As state governments move toward a more holistic view of cybersecurity, official titles and duties are changing inside administrations. While many governors have appointed special advisers on information security and threat intelligence, a couple of states, New York and Louisiana, have in the past year created the new position of chief cyber officer.
Dustin Glover and Colin Ahern, the chief cyber officers of Louisiana and New York, respectively, said last week during StateScoop’s Cybersecurity Modernization Summit that their roles fill a new need as the discipline of cybersecurity grows.
“Before, I would’ve argued that cyber is inside the [chief information security officer],” said Glover, who since July 2019 had served in that very role until his appointment to his current job. “Largely what we found out is that there’s so much operational obligation that a CISO has, it’s so regulatory driven, customer-service oriented.”
Glover said that in Louisiana, the CISO’s office — part of the state IT department — remains focused on protecting state agencies’ networks and data, while he works with local governments, critical infrastructure operators and other entities to respond to incidents and provide oversight and guidance on cyber policy. Glover now also works out of the Governor’s Office of Homeland Security and Emergency Preparedness, where he often coordinates his work with the Louisiana National Guard and State Police.
“The CISO takes care of the inside of the shop,” he said. “I’m looking outside the organization.”
In New York, Ahern said his role was also created in response to a rise in cyberthreats that spanned well beyond core state agencies. He equated it to the addition of new offices at the federal level, like that of the national cyber director.
“We see compounding interest in ransomware attacks, issues with health care providers, the public expecting more from a cyber perspective from their government,” said Ahern, a former deputy CISO in New York City.
Gov. Kathy Hochul last June named Ahern as New York State’s first chief cyber officer, making him her top adviser and policymaker on cybersecurity governance for the government and critical infrastructure sectors, as well as a liaison to other sectors like academia and the state’s business communities, like a growing chip-manufacturing industry.
“This is a risk management activity, this is about managing uncertainty,” Ahern said. “That’s why I see these kind of similar roles that are separate and apart from the CISO role.”