States shun companies marketing security without experience

State chief information officers are finding that a number of companies with limited or no tangible experience in computer security are trying to obtain work at the state level, and that is making the CIO's job tougher.

Gerry Wethington, president of the National Association of State Chief Information Officers and Missouri chief information officer, said today that a number of vendors that sell to state and local government moved quickly in the aftermath of the Sept. 11 terrorist attacks to establish cybersecurity and homeland security practices or units with no previous experience in the field.

The moves complicate the task of state and local officials who are trying to improve cybersecurity for their governments to protect critical infrastructure and ensure the privacy of their citizens.

"We have to cut through that chaff," Wethington said of the challenge he and other state CIOs face weeding out those with actual computer security experience from those with no real experience.

The intergovernmental roundtable in Washington was part of NASCIO's third annual "Fly-in" meeting held this week to meet with members of Congress and the administration to discuss issues affecting state IT.

During the two-day event, 18 state CIOs held 73 meetings to discuss a wide range of IT issues, including enterprise architecture, federal IT funding, the Health Insurance Portability and Accountability Act, cybersecurity, and public safety wireless communications interoperability.

Aldona Valicenti, Kentucky's CIO and a former NASCIO president, said that state CIOs need to push the federal government not just for an architectural plan for cybersecurity but also for funding for cybersecurity.

"Cybersecurity is not just about hardware and software," she said, "But about policy, education, and training."