Advertisement

State IT experts: Communication is key to strong cybersecurity integration

Officials on a cyber panel at a National Association of State Technology Directors conference said good relationships with customer managers can go far.

LITTLE ROCK, Ark. — States must factor in security from the start of any new information technology project, but for that to happen, agencies must prioritize communicating with each other, several government tech officials said. 

“Hopefully [cybersecurity] comes in at the beginning of the discussion,” Frank Andrews, chief security officer for Arkansas, said on a panel moderated by StateScoop at the National Association of State Technology Directors Southern Region conference last week. “Unfortunately, that’s not the way it always happens.”

For large projects, it’s easier, Andrews said. The state already has established a security architecture — a set of plans to bake security into new programs led by the Department of Information Systems, where the CSO position resides. 

However, it’s when the state embarks on small projects that sometimes security falls by the wayside. To avoid that, Andrews said he stays in touch the state’s customer relationship management office, which often guides other state agencies through the implementation of new projects.

Advertisement

Georgia Technology Services Officer Chris McClendon said his state’s security architecture applies at all levels of technology projects and is integrated from day one.

“Our customers have to submit a request for service for everything that they do,” McClendon said. “It goes through a formal design review process and the providers are incented to design it based on the security architecture.”

South Carolina, which experienced a massive data breach in 2012, is still working on establishing a formal security architecture and formal review process, said Charlie Zeberlein, the state’s manager of network design and planning.

“We’re looking to improve within our own organization,” Zeberlein said.

For a robust security architecture, executive buy-in and involvement is critical, Andrews and McClendon said.

Advertisement

“We’re pretty lucky that we’ve got a governor that’s security minded and we’ve got a director that’s security minded,” Andrews said. “Those obstacles are easier for us than they ever have been. I don’t know how you grow that without a time machine, but for now, just start where you’re at.”

Contact the reporter who wrote this story at jake.williams@statescoop.com and follow him on Twitter @JakeWilliamsDC

Jake Williams

Written by Jake Williams

Jake Williams is a Staff Reporter for FedScoop and StateScoop. At StateScoop, he covers the information technology issues and events at state and local governments across the nation. In the past, he has covered the United States Postal Service, the White House, Congress, cabinet-level departments and emerging technologies in the unmanned aircraft systems field for FedScoop. Before FedScoop, Jake was a contributing writer for Campaigns & Elections magazine. He has had work published in the Huffington Post and several regional newspapers and websites in Pennsylvania. A northeastern Pennsylvania native, Jake graduated magna cum laude from the Indiana University of Pennsylvania, or IUP, in 2014 with a bachelor's degree in journalism and a minor in political science. At IUP, Jake was the editor-in-chief of the campus newspaper, The Penn, and the president of the university chapter of the Society of Professional Journalists.

Latest Podcasts