NASCIO: Feds should energize cybersecurity

State chief information officers want Congress to prod the Homeland Security Department into developing a formal state cybersecurity assessment and strategy process.

The push to energize intergovernmental cybersecurity was one of the key issues that state CIOs raised with members of Congress during their annual DC Fly-In meeting on May 4. This year's Fly-In is being held in conjunction with the National Association of State Chief Information Officer's Midyear Meeting on May 5-6.

Twenty-one state CIOs participated in as many as 60 meetings with members of Congress during their Fly-In meeting, said Tom Jarrett, NASCIO's president and Delaware CIO.

"Cybersecurity?is definitely the thing that keeps us up the most at night," Jarrret said. "It's our number one issue."

Members of Congress asked the state CIOs to provide statistics and data on cybersecurity and other pressing state IT matters to use in developing legislation that affects state government, he said.

For example, Congress wants statistics related to how many attempts are made to hack state networks each day, Jarrett said. In Delaware, the number of such attempts has quadrupled over the past year from 500 to 2,000 per day, he said.

"Those are numbers that I don't think have probably ever been shared with them," he said.

In addition to cybersecurity, state CIOs also asked Congress to take action on several other pressing IT-related matters, including the establishment of a common framework for information sharing, the development of a consistent privacy protection structure and the promotion and support of a health information exchange.

The state CIOs have learned from previous fly-Ins that they can strengthen their message by limiting the number of issues they raise in the meetings to those that require immediate action, Jarrett said.

"We decided to take on a much more focused approach," he said. "Rather than walk in to the meetings with 10 or 15 different white papers on a lot of different subjects, we decided to focus on three or four key ones that are most important to the CIOs in all of the states."