Holding down the fort

State chief information officers had some extra time on their hands before Sept. 11. Now, they hardly have a free moment. "We have vendors coming at us on almost an hourly basis, trying to sell software, hardware and scenario planning" related to information security, said Aldona Valicente, Kentucky's chief information officer. Because of this marketing blitz by technology providers, state information technology departments are serving as gatekeepers, reviewing new products and solutions for information security and other security needs, she said. As a result, CIOs such as Valicente are becoming key players in the homeland defense strategies their states are developing through newly appointed state homeland security advisers ? counterparts of federal Office of Homeland Security Director Tom Ridge. Governors in nearly every state have tasked a single official or a group of officials with coordinating homeland security, according to the National Governors Association of Washington. These advisers help the governors protect their states against threats that are physical, biological and cyber in nature. These threats likely will overlap, said Richard Varn, Iowa's CIO. If a terrorist mailed a package containing anthrax to the Department of Information Technology, for example, it would be a biological attack that also would interrupt the management of information systems, he said.Homeland security advisers also are relying on state CIOs to help develop information security strategies as well as get the best return on the dollar when federal grants for homeland security begin flowing to the states later this year. President Bush's fiscal 2003 budget, for example, includes $3.5 billion for state and local governments to improve the capabilities of police, firefighters and emergency medical teams, known as first responders, and $1.1 billion for response to bioterrorism. Funding for first responders will be distributed through grants given out by the Federal Emergency Management Agency, while the money to counter biological terrorism will be distributed through grants approved by the Department of Heath and Human Services, government officials said. FEMA plans to issue interoperability standards that will help first responders purchase the proper equipment, said Ron Miller, FEMA's CIO, in a March 7 presentation to industry. "Interoperability will be the No. 1 priority for FEMA and first responders," Miller said. Ridge told the governors Feb. 24 at their winter meeting in Washington that each state will be allowed to keep 25 percent of the first responders' funding for its discretionary use. The money might be applied to things such as overtime costs and reimbursement for acquisition of emergency equipment. "There is a lot of flexibility for this funding," Ann Beauchesne, NGA's program director for emergency management, told .State homeland security advisers are looking to state CIOs not only to evaluate products and solutions, but also to establish policies and procedures to protect government and citizens, according to government and industry officials.Chris Dixon, digital government coordinator for the National Association of State Chief Information Officers, Lexington, Ky., said the enterprisewide view of IT that state CIOs and security chiefs bring to the table can promote the development of adaptable and secure information systems when federal funds reach the states. "This will prevent the creation of new silos of data and duplicative infrastructures that will cost more and yield less as new, unforeseen demands for information sharing arise," he said.What's more, state CIOs "can provide guidance to homeland security advisers as to where critical data exists in the enterprise, and [offer] approaches to mining it for effective use," said Paul Robinson, practice director for Public Sector Americas at Deloitte Consulting, New York.Companies providing homeland security services and solutions will encounter different approaches to homeland security coordination and decision-making in each state, Valicente said. A state might handle homeland security through a steering group or task force, a cabinet-level person in the governor's office or an existing public safety or emergency preparedness department. "The bottom line is that the majority of states now have coordinating bodies, and I believe the direction of those bodies varies on their background and what they've been directed to do [by the governor]," said Steve Rohleder, managing partner of U.S. government services for Accenture Ltd., Hamilton, Bermuda. Accenture is focusing on business opportunities for homeland security in California, Florida, New York, Pennsylvania and Texas, he said. The company also wants to help these states set up program management offices to capture grants and direct the funds to where they are most needed. States, Rohleder said, need someone who can prioritize the initiatives they want to accomplish in the next 12 to 24 months and serve as an "honest broker" to review vendors' homeland security products and solutions. Robinson said Deloitte Consulting is discussing homeland security with CIOs and homeland security advisers. "Both are key members of the governors' teams in coordinating responses to physical, cyber and biological threats to state government," he said. "The initial entry point differs by state and is sometimes influenced by relationships that we may have and by the nature of the state's accountability structure." Steve Lauer, Florida's security adviser, said the state technology office has been indispensable in promoting information security and critical infrastructure protection. "They've provided the state with a hard look at cybersecurity," he said. Lauer, who was appointed by the governor Nov. 27, 2001, said it has not been necessary for him to take immediate action on cybersecurity because the agencies are in the process of an ongoing security audit mandated by the Florida legislature before Sept. 11.Valicente said her biggest concern is that the federal government doesn't forget the needs of the states. If the federal government is prepared to assist first responders at the local level, it should also assist states in strengthening their infrastructure, she said. "Those things won't get dealt with at the local level," she said, citing issues such as integrated communications. "They need focus from the state or even the national level."