States want federal cyber help

A call from the states for more coordination with the federal government on cybersecurity points the way to several business opportunities for federal contractors who are looking to expand into new markets.

State and local governments have their budget challenges, but much like their federal counterpart, they also have priorities that will get funding ahead of other areas.

And cyber is one of those high priority areas, creating an opportunity for federal contractors to expand their reach into the state and local market.

Just this week, the National Governors Association was before Congress, explaining the need for federal and state cooperation in the area of cybersecurity.

State governments have a wide range of sensitive data they need to protect:

  • Tax records
  • Driver’s licenses
  • Birth records

“We also play a critical role in ensuring that private-sector assets within our states are secure,” said Michigan Gov. Rick Snyder. He was on Capitol Hill to brief Congress on state cybersecurity efforts.

He and Maryland Gov. Martin O’Malley led the NGA’s Resource Center for State Cybersecurity, which has been looking at both state-owned and state-based infrastructure, including data and communications systems, banking and financial records, water systems and the electrical grid.

Many of those have been identified by leading federal contractors as adjacent markets that they want to move into because they often are highly regulated and there is significant overlap with efforts by the federal government.

The NGA has released a new report, Act and Adjust: A call to action for governors for cybersecurity that makes several recommendations to the governors, each of which represents potential business opportunities. These include:

  • Establish a governance and authority structure for cybersecurity
  • Conduct risk assessments and allocate resources accordingly
  • Implement continuous vulnerability threat monitoring practices
  • Ensure compliance with current security methodologies and business disciplines
  • Create a culture of risk awareness.

Other areas they are exploring are fusion centers, cybersecurity of energy systems and the electrical grid and developing a trained cyber workforce.

The report also points to the Homeland Security Department’s Continuous Diagnostic and Mitigation contract as a resource that is available for states to use. The report says the purchases through the recently awarded contract should be coordinated with the Multi-State Information Sharing & Analysis Center.

The center was designated by DHS as a key resource for state, local, territorial and tribal governments. It runs a security operations center, which offers managed security services to the states.

NGA also has established a dashboard for governors to get an overview of their state’s cybersecurity environment. The dashboard is being piloted in Michigan and Maryland, along with the Multi-State Information Sharing & Analysis Center.

The dashboard may be the most valuable development because it will put information on the health and security of networks into the hands of the ultimate decision maker. This gives cybersecurity a high profile, which could translate into resources.

NGA expects to issue a series of reports recommending actions by the governors. There will be more on coordination with the federal government. They also are interested in getting the National Guard more involved in cyber operations.

As opportunities in the state and local market develop, paying attention to what the NGA is advocating might be a good early indicator of where the priorities will be.