Last week, we welcomed Virginia Governor Terry McAuliffe to the ITI/ITAPS 2016 Cybersecurity Forum to deliver keynote remarks to our convening of experts gathered to discuss the future of cybersecurity policy within federal and state governments.
As the newly appointed chair of the National Governor’s Association (NGA), Gov. McAuliffe, spoke about the need of states to address the growing cybersecurity challenge. Gov. McAuliffe shared his vision for improving state cybersecurity, and how his work through NGA’s “Meet the Threat” initiative will push states to further address the cybersecurity challenges they face by ensuring that all states are doing their part.
Through the initiative, Gov. McAuliffe recently released a new program aimed at getting state governments to take cybersecurity more seriously and introduced plans to ensure that every state moves towards the completion of a comprehensive cybersecurity protocol. In his remarks to the cybersecurity forum, Gov. McAuliffe told those of us that the initiative includes real deliverables, which by the end of the year will ask all governors to review a detailed checklist establishing whether each state has a sound and effective cybersecurity plan.
During the cybersecurity forum, senior industry representatives focused the discussion on many of the points raised within ITAPS’ State Cybersecurity Principles and Best Practices document released earlier this year. A focus of the dialogue was on the need for states to adopt industry recognized standards in order to avoid a patchwork state-by-state approach to security. Existing international frameworks, such as those developed by the National Institute of Standards and Technology, and the International Organization for Standardization, can also help states leverage proven standards without having to create costly and less known security practices.
Cybersecurity experts at the forum emphasized that adopting existing frameworks will help states assess program effectiveness and identify and address weaknesses in state systems. It is critical that states take a multi-faceted approach to cybersecurity and follow these well-established standards that will ensure consistency across all levels of government. Vast adoption of known international standards enables technology companies to focus their resources on enhancing security solutions that can scale for the national and global market, rather than making a multitude of adjustments to ensure compliance with a series of static requirements and specifications.
The work being led by Gov. McAuliffe and NGA is needed and welcomed by industry, which have a mutual interest in protecting state information technology (IT) systems and providing secure operation of critical IT systems across the country. That point was underscored for me last month at the National Association of State Chief Information Officers (NASCIO) Annual Conference when Deloitte presented its State Cybersecurity Study indicating that more governors are aware of the importance of cybersecurity as an issue, but few are putting significant budget and resources into security solutions. According to the report, states are spending approximately 1-2 percent of their annual IT budget on cybersecurity. This is clearly insufficient as can be seen when compared to the federal government, which has increased its spend by 35 percent this year alone.
After hearing from Gov. McAuliffe, it seems the message we have been advancing that states need to step up their game in order to protect their IT systems is taking root in the new NGA initiatives he discussed. ITAPS continues to work with state and local governments to further instill the importance of providing adequate attention and funding for cybersecurity as an essential component for government functions in service of their citizens.