microsoft Exchange Server.
Pincus added that while NASCIO’s relationship with the White House before was solid — he also praised former Federal CIO Suzette Kent — having DeRusha, a former Michigan chief security officer, as the federal CISO, has made a big difference.
“That relationship and understanding, Chris has that first-hand understanding of the pain points,” Pincus said. “Having a former state CISO as the federal CISO, you can’t understate how important that is.”