Cybersecurity, funding challenges ahead in 2021, says NASCIO

As the year winds down with the initial distributions of COVID-19 vaccines, state IT officials’ concerns from the pandemic aren’t abating, but they are transforming. In the final episode of the 2020 season of the Priorities podcast, Doug Robinson and Meredith Ward of the National Association of State Chief Information Officers predicted how the year’s events will carry over into 2021.

Ward, the organization’s director of policy and research, said remote work, one of the pandemic’s hallmarks, will linger in many organizations.

“I definitely think that some expanded remote work is here to stay and states have really adapted to that,” she said.

Looking ahead, Ward said she expects that threats to states’ cybersecurity (which topped the group’s Top 10 Priorities list for the eighth year in a row), will persist too, especially as vaccine distribution ramps up.

“Vaccine rollout is really going to present another opportunity for ‘the bad guys’ to try and disrupt, to try and put out more bad information, to try to scare people away from taking the vaccines,” Ward said.

The shift to remote work also added an additional challenge for state government organizations as they watch the users on their networks, said Wendy Nather, an executive with Duo Security.

“All of these things really changed the threat landscape and made it easier for attackers to impersonate workers because we lost that physical proximity, that ability to authenticate people,” she said.

Robinson, NASCIO’s executive director, said the pandemic, while disruptive, provided the organization with an opportunity to reconsider IT processes that had gone unreformed for many years, as its members slipped into comfortable habits.

“Some of the innovations, we’re going to continue those,” he said. “We’ve found that actually, they proved to be more effective and more engaging than what we were doing in the past.”

The importance of state governments’ technology offerings became more evident this year as systems like those used to apply for unemployment insurance crashed around the country. But Robinson said that many IT modernization projects will need to be deferred next year because there still won’t be enough funding to overcome the massive technical debt states have accumulated.

“There’s going to be high competition for limited amount of funds that might be available,” Robinson said.

NASCIO has long lobbied for dedicated cybersecurity funding from the federal government, too, but Robinson said that such efforts can take years to be realized before the money is available. Just the same, he said NASCIO will continue to make its case.

“States are the agents for hundreds of billions of dollars of federal programs delivered by states,” he said. “Our assertion all along is states are partners with the federal government, the federal government should be partners with states in terms of reducing the risk through their cybersecurity services.”

On the podcast:

• Doug Robinson, executive director, NASCIO
• Meredith Ward, director of policy and research, NASCIO
• Colin Wood, managing editor, StateScoop
• Wendy Nather, head of advisory chief information security officers, Duo Security

This episode is brought to you by Duo Security.

Listen to archived episodes of Priorities from Season 5 (2020),  Season 4 (2019), Season 3 (2018), Season 2 (2017) and Season 1 (2016). Catch all of StateScoop’s podcasts on Soundcloud, Apple Podcasts, Spotify, Google Play, Stitcher or Alexa’s TuneIn.