Recognizing that a major cyber-attack can disrupt the business of state government, the National Association of State Chief Information Officers (NASCIO) today released guidance on state government cyber disruption response planning.  Cybersecurity protection, response, resiliency and recovery dominate the agendas of chief information officers, both in the public and private sector. With the reality that a cyber-attack on critical infrastructure is no longer a theory, state governments must be prepared to respond and be resilient. 

“This guide is both a practical implementation document and a call to action for states to develop state cyber disruption response plans,” said Darryl Ackley, cabinet secretary for the New Mexico Department of Information Technology and NASCIO president. “We’ve provided guidance on how to get started and who needs to be engaged. Further, we see this first version as one that will be further developed with input from the states and other stakeholders.”

From the perspective of state information technology leaders, cybersecurity has been on the annual State CIO Top Ten Priorities published by NASCIO since the inception of the list in 2006. Since then, the frequency, magnitude and sophistication of cyber-attacks has continued to increase at an accelerated pace. States must develop, mature and test capabilities for dealing with the aftermath of such events that could disrupt the continuity of government.

“Michigan was an early proponent of cyber disruption response planning and collaboration with key state leaders outside of information technology,” said David Behen, chief information officer for the state of Michigan and co-chair of NASCIO’s Cybersecurity Committee.  “One of the many things we are emphasizing in our NASCIO guidance is collaboration and integration.”

“With support from the U.S. Department of Justice, Bureau of Justice Assistance, NASCIO is focusing on cyber disruption response planning guidance to help states begin to develop an approach that brings together various agencies such as homeland security, law enforcement, emergency management and the National Guard,” said Doug Robinson, NASCIO executive director.”  “Cybersecurity is a team sport and these partners bring the necessary capabilities for responding to a major cyber event that could have dire consequences.”

The guidance is made up of a three volume set that includes: a report on cyber disruption response planning, a comprehensive checklist and a cross functional process description.  Together these documents provide guidance on governance, communications and operating discipline for cyber disruption response planning.

Read the guidance report at www.nascio.org/cyberdisruption

LEXINGTON, Ky., Thursday, January 28, 2016 — Today the National Association of State Chief Information Officers (NASCIO) announced that it is a committed Champion of Data Privacy Day (DPD) ‒ an international effort held annually on January 28 to create awareness about the importance of privacy and protecting personal information. As a DPD Champion, NASCIO recognizes and supports the principle that organizations, businesses and government all share the responsibility of being conscientious stewards of personal information by respecting privacy, safeguarding data and enabling trust. 

Data Privacy Day is part of a greater effort, the #PrivacyAware campaign, which helps consumers understand how they can own their online presence and reminds businesses that privacy is indeed good for business. NASCIO joins the growing global effort among organizations, corporations, educational institutions, government entities, municipalities and individuals to raise awareness at home, at work and in their communities. Through collaboration and unified, consistent messaging about data privacy, all DPD Champions will work toward the common goal of improving consumer and business consciousness while encouraging and empowering all digital citizens to be #PrivacyAware.

“For states, data privacy is a growing priority as more and more digital data on citizens is collected, shared, stored and analyzed. NASCIO is happy to be a Data Privacy Day Champion again this year and we look forward to focusing more on this issue in the coming year,” stated NASCIO Executive Director Doug Robinson.

In addition to becoming a DPD Champion, NASCIO has formed a new Privacy and Data Protection Working Group which will highlight privacy issues of importance to state CIOs. The working group is a subcommittee of the NASCIO Cybersecurity Committee. The new working group will have monthly calls on various topics related to privacy and data protection.

DPD and the #PrivacyAware campaign are spearheaded by the National Cyber Security Alliance, a nonprofit, public-private partnership dedicated to promoting a safer, more secure and more trusted Internet. For more information about how to get involved in DPD and the Champions program visit https://www.staysafeonline.org/dpd. You can also follow the campaign on Twitter at @DataPrivacyDay or on Facebook at https://www.facebook.com/DataPrivacyNCSA and use the official hashtag #PrivacyAware to join the conversation. 

LEXINGTON, Ky., Tuesday, November 10 — As the National Association of State Chief Information Officers (NASCIO) celebrates 10 years of its survey of state information technology leaders on critical state CIO priorities for the coming year, security, cloud services, and consolidation continue to top the list as state CIOs look toward 2016. The prioritized rankings of strategies and technologies reflect voting by state CIOs and are available for download at www.NASCIO.org/topten.

This year, NASCIO’s annual top 10 ranking shows IT security strategies and tools are at the top of the list across the states, with security topping the list of priority strategies for the third consecutive year. Cloud services and consolidation/optimization traded positions for second and third compared to the previous year.

Darryl Ackley, NASCIO president and New Mexico chief information officer stated, “It is not surprising that these three priorities continue to be a top priority among a majority of our states. However, as we see data analytics and legacy modernization move up the list, you’re seeing a good illustration of how the responsibilities of the state CIO are expanding. Balancing innovation with legacy investments remains a challenge for our states.”

“An interesting facet of the 2016 state CIO voting is the profile of the respondents,” stated NASCIO Executive Director Doug Robinson. “This year there are 19 new CIOs that participated in this annual ranking of state priorities for the first time. We can see they are seeking innovative ways to attract and retain talent with state IT workforce appearing on the list again in 2016. However, even more interesting, is the appearance of enterprise vision and roadmap for IT for the first time in our 10 years of tracking these priorities.”

NASCIO utilizes the annual list of priorities to develop strategic areas of focus for the coming year, formulate new committees and working groups, and plan NASCIO conference sessions and publications. To celebrate the 10th anniversary of the top 10 priorities ranking, check the NASCIO Twitter feed and website for interesting facts about the past decade and how state CIO priorities have, and haven’t changed.

LEXINGTON, Ky., Tuesday, October 27 — The National Association of State Chief Information Officers (NASCIO) today released the first in its series focused on data management. Recognizing the importance of data management in state government, NASCIO established its Data Management Working Group under the auspices of the NASCIO Enterprise Architecture and Governance Committee. The working group plans to develop a set of early briefs on making the case for data management and how to get started.

NASCIO has a long history of supporting data management beginning with its Enterprise Architecture Toolkit version 3.0 and subsequently a number of publications on data governance, open data, analytics, cloud services and records management. This latest initiative will add to the portfolio of reports resulting in a developing library of publications, webinars and conference sessions. Data and information are indeed critical assets of government. These assets must be properly exploited to make better decisions and to support collaboration across agencies and jurisdictions.

“We are facing the same issues across all the states in managing our data and information,” said NASCIO Executive Director Doug Robinson. “We are focusing efforts on data management not only because of our existing investments in data and information, but also in anticipation of the continued growth in data from a host of sources including the Internet of Things.”

Read the brief at www.NASCIO.org/publications.