States seek cybersecurity lexicon for cross-border collaboration

For state cybersecurity experts from the private sector as well as Maryland and Michigan developing a common language around cybersecurity is essential to working together and getting the job done.

On the latest episode of StateScoops Priorities series, three experts spoke about developing a common language that adheres to both cybersecurity frameworks and how officials commonly talk about challenges with policymakers.

Jackie Wynn, RSA Securitys vice president of global public sector strategy, said on Priorities that before officials can even begin the conversation about what technologies they need to combat cyberthreats, theyneed to know how toconvey the risk associated with those threats to budget, policy and executive leadership.

Weve got to get to a common language of how we talk about business risk, and how we talk about what the security tools are, Wynn said. We call it a gap of grief youve got to get funding from your legislator, but youve got to talk in terms of business risk.

On the National Association of State Chief Information Officers annual top 10 priority list, cybersecurity appeared as the top priority every year since 2014. In 2013, it was priority No. 3, while it stayed in the top seven sincecreation of the Top 10 list in 2006.

On the podcast:

• David Garcia, chief information officer, Maryland
• Paul Groll, deputy chief security officer, Michigan
• Jackie Wynn, vice president of global sector strategy, RSA Security

Things to listen for:

• When David Garcia became Marylands CIO a year and a half ago, he was met with a federated and siloed department. Gov. Larry Hogan mandated a flatter enterprise, especially when it cameto things like cybersecurity.
• Michigans early infrastructure consolidation made it easier to build a consolidated cybersecurity team and security operations center to coordinate activities across the state, Groll said.
• Wynn recommended looking beyond a perimiter-based approach . Cybersecurity analytics can help organizations gain insight into what is going on inside the network as opposed to just seeing the threats trying to break their way in.
• Michigan is somewhere down the path on implementing cyber analytics by establishing a central repository for cyber data, Groll said. Gathering that threat data in a singular location will enable the state to more rapidly address attacks.
• In Maryland, Garcia said the state is getting some interesting reporting from its initial cybersecurity analytics efforts. While the work will continue on analytics, the state CIO said he was taking a broader look at what it will take to make cybersecurityefforts more efficient.

Priorities is StateScoops monthly podcast that examines the leading strategies, technologies and challenges that state CIOs expect to face this year. This episode of Priorities was sponsored by RSA Security.

In addition to listening to Priorities on StateScoop.com, you can now subscribe to the podcast on iTunes and have episodes delivered directly to your podcasts app on your smartphone when they are released.

Contact the reporter who wrote this story at jake.williams@statescoop.com , and follow him on Twitter @JakeWilliamsDC .