NASCIO Issues Primer on State Use of Metaverse Technologies

LEXINGTON, Ky., Wednesday, March 29, 2023—today, the National Association of State Chief Information Officers (NASCIO) released Navigating the Metaverse: Potential Applications and Implications for State Government. The publication is a brief look at some early considerations for state government with respect to the metaverse and related technologies. The publication also includes current and prospective uses for metaverse technology as well as research and input from state government and private sector leaders in the subject.

Some considerations and cautions for states that are detailed in the publication include:

  • Determining the right business case
  • Creating a roadmap
  • Gathering relevant stakeholders
  • Ensuring security of metaverse technologies
  • Privacy implications
  • Safety of users including bias and discrimination
  • Accessibility
  • Legal implications
  • Ensuring skilled staff are in place


The publication can be found on NASCIO’s website: www.nascio.org

Contact
Meredith Ward
Deputy Executive Director
National Association of State Chief Information Officers
859.514.9209
[email protected]

NASCIO and NGA Call for Strengthening Cybersecurity Workforce in State Government

LEXINGTON, Ky., Wednesday, March 15, 2023—today, the National Association of State Chief Information Officers (NASCIO) National Governors Association (NGA) released the Securing States: Modernizing to Attract and Retain Cyber Talent. The publication is a culmination of a partnership between NASCIO and NGA, which started in 2022, to assist states in identifying the concrete actions they can take now to bridge the cybersecurity workforce gap. NASCIO and NGA convened Governors’ policy advisors, state information technology and cybersecurity leaders, workforce professionals and other experts to provide a forum for sharing experiences and best practices. This publication details the current state of play and summarizes the insights aggregated during this meeting, as well as previous related efforts by NASCIO and NGA to facilitate discussion on this topic.

“State cybersecurity workforce challenges have reached crisis levels in some states and is a major concern for all state CIOs,” said Stephanie Dedmon, NASCIO president and CIO for Tennessee. “NASCIO is glad to partner with NGA and other strategic partners to help address this critical issue.”

The publication includes several examples from states who are using creative methods to address the cybersecurity workforce challenge. The publication also includes specific recommendations for states to take now:

  • States need to focus on effective marketing and branding of state government as an employer of choice, their mission-driven work and the unique benefits they offer.
  • States must adapt to the enduring impacts of the COVID-19 pandemic by modernizing the working environment to include flexible schedules, offering remote and work from home (WFH) options and focusing on addressing burnout and employees’ mental and emotional well-being.
  • States must focus on diversity, equity, inclusion and belonging (DEIB) in their recruitment, hiring and retention practices.
  • States need to collaborate with key tech and cybersecurity stakeholders, including the private sector, academia, nonprofit organizations, the federal government, minority-serving institutions and professional associations, to provide development opportunities and build workforce pipelines.
  • States should rework position descriptions to reflect industry-standard job titles and reduce barriers to entry, such as outdated or unnecessary requirements.

The publication can be found on NASCIO’s website: www.NASCIO.org.

NASCIO Contact
Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]

NASCIO Releases 2023 Federal Advocacy Priorities: Calls for Strengthening the State Cyber Workforce

LEXINGTON, Ky., January 11, 2023 — Today, the National Association of State Chief Information Officers (NASCIO) released its 2023 federal advocacy priorities. NASCIO’s advocacy priorities reflect the importance of collaboration between states and the federal government. The priorities are as follows:

  • Expanding and Strengthening the State Cyber Workforce
  •  Harmonize Disparate Federal Cybersecurity Regulations
  •  Ensure Responsible Implementation of the State and Local Cybersecurity Grant Program
  •  Continued Adoption of DotGov Domain is Essential

“The 2023 federal advocacy priorities reflect important issues for state CIOs,” said NASCIO President and Tennessee CIO Stephanie Dedmon. “We know that state cybersecurity workforce is a challenge and priority for all state CIOs and we look forward to working with the federal government on this important topic.”

The association’s federal advocacy priorities are selected by NASCIO’s executive committee and reflect policy priorities as indicated by association members in the State CIO Top Ten. The advocacy priorities can be found at www.NASCIO.org.

NASCIO Contact
Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]

State CIOs Prioritize Recruiting and Retaining the Necessary Workforce to Deliver Modern Digital Services

LEXINGTON, Ky., Monday, December 12, 2022—Today, the National Association of State Chief Information Officers (NASCIO) released the State CIO Top 10 for 2023. The Top 10 represents state technology leaders’ top policy and technology priorities for the coming year, as voted on by 51 state and territory chief information officers (CIOs), and has been published every year since 2007. Cybersecurity remains the top priority for the tenth year running while digital government is in the number two spot for the fourth year in a row. Additionally, workforce moved up to number three, up from seventh place in 2022.

“State CIOs continue to face increasing challenges with IT workforce, especially in the area of cybersecurity,” said Doug Robinson, NASCIO executive director. “It is no surprise that workforce jumped to a much higher position this year as CIOs continue to struggle to recruit and retain a qualified workforce.”

Other items of note from the 2023 Top 10 are:

  • Legacy modernization and identity and access management both moved up in the ranking
  • Cloud had been in the top three since 2013 but this year drops to number six
  • Broadband moved to number nine from number three last year

NASCIO utilizes the annual voting of priorities to develop strategic areas of focus for the coming year, formulate new issue forums and working groups and plan NASCIO conference sessions and publications.

The Top 10 can be found on NASCIO’s website, www.NASCIO.org.

NASCIO Contact
Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]

NASCIO Members Give Back During NASCIO 2022 Annual Conference

LEXINGTON, Ky., Tuesday, November 1, 2022 — The National Association of State Chief Information Officers (NASCIO) donated over $35,000 to AMPED Technology Workforce Training Program as part of the association’s Give Back program. AMPED provides skills training to prepare Louisville residents for a career in IT. Priority admission is extended to individuals that live in underserved zip codes and meet specified income levels. NASCIO’s 2022 Annual Conference was held in Louisville this past October.

NASCIO President Stephanie Dedmon, Chief Information Officer for the State of Tennessee, commented, “NASCIO is honored to support AMPED’s mission, especially targeting underserved communities to prepare for a career in IT. Programs like these are critical to positively impact our future IT workforce.”

Dave Christopher, Sr., AMPED Executive Director, said, “This is an absolutely incredible donation! AMPED is so thankful for the support of NASCIO members and the team.”

Donations were collected during the NASCIO 2022 Annual Conference and NASCIO state, corporate and nonprofit members donated through individual contributions. NASCIO corporate members Automation Anywhere, Carahsoft Technology Corp., Hyland, Resultant and SecurityStudio sponsored this year’s Give Back Program and contributed to the donation total.

To learn more about AMPED, visit www.ampedlouisville.org.

NASCIO Contact
Emily Lane
Program and Brand Director
National Association of State Chief Information Officers
859.514.9167
[email protected]

NASCIO Announces Association Leadership for Coming Year

LEXINGTON, Ky., Tuesday, October 18, 2022The National Association of State Chief Information Officers (NASCIO) announced the association’s executive leadership for the new program year. Stephanie Dedmon, Chief Information Officer for the State of Tennessee, will be president; James Weaver, Secretary of Technology and Chief Information Officer for the State of North Carolina, will be vice president; and Amanda Crawford, Executive Director and Chief Information Officer for the State of Texas, will be secretary/treasurer. Additionally, Alan Fuller, Chief Information Officer for the State of Utah; Jennifer Ricker, Secretary and State Chief Information Officer for the State of Illinois; and Bill Vajda, Chief Information Officer for the State of Wyoming, will be joining NASCIO’s Executive Committee as new directors.

Stuart Davis, Vice President, Consulting Expert with CGI Technologies and Solutions, will be NASCIO’s Corporate Leadership Council (CLC) chair and Paul Baltzell, Vice President, Strategy and Business Development with Salesforce, will be CLC vice chair. CLC members promote information sharing among public and private sector members, providing expertise to NASCIO on issue focus areas and supporting projects. The CLC chair and vice chair hold advisory, non-voting seats on NASCIO’s Executive Committee.

NASCIO’s 2022-23 Executive Committee leaders are:

President
Stephanie Dedmon, CIO, State of Tennessee

Vice-President
James Weaver, Secretary of Technology and CIO, State of North Carolina

Secretary/Treasurer
Amanda Crawford, Executive Director and CIO, State of Texas

Past President
Michael Leahy, Secretary of Information Technology, State of Maryland

Executive Committee Directors:
Fred Brittain, CIO, State of Maine
Alan Fuller, CIO, State of Utah
John MacMillan, Deputy Secretary for Information Technology and CIO, Commonwealth of Pennsylvania
Jennifer Ricker, Secretary and State CIO, State of Illinois
J.R. Sloan, CIO, State of Arizona
Josh Spence, CIO, State of West Virginia
Bill Vajda, CIO, State of Wyoming
Greg Zickau, CIO, State of Idaho

Stuart Davis, ex officio
Paul Baltzell, ex officio

NASCIO Contact

Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]

NASCIO Announces Recipients for 2022 NASCIO State IT Recognition Awards

LOUISVILLE, Ky., Wednesday, October 12, 2022 —The National Association of State Chief Information Officers (NASCIO) has announced recipients for the 2022 NASCIO State IT Recognition Awards. This year nearly 90 submissions were received from NASCIO member states and territories and 55 NASCIO members served as volunteer judges.

The award nominations showcase the use of information technology to address critical business problems, more easily connect citizens to their government, improve business processes and create new opportunities that improve the lives of citizens. To ensure states have access to the innovations and leading practices of their peers, all award submissions have been added to NASCIO’s Awards Library.

NASCIO Awards Committee co-chairs, Jennifer Ricker, Secretary of Technology for the State of Illinois and James Weaver, Secretary of Technology for the State of North Carolina, said, “We congratulate all of the recipients and thank those who submitted for this prestigious program. We are proud to highlight the best of state IT!”

Award recipients for the 2022 State IT Recognition Awards are:

Business Process Innovations
State of North Carolina: When Minutes Mattered: Automated COVID-19 Reporting System Saved Hospitals’ Time and Reduced Administrative Burden

Cross-Boundary Collaboration & Partnerships
State of Nebraska: United Effort for Law Enforcement

Cybersecurity
State of Michigan: MILogin: Michigan’s Digital Identity Program

Data Management, Analytics & Visualization
State of Tennessee: Vaccination Registration and Administration Solution

Digital Services: Government to Business
State of Arizona: Underground Storage Tank Compliance and Reporting Goes Digital

Digital Services: Government to Citizen
State of Texas: Texas by Texas (TxT) Digital Assistant

Emerging & Innovative Technologies
State of Ohio: The Ohio Benefits Program is BOT “In”

Enterprise IT Management Initiatives
State of Tennessee: Tenncare Cloud Services Project

Information Communications Technology (ICT) Innovations
State of North Carolina: Prison Telehealth Program: Efficiency and Innovation In North Carolina Correctional Facilities

State CIO Office Special Recognition
State of Illinois: Access Illinois: Elevating Accessibility for Residents with Disabilities

To review these and other submissions, please visit NASCIO’s Awards Library: NASCIO.org/awards.

NASCIO Contact

Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]

NASCIO Honors California State CISO Vitaliy Panych

LOUISVILLE Ky., Tuesday, October 11, 2022 — The National Association of State Chief Information Officers (NASCIO) has named California CISO Vitaliy Panych as the recipient of the 2022 Thomas M. Jarrett State Cybersecurity Leadership Award. The program was created to pay homage to Thomas M. Jarrett, past president of NASCIO (2004 – 2005), for his passion for cybersecurity and honors state chief information security officers (CISOs) for exceptional accomplishments in their field. This award evolved from the Thomas M. Jarrett Cybersecurity Scholarship, being renamed in 2020 to reflect the vital role state CISOs hold in state cybersecurity efforts and their deeper involvement with NASCIO.

CA State CISO Vitaliy Panych is responsible for protecting the largest collection of digital information assets in the country, experiencing more than 400 million malicious probes daily. He works tirelessly to monitor the security of more than 140 state departments and has onboarded most of those departments to monitor their own internal networks. He expanded the California Department of Technology Security Operations Center, which operates under his purview performing log management implemented in a cloud-based, FedRAMP-compliant, scalable and redundant environment.

His leadership was instrumental in developing California’s first multi-year information security roadmap, Cal-Secure, which provides a best practices path to increase security maturity for every entity and outlines centralized and scalable information security governance and technical capabilities to achieve target goals and objectives. Additionally, Vitaliy created the Information Security Leadership Academy, which integrates core government leadership, business risk management, cybersecurity knowledge, skills and abilities training for a comprehensive curriculum. He is also responsible for the California Cybersecurity Education Summit that gathers leaders from across California to stay ahead of cyber threats.

Vitaliy was nominated by California Chief Information Officer Liana Bailey-Crimmins.

To view past recipients of the Thomas M. Jarrett State Cybersecurity Leadership Award, visit nascio.org/awards.

 

NASCIO Contact

Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]

NASCIO Honors Three Public Servants with State Technology Innovator Award

LOUISVILLE, Ky., Tuesday, October 11, 2022 —The National Association of State Chief Information Officers (NASCIO) presented the State Technology Innovator Award to three deserving public servants during the NASCIO 2022 Annual Conference. The NASCIO State Technology Innovator Award honors outstanding state government employees who have made contributions to advance state technology policy through the promotion of best practices, adoption of new technologies and advancements in service delivery. Nominations were gathered from NASCIO members and selected by the NASCIO Executive Committee.

The following are the recipients of the 2022 NASCIO State Technology Innovator Award:

Luke Charde
Head of User Experience Design and Web Content Management
Innovation and Engineering Services
New York State Office of Information Technology Services

Luke leads New York State’s efforts to implement automated language translation services for state agency websites. In this role, Luke works with 53 separate agencies to implement these services, which will support the 12 most common non-English languages in New York State. In working on this project, Luke has utilized a translation management system to deliver on these goals and even identified additional resources for instances where translations must be confirmed through non-automated means. The transformation that Luke is leading will promote diversity and have a positive impact on many more New Yorkers who will now have access to information and state services they previously had difficulty accessing.

Sean Hughes
Assistant Secretary for Technology, Services and Operations and COO
Massachusetts Executive Office of Technology Services and Security

Sean Hughes is driving innovation and improving the constituent digital experience for the Commonwealth of Massachusetts. In his role with the Executive Office of Technology Services and Security, Sean is leading the transformation and consolidation of Massachusetts’ current IT infrastructure to one secure and reliable network. From hardware to network security, Sean and his team are working to update and enhance current technologies while researching and adopting new technologies in the ever-changing environment. Sean is responsible for the transformation and consolidation of over 13 data centers into one high-availability center that provides 24x7x365 coverage to law enforcement agencies across the Massachusetts; the deployment of a statewide public safety broadband network; the day-to-day operations of the Commonwealth’s Criminal Justice Information System law enforcement data network and enterprise computing system; taking a multi-faceted approach to a hybrid cloud system; assisting agencies to replace legacy solutions and modernize applications; and implementing a resilient, scalable and secure enterprise technology framework.

Ashley Laymon
Customer Experience Officer
Maryland Department of Information Technology

As the Chief Experience Officer for the Maryland Department of Information Technology, Ashley’s office is the driving force behind the state’s goal of minimizing IT redundancy, reducing overall IT costs, driving business value for customer agencies, promoting modernization and ensuring compliance with state IT policies and standards. When Ashley joined the department in 2019, she made it one of her main goals to reshape the way that the department interacted with its customer agencies and other government entities. She has done this by increasing communication and feedback and hosting regular open dialogue sessions with IT leadership and other agencies. Ashley has also implemented a special request management process which provides a more holistic view of IT needs across organizations. The goal of the program is to mitigate risk, reduce redundant solutions, increase efficiencies and decrease costs statewide while helping to provide Marylanders with services they need more efficiently and effectively.

To view past recipients, please visit www.NASCIO.org/awards.

NASCIO Contact

Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]

Cybersecurity Survey of State CISOs Identifies Many Positive Trends

While talent challenges overshadow budgetary concerns, and whole-of-government efforts accelerate

LOUISVILLE, Ky., Oct. 11, 2022 — The National Association of State Chief Information Officers (NASCIO) and Deloitte today released their 2022 Cybersecurity Study, “State Cybersecurity in a Heightened Risk Environment.” The survey captures responses from chief information security officers (CISOs) in all 50 states and three territories about current cybersecurity trends, challenges and opportunities.

The survey found that state CISOs throughout the U.S. gained considerable strength and authority over the past few years, as they rapidly migrated government operations and services to a virtual environment and expedited digital transformations to meet the immediate needs of individuals and families. Due to the dedicated efforts of these CISOs, state agencies were able to continue providing high-quality service to their constituents, despite the challenges imposed by a global pandemic.

Additional highlights from the 2022 Deloitte/NASCIO survey include:

  • Addressing the talent gap: In 2022, the demand for high-skilled workers has grown even more acute for public and private sector employers. In this environment, the lack of cybersecurity professionals and other staff remains among the top five barriers cited by state CISOs.
    • Despite CISOs’ growing responsibilities and the increasing sophistication of both technology and threats, headcounts for state cybersecurity professionals remain about the same as in 2020, and more than 6 in 10 CISOs report gaps in competencies among their staffs.
  • Embracing the entire state: It is an imperative to provide for greater security across the entire state through a tighter collaboration with local governments and state higher education institutions. CISOs made significant progress in enhancing their stature and visibility at the state executive and legislative levels, and they are continuing to get the institutional support and resources they need.
    • All 50 states now have a CISO, and many are establishing new positions for chief privacy officers, chief risk officers and identity program directors.
    • More state legislators are codifying the role of the CISO into state law and funding the position. They are also codifying several cyber initiatives into state law, such as enterprise risk management frameworks, cybersecurity legislative councils and cybersecurity training.
    • More states now require CISOs to provide periodic reports to senior state officials, such as the governor, legislature and agency secretaries.
    • CISOs are looking to establish and activate a shared security services approach to enable a whole-of-state approach to protecting local governments and public higher education institutions.
  • Emerging technologies present new opportunities: In the post-pandemic digital landscape, CISOs have an even more critical role to play in guiding the evaluation and implementation of new technologies.
    • State CISOs confirm that many applications have migrated to the cloud. With remote work, digital and mobile platforms have become part of the fabric of daily life by which people work, communicate and transact.
    • States have taken a big step forward to provide digital identities for citizen services. Capabilities, such as cloud computing, artificial intelligence and robotic process automation, enable states to further enhance digital modernization in service of their missions and constituents.

“State CISOs played critical roles helping the country successfully navigate the twists and turns of the pandemic, and this year’s survey identifies the steps needed to grow this increasingly public role and meet the current and future challenges faced by state agencies,” said Meredith Ward, director of policy and research at NASCIO and a co-author of the 2022 Deloitte-NASCIO Cybersecurity Study. “We’re proud to again bring the perspectives of state CISOs to the forefront of conversations around cybersecurity.”

“The complexity of cyber challenges that the state CISOs tackle is increasing with the need to take a whole-of-state approach involving multiple jurisdictions and stakeholders,” said Srini Subramanian, principal, Deloitte & Touche LLP, and Deloitte’s global risk advisory leader for government and public services. “To address these challenges, state CISOs are increasingly laying the groundwork to adopt emerging technologies, promoting more collaboration with local government agencies and higher education institutions, upskilling state employees and transforming employment practices to attract the next-generation of highly capable cyber talent.”

Additional takeaways from the 2022 Deloitte-NASCIO survey include:

  • Thirty states increased their cybersecurity budgets from 2021 to 2022. And for the first time, CISOs report that a handful of states are allocating more than 10% of their IT budgets to cybersecurity, in alignment with federal government levels. However, most states still only allocate between 2% and 10% of their budgets to cybersecurity efforts.
  • Many state CISOs identified the drafting and implementation of the Zero Trust framework as a key initiative.
  • CISOs say that malware, ransomware and phishing attempts continue to present security challenges. Concern among CISOs about foreign state-sponsored espionage has also risen significantly, while the perceived threat from third parties and social engineering has declined.
  • CISOs found that the three leading causes of cyber incidents remain web applications, malicious code and financial fraud. However, CISOs note a rise in cyber incidents involving foreign state-sponsored espionage, zero-day attacks and attacks against cloud platforms.
  • Nearly one-third of state CISOs say that state agencies manage cyber incidents on their own, rather than working with a central state IT security group.
  • CISOs are increasingly contracting cybersecurity professionals and states are demonstrating more interest in outsourcing specific cybersecurity functions to managed service providers. In fact, more than half of CISOs report outsourcing security operations center tasks, which require 24×7 monitoring, and more than 60% of CISOs report having confidence in the cybersecurity services of third-party vendors.
  • State CISOs are starting to incorporate diversity, equity and inclusion (DEI) practices, such as designating a DEI leadership position or teams to foster a culture of inclusion. However, many CISOs say they do not know if they have such practices in place.

NASCIO Contact

Meredith Ward
Director of Policy and Research
National Association of State Chief Information Officers
859.514.9209
[email protected]