As many other states increase cybersecurity funding and personnel, Rhode Island Gov. Gina Raimondo has garnered criticism over her move last month to cut her Cabinet’s cybersecurity officer out of the state budget.
The position of “cybersecurity officer,” which was only created in 2017, was a dual role tasked with managing statewide cybersecurity policy and acting as the state’s homeland security adviser.
The role had been filled by Mike Steinmetz, a retired U.S. Navy captain who had previously worked for the Defense Department, the National Security Agency and the private sector. Steinmetz has since taken a job at a venture capital firm after Raimondo eliminated his salary.
When the position was created, Raimondo called the need to keep pace with technology and its associated threats “imperative.” But Raimondo’s press secretary, Josh Block, told the Boston Globe this week that despite eliminating the position, the state remains committed to cybersecurity and still staffs a dedicated team.
Raimondo’s office did respond to StateScoop’s request for an interview.
The Globe also reported that Bijay Kumar, the state’s chief information officer will take over Steinmetz’s cybersecurity responsibilities, while Christopher P. Callahan, an adjutant general with the Rhode Island National Guard, will perform Steinmetz’s homeland security duties.
At a time when ransomware threats are becoming more prevalent and cybersecurity as a whole shows no sign of receding from the attention of state chief information officers, who have named security and risk management as their top priority for several years running, local groups are criticizing Raimondo’s decision.
Ken Block, a former Republican gubernatorial candidate and founder of the nonprofit research group Watchdog RI, called the decision shortsighted.
John Marion, executive director of Common Cause Rhode Island, a nonprofit that advocates for government transparency, said Steinmetz was instrumental, along with the Rhode Island National Guard, in state election officials how to bolster its security practices after the 2016. The board, which manages voting on election days, does not have its own cybersecurity office.
“This is one less resource for the state Board of Elections to rely on,” Marion told StateScoop.
In addition to advising government agencies around the state on how to improve their cybersecurity postures, Steinmetz was also tasked with developing a cybersecurity strategy for the state, which was published in a report last week. The document is to serve as a roadmap for state government bodies to create “a digitally aware culture” and “mature the ecosystem underpinning technological innovation within the state.”
The report, which caps Steinmetz’s time with the state, follows a 2015 recommendation made by the Rhode Island Cybersecurity Commission that the state mature its IT security.
But Marion said security is a process, not a thing that a state completes, which is why some are confounded by elimination of the position, which earned a $184,446 salary.
“It’s kind of pound-foolish to save money in a budget by zeroing out an employee in this area,” Marion said. “That [report] had run its course, that’s true. But that leaves somewhat of a hole of who’s going to implement the recommendations in that report.”