NASCIO Continues State IT Procurement Reform Campaign with Renewed Calls for Acquisition Reformation and Transformation

/in /by

SAN DIEGO, Calif., Tuesday, October 23 — The National Association of State Chief Information Officers today renewed its call for information technology (IT) acquisition reform by releasing A View from the Marketplace: What They Say About State IT Procurement. The publication, a product of the NASCIO Roundtable on IT Procurement Innovation, focuses on the role the private sector can play in the state IT acquisition process (not just the IT procurement process). The publication includes feedback from NASCIO’s private sector members as well as the following recommendations for all involved in the state IT acquisition process:

  • Work together to shorten the IT acquisition process
  • Build relationships and improve communication and transparency
  • Modernize IT acquisition strategies to enable innovation
  • Cross-educate state and private sector teams

“During our work on the roundtable, one participant told us she had two children during one sales cycle,” said Meredith Ward, NASCIO senior policy analyst. “Clearly, shortening acquisition times and working together to ensure the process produces the best possible outcome for states is key.”

Members of the roundtable included state and private sector participants from the following invited associations:

  • National Association of State Procurement Officials (NASPO)
  • National Association of State Chief Administrators (NASCA)
  • Computing Technology Industry Association (CompTIA) SLED Council
  • IT Alliance for Public Sector (ITAPS)

A copy of the publication can be found on NASCIO’s website, www.nascio.org/procurement.

2018 Deloitte-NASCIO Cybersecurity Study: Top Challenges Persist Since 2010, Calls for Bold Changes

/in /by

Funding, talent and increase of threats continue as top issues impacting states’ cybersecurity risk, “Now is the time to disrupt the status quo” says report

SAN DIEGO, Calif., Tuesday, October 23 — Even as state government Chief Information Security Officers (CISOs) have increased their access to and communications with top leaders, the top three issues impacting states’ cybersecurity remain the same from past surveys – budget, talent and increasing cyber threats. These findings from the “2018 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study” are a call for bold action to disrupt the status quo, according to the report authors.

“We’ve been surveying state CISOs every other year since 2010 and these top three issues have not changed,” said Bo Reese, NASCIO president and chief information officer (CIO), state of Oklahoma. “The reality is that the magnitude of threats is rarely matched in attention and funding in state government. Simply put, the time is now to be bold in state cybersecurity.”

“While CISOs and CIOs have done a tremendous job over the years developing much needed governance plans and building relationships with state leaders, the funding and talent needed to fully address cyber risk is not there,” said Srini Subramanian, principal, Deloitte & Touche LLP, and state and local government risk advisory leader. “The three bold plays outlined in this year’s report provide state CISOs and CIOs additional ideas on ways to get more funding and overcome cybersecurity talent challenge.”

The three bold steps state CISOs can take to overcome persistent challenges:

1)    Advocate for dedicated cybersecurity program funding.

Nearly half of all US states do not have a dedicated cybersecurity budget and data from this year’s survey shows slower cybersecurity budget growth compared to 2016. In fact, most states still spend less than 3 percent of their information technology budget on cybersecurity.

Additionally, CISOs can also push for funding from federal agencies to implement the federal security requirements and controls. For example, state health and human services (HHS) agencies were able to secure funding from Centers for Medicare and Medicaid Services (CMS) to establish CMS’s suggested Minimum Acceptable Risk Safeguards.

2)    Be an enabler of innovation, not a barrier.

In this year’s survey, emerging technology initiatives in areas such as artificial intelligence, smart enterprises (smart cities), and blockchain technology rank at the bottom of the CISO initiative list, indicating that they may not yet be a priority for CISOs. To take on emerging technologies, CISOs should actively participate with state CIOs in shaping the innovation agenda, collaborate with state digital and innovation officers and lead the charge to help program leaders embrace and securely adopt new technologies.

3)    Team with the private sector and higher education.

This year’s survey results show that states’ cybersecurity teams remain small with an increase in the talent gap. More than half of CISOs have 15 or less full-time-equivalent employees.

To address the talent gap, CISOs can: increase their use of teaming with private sector with services level for select cybersecurity functions; form partnerships with local colleges and universities; and establish a network among state and local agencies, academia; and companies to share threat information, capabilities and contracts.

In addition to the top-three concerns outlined by CISOs, there are a number of emerging trends getting CISOs’ attention, including: election security, cloud and outsourced data center security.

Other noteworthy trends in this year’s report include:

  • One-fifth of state respondents say they report monthly to the governor, and a third report monthly to the state secretary or deputy secretary. Monthly reporting to business stakeholders has also increased to 25 percent in 2018 from 10 percent in 2016.
  • Forty states now have documented and approved governance plans (up from 29 in 2016).
  • Sixty-one percent of respondents indicate that their cybersecurity staff has gaps in competencies; 94 percent of states indicate that salary is the biggest barrier to attract and retain cybersecurity talent.
  • Awareness training for state employees and contractors is now an established practice in 94 percent of states, compared to 84 percent in 2016.

To read the full study visit, www.nascio.org/stateofcyber.

About the survey

This survey is based on responses from US state enterprise-level CISOs with additional input from agency CISOs and security staff members within state governments.

CISO participants answered 56 questions designed to characterize the enterprise-level strategy, governance and operation of security programs. Representatives from all 50 states responded to this year’s survey. The report was produced by Deloitte’s Center for Government Insights and NASCIO.

State CIOs Value Communication, Ready to Face Evolving Nature of Technology Leadership

/in /by

SAN DIEGO, Calif,. Tuesday, October 23 — As internal and external pressures continue to mount, state technology leaders say they are confident that by building strong teams and embracing new products and development processes, state IT departments will be able to improve how they serve government agencies and residents. Those and other factors contributed heavily to the 2018 State CIO Survey, State CIO as Communicator: The Evolving Nature of Technology Leadership, which was jointly released today by the National Association of State Chief Information Officers (NASCIO), Grant Thornton LLP and CompTIA. The survey includes responses from all 50 state CIOs on a range of issues, from evolving business models to workforce and budget to access to innovation and facing the future. Respondents to this year’s survey represent more than 150 years of collective service as a state’s top technology official.

“The results of our 2018 survey highlight how state CIOs are addressing and planning for more transition in state government,” said Doug Robinson, executive director of NASCIO. “CIOs are building strong relationships with key stakeholders and focusing on enterprise vision and strategy, security and risk management, agency customer service and relationship management.”

“The era of IT infrastructure as a state CIO’s primary focus is squarely in the rearview mirror,” said Graeme Finley, principal with Grant Thornton Public Sector. “Technology is enabling government to operate and deliver services to constituents more efficiently, but at the same time, a CIO’s mastery of communication and negotiation skills is becoming increasingly essential to the top technology role in state government.”

“The insights provided in this year’s survey will help the private technology sector better tailor offerings to state governments,” said Jennifer Saha, Director of Public Sector Councils for CompTIA. “Knowing where CIOs are heading, and what obstacles stand in their way, allows the technology industry to better anticipate the often unique needs of each state. With that understanding, tech companies are able to provide better solutions and partner with states to accomplish their business goals.”

The 2018 State CIO Survey also highlights critical success factors for CIOs, legacy modernization funding and procurement, digital transformation and emerging technologies. The complete report State CIO as a Communicator: The Evolving Nature of Technology Leadership is available on the NASCIO website: www.nascio.org/2018StateCIOSurvey.

NASCIO Recognizes State Chief Information Security Officers with Jarrett Scholarship

/in /by

SAN DIEGO, Calif., Monday, October 22 — The National Association of State Chief Information Officers (NASCIO) has awarded the Thomas M. Jarrett Cybersecurity Scholarship to three exceptional state Chief Information Security Officers (CISO), for the 2018 Annual Conference in San Diego. This is the sixth year for the scholarship program, which was created to pay homage to Thomas M. Jarrett, past president of NASCIO (2004 – 2005), for his passion for cybersecurity. The scholarship grants current CISOs the opportunity to attend the NASCIO Annual Conference and contribute to the national dialogue on cybersecurity and related issues.

The 2018 Thomas M. Jarrett Cybersecurity Scholarship recipients are Aaron Call, Chief Information Security Officer, State of Minnesota (nominated by Johanna Clyborne, Commissioner and Chief Information Officer, State of Minnesota); Mark Gower, Chief Information Security Officer, State of Oklahoma (nominated by Bo Reese, Chief Information Officer, State of Oklahoma); and Shannon Lawson, Chief Information Security Officer, State of Alaska (nominated by Bill Vajda, former Chief Information Officer, State of Alaska).

NASCIO Announces New Corporate Leadership Council Leadership and Corporate Longevity Award Recipients

/in /by

SAN DIEGO, Calif., Sunday, October 21 — The Corporate Leadership Council (CLC) is comprised of dedicated National Association of State Chief Information Officers (NASCIO) corporate members committed to utilizing private sector intellectual and financial resources to serve NASCIO and its members. CLC members promote information sharing among public and private-sector members, providing expertise to NASCIO issue focus areas and developing publications and projects.

The NASCIO corporate members have elected a new CLC chair and vice chair for the 2018-2019 program year. The CLC will be led by Dan Lohrmann, Security Mentor, as chair and Rick Webb, Accenture, as vice chair. The CLC chair and vice chair hold an advisory seat on NASCIO's Executive Committee.

Corporations holding memberships in NASCIO for five years (and at 5-year intervals thereafter) are recognized during the Annual Conference. Recognition of corporate longevity is automatic, and nomination is not required.

NASCIO’s Corporate Longevity Award recipients for 2018 are:

20-years – Conduent, Verizon

15-years – CA Technologies

10-years – BerryDunn, Strategy Execution

5-years – Acquia, C Spire, Capgemini Government Solutions, Centrify, First Data, ISAM, Palo Alto Networks, ServiceNow

NASCIO Announces New Executive Committee Leadership

/in /by

SAN DIEGO, Calif., Sunday, October 21 — Top state information technology leaders have been selected to serve as the new program year Executive Committee for the National Association of State Chief Information Officers (NASCIO). The association is now led by James Collins, Delaware chief information officer and NASCIO president for the 2018-19 program year. Collins succeeds Oklahoma Chief Information Officer, James “Bo” Reese. 
    
NASCIO’s 2018-19 Executive Committee leaders are:

Executive Committee Officers:
President – James Collins, Chief Information Officer, Delaware
Vice President – Todd Kimbriel, Chief Information Officer, Texas
Secretary/Treasurer – Eric Boyette, Chief Information Officer, North Carolina
Past President – James Reese, Chief Information Officer, Oklahoma

Executive Committee Directors:
Denis Goulet, Chief Information Officer, New Hampshire
Mike Hussey, Chief Information Officer, Utah
Yessica Jones, Chief Technology Officer, Arkansas
Michael Leahy, Chief Information Officer, Maryland
John MacMillan, Chief Information Officer, Pennsylvania
Dewand Neely, Chief Information Officer and Director, Indiana
Mark Raymond, Chief Information Officer, Connecticut
Ed Toner, Chief Information Officer, Nebraska

NASCIO and CoSA Release Publication on E-Records Preservation

/in /by

LEXINGTON, Ky., Wednesday, October 17 — Today, the National Association of State Chief Information Officers (NASCIO) and the Council of State Archivists (CoSA) announced the release of “State Archiving in the Digital Era: A Playbook for the Preservation of Electronic Records.” The release comes just one week after NASCIO recognized Electronic Records Day, which is celebrated every year on October 10.

States uniquely hold important records on their citizens from birth, to marriage, to property, to death, as well as records that hold general historical significance. For the last several years the number of digital records created by state governments has been rapidly increasing. Many states are finding that they are unprepared to deal with the unique management and preservation issues that are related to digital archives. NASCIO, along with CoSA created this playbook for the preservation of state electronic records. This document includes eleven plays that state officials should consider when working together toward the preservation of digital archives.

See the playbook at: https://www.nascio.org/publications

NASCIO Observes Electronic Records Day

/in /by

LEXINGTON, Ky., Wednesday, October 10 — Today, the National Association of State Chief Information Officers (NASCIO) observes Electronic Records Day, sponsored by the Council of State Archivists (CoSA). In conjunction with Electronic Records Day, NASCIO announces the impending release of a playbook for the digital preservation of electronic records, written together with CoSA. Electronic Records Day is celebrated every year on October 10 as an opportunity to share what your state or organization is doing to manage digital resources and preserve electronic records.

“State governments have seen a rapidly increasing volume of digital records in the last several years. States must be intentional and focus on governance and management of electronic records,” said Doug Robinson, NASCIO Executive Director. “State officials know this, however greater attention to an enterprise e-records roadmap and more collaboration will accelerate progress. To assist officials, NASCIO and CoSA will be releasing a playbook for the digital preservation of electronic records in the next several days.”

In recognition of the seventh anniversary of E-Records Day, CoSA has promoted electronic records awareness leading up to October 10 and placed a special focus on electronic communications in state government agencies, the general public, and related professional organizations.

CoSA reminds us that electronic records need regular attention and care in order to remain accessible. Join NASCIO and CoSA in raising awareness of digital records and the importance of their preservation.

See CoSA’s Electronic Records Day page for more information and tips on managing e-records at https://www.statearchivists.org/programs/state-electronic-records-initiative/electronic-records-day/.

NASCIO Champions National Cyber Security Awareness Month

/in /by

LEXINGTON, Ky., Thursday, September 27 — The National Association of State Chief Information Officers (NASCIO) is once again observing National Cyber Security Awareness Month by being an official cybersecurity champion. For the 15th consecutive year, the Department of Homeland Security’s Office of Cybersecurity and Communications, the Multi-State Information Sharing and Analysis Center and the National Cyber Security Alliance are promoting cyber security awareness, safety and security online. Once again, NASCIO is partnering with these organizations to officially show support and promote a safer, more secure and trusted Internet.

NASCIO kicked off a webinar series leading up to National Cybersecurity Awareness Month by highlighting some of the most important cybersecurity issues impacting states today. Future and past recordings can be found at www.nascio.org/cyberseries.

To further support cybersecurity awareness, NASCIO will release the 2018 Deloitte-NASCIO Cybersecurity Study, the fifth of its kind, at the NASCIO Annual Conference in San Diego this October. This bi-annual study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers. Past cyber studies can be found at www.nascio.org/stateofcyber.

‘’With cybersecurity remaining as the top state CIO priority for the past five years, it’s important for NASCIO to continue to convey the significance of online safety and security as a champion of National Cyber Security Awareness Month,’’ said Doug Robinson, NASCIO executive director. ‘’NASCIO applauds states for their continued effort in making cybersecurity awareness top of mind by hosting events and highlighting their own state programs and resources throughout the month of October. NASCIO will continue to support states and state CIOs for their continued efforts in cybersecurity not only during National Cyber Security Awareness Month, but all year long.’’

Cybersecurity resources and advocacy efforts can be found on NASCIO’s Cybersecurity Awareness resource page at www.nascio.org/cybersecurity.

To learn more about participating in National Cyber Security Awareness Month, please visit www.staysafeonline.org. Consider joining NASCIO and becoming a cybersecurity awareness champion today.

The State CIO Top Ten – More Than a List, Taking a Fresh Look

/in /by

LEXINGTON, Ky., Wednesday, September 26, 2018— The National Association of State Chief Information Officers (NASCIO) has released a second report in a series on the topic of “multisourcing” presenting a relationship between the forces of change from the first report and the NASCIO Top Ten.

NASCIO is conducting research this year on the topic of multisourcing and the bringing together of multiple service providers, both internal and external, using a new operating model.  The forces of change presented in the first in this series is the anchor point for this second report.  The forces of change essentially are driving states toward a set of priorities as reflected in the NASCIO State CIO Top Ten Priority Strategies, Management Processes and Solutions.  NASCIO’s research project is intended to help forge the way forward to provide best practices and a maturity assessment to assist states in managing a multisourcing environment.

Dr. Craig Orgeron, Co-Chair of the NASCIO Enterprise Architecture & Governance Committee and Chief Information Officer for the State of Mississippi stated, “The State CIO Top Ten Priorities that is published each year is more than a list. It presents the pulse of the states, what is surfacing to the top from across all the states and territories as they anticipate and respond to the various forces of change.  In this paper we’re discussing that relationship between these forces and state priorities as reflected in the NASCIO Top Ten.”

“The actual forces of change can be somewhat different from state to state.  Each state has their own unique political forces, organizational dynamics, and reporting structure that constitute the specific forces of change we generalize in our model,” stated Eric Boyette, Co-Chair of the NASCIO Enterprise Architecture & Governance Committee and Chief Information Officer for the State of North Carolina. “The Top Ten State CIO Priorities helps rationalize all of these specific forces into a set of common priorities we can work on together at a national level.”

The report is available for download at NASCIO.org/ResourceCenter. NASCIO will be releasing a final report at the NASCIO Annual Conference in October 2018.