NASCIO Fly-In Brings State CIOs Priorities to Washington

WASHINGTON, D.C.—On Wednesday, the National Association of State Chief Information Officers (NASCIO) D.C. Fly-In brought together a delegation of state IT leaders with key federal decision makers. Over 50 State CIOs and state technology policy officials engaged in high-level briefings and roundtable discussions with congressional staff, federal agency officials, and NASCIO strategic partners on significant issues impacting state government technology.

NASCIO members discussed pressing intergovernmental technology policy concerns, including the cybersecurity threat to state governments, grant guidance reform, and the FirstNet Public Safety Broadband Network. “The Fly-In is not just an opportunity for us to learn from our partners at the federal level, but also to provide them with the information they need to harness the power of information technology to modernize government at every level—making it more efficient, effective, and transparent for our citizens,” said Brenda Decker, NASCIO president and CIO for the state of Nebraska.

Pelgrin Honored with the NASCIO Technology Champion Award

WASHINGTON, D.C., Tuesday, April 30 — The National Association of State Chief Information Officers (NASCIO) has awarded Will Pelgrin, CEO and president of the Center for Internet Security and founder and chair of the Multi-state Information Sharing and Analysis Center (MS-ISAC), with the association’s 2013 NASCIO Technology Champion (NTC) award. Pelgrin received recognition for his outstanding contributions promoting government performance excellence through sound information technology solutions, policies and practice during the NASCIO Midyear Conference in Washington, D.C.

Elayne Starkey, Delaware chief security officer said, “Will Pelgrin is an outstanding selection for the NASCIO Technology Champion Award. His advice, wise counsel, and willingness to assist has been invaluable to the Delaware Security Program as we partner together to protect critical assets.”

“Will Pelgrin is our nation’s cybersecurity pioneer whose vision and energy has created the vital bridge that now strongly connects chief information security officers and other security practitioners working in the public sector,” said Jim Richards, West Virginia chief information security officer. “Will is known for his incredibly strong commitment to the continuous enhancement of the nation’s security posture, and he has created invaluable and powerful linkages, within the framework of the MS-ISAC, among public sector organizations, and with the federal Cyber Security partners.”

NASCIO presents the NTC award each spring to acknowledge an individual who has demonstrated a clear understanding of the fundamental role that information technology can play in efficient and effective government operations. Nominees may be an elected or appointed official representing federal, state or local government, an academician, author, journalist, or an individual from the non-profit or private sector.

NASCIO Releases Capitals in the Clouds Part V: Managing the Risk of Free Cloud Services

LEXINGTON, Ky., Wednesday, April 3 – Cloud-based file sharing solutions have become very popular and certainly a growing and significant part of day-to-day computing according to “Capitals in the Clouds Part V: Managing the Risk of Free Cloud Services” an issue brief released today by the National Association of State Chief Information Officers (NASCIO). It is easy to see why these services are attractive to state government users after using them in many facets of their personal life. With a wide variety of choices in the market, these solutions are easy to access, configure and use. They support multiple devices (especially mobile), and data in multiple formats. The most important consideration for state employee users – these file sharing services are free.

Since the release of the 2012 NASCIO and Deloitte Cybersecurity Study, more security and policy questions have been raised on the use of free cloud services by states. In addition to the May 2012 Capitals in the Clouds IV guidance on rogue cloud users, states have continued to seek out leading practices on how to put the proper controls in place, meet security standards, craft acceptable use policies, and identify the open records and legal concerns regarding terms of service. In addition, state CIOs understand they must support the business objectives of their agency customers and offer enterprise alternatives to free cloud services.

“The business is the only reason we all exist in providing IT services. Without the business, IT has no role. However, identification, assumption and mitigation of risk must be an integral part of the overall business plan,” said Tony Encinias, state chief information officer for the Commonwealth of Pennsylvania. “Having the business acknowledge, understand and be accountable of the risk changes human behavior. This philosophy is an important tenant on how the Commonwealth approaches risk management.”

To address these concerns and take a deeper dive into the topic, NASCIO interviewed IT security expert Erik Avakian, chief information security officer for the Commonwealth of Pennsylvania. The insightful interview is available for download on NASCIO’s website at www.nascio.org/publications/.

NASCIO Establishes Conference Scholarship Program in Memory of Past President

LEXINGTON, Ky., Wednesday, March 27 — The National Association of State Chief Information Officers (NASCIO) created a new scholarship program, the Thomas M. Jarrett CISO Conference Scholarship Program, to honor Thomas Jarrett, former Chief Information Officer of the State of Delaware, NASCIO President (2005-2006) and 2006 recipient of the prestigious Meritorious Service Award.

This elite scholarship will award three chief information security officers (CISOs) the opportunity to attend a premier NASCIO conference. State chief information officers may nominate CISOs for the scholarship starting April 1 at www.nascio.org. The application will include examples of the CISO’s leadership in cybersecurity and why the CISO would benefit from attending the conference. Learn more at https://www.nascio.org/awards/tjcs/.

“Tom had a passion for cybersecurity not only in his state, but for the association as well,” said Doug Robinson, NASCIO’s executive director. “To recognize his contributions and advocacy in advancing the states’ cybersecurity agenda, NASCIO’s leadership dedicated a scholarship in his memory.”

Read Robinson’s blog on remembering Tom Jarrett at http://community.nascio.org/NASCIO/Blogs/BlogViewer/?BlogKey=2ebc37ce-de96-46fa-b7ea-953052c82b55.

NASCIO Announces Paul Vitale as the 2013 Midyear Keynote Speaker

LEXINGTON, Ky., Tuesday, March 26 — Paul Vitale, professional speaker and author, will present the keynote, “Inspired Teamwork & Leadership,” at the National Association of State Chief Information Officer’s (NASCIO) 2013 Midyear Conference.

Vitale, one of America’s most sought-out speakers and trainers, will detail significant traits and strategies that bring cohesiveness to any team. The NASCIO attendees will hear about uniting for a common cause, understanding and respecting diversity and encouraging individuals through positive actions are all elements of this empowering message.

“It is a distinct privilege having the opportunity to present during the NASCIO 2013 Midyear Conference. I am extremely excited to work with the many attendees who will be present for this important event mapping strategies and networking for growth and strength,” said Vitale.

The keynote will take place in Washington, DC on Monday, April 29.

NASCIO Becomes Data Privacy Day Champion

LEXINGTON, Ky., Thursday, January 24 — the National Association of State Chief Information Officers (NASCIO) is joining the effort to promote privacy awareness along with a multitude of other international organizations, companies, education institutions, government entities and municipalities across the globe, by becoming a Champion and supporting January 28 as Data Privacy Day. Coordinated and led by the National Cyber Security Alliance (NCSA), Data Privacy Day is held each year on January 28 and is an international awareness effort to empower people to better protect their privacy.

Data Privacy Day promotes messages about the importance of data protection and controlling one’s digital footprint. As a Data Privacy Day Champion, NASCIO recognizes and supports the ideal that individuals, organizations, business and government all share the responsibility to be aware of privacy challenges and encourages everyone to bring information privacy into their daily thoughts, conversations and actions.

“While providing state agencies with enterprise technology services, state CIOs are acutely aware of the personally identifiable information entrusted to their protection,” stated NASCIO Executive Director Doug Robinson. “Because keeping citizen data secure is a top priority, it’s imperative for state CIOs, to implement the necessary security protocols and measures that support privacy policies.”

Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. More information is available at: http://www.staysafeonline.org/data-privacy-day/landing/

About Data Privacy Day
Led by the National Cyber Security Alliance, Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108 – the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is a celebration for everyone and an effort to empower people to protect their privacy, control their digital footprint and escalate the protection of data privacy as everyone’s priority. Intel is a Platinum sponsor of Data Privacy Day. Gold sponsors include AT&T, Microsoft and Google.

NASCIO on Limitations on Liability for IT Procurement – Any Progress?

LEXINGTON, Ky., Thursday, January 24 — The National Association of State Chief Information Officers (NASCIO) is pleased to announce the release of updated research into the changes in state IT procurement. NASCIO’s 2004 publication

NASCIO on Unlimited Liability – Gaining Traction on the Road to “Win-Win” recommended changes to the state IT procurement policy regarding limitations on liability, and research from 2010 and 2012 show subtle changes have occurred in the states.

This infographic indicates which states have limitations on liability in statute, which states have none, and which states are able to negotiate limitations on a case by case basis, and compares the current situation to previous NASCIO research. This report is available at: www.nascio.org/publications.

NASCIO State IT Procurement Modernization Committee Co-Chair and State CIO of Oklahoma Alex Pettit stated, “In compiling this research, it became apparent that many states were investigating their statutes and policies on limitations of liability, and that though there have been changes since the publication in 2004, there is still work to be done so IT procurements can more often be win-win situations for states and vendors.”

The research indicates minor changes in state IT procurement liability limitations and suggests that more progress is needed.

NASCIO Releases Federal Priorities: Modernizing Regulations, Cybersecurity, and Collaboration are Essential for States

WASHINGTON, D.C., Wednesday, January 16 – The National Association of State Chief Information Officer’s (NASCIO) released its 2013 federal advocacy priorities today. NASCIO hopes to put a spotlight on modernizing outdated federal rules and regulations, bolstering our nation’s cybersecurity, building a public safety broadband network, and pushing greater collaboration to expand the maturity and use of information exchange models and secure identities in cyberspace. The 2013 Federal Advocacy Priorities are now available at www.nascio.org/advocacy/current/.

With technology and telecommunications evolving faster than our federal rules and regulations, NASCIO is looking to work with our federal partners to ensure our citizens’ tax dollars are not being wasted due to regulations that do not complement current technologies and best practices in information technology management.

“Cloud services are something our children are using and lightning fast information exchange is a simple click away. It’s past time to modernize how federal agencies work with states to deliver key services from Medicare benefits to homeland security,” explained NASCIO President Brenda Decker, Chief Information Officer for the State of Nebraska. “Current federal requirements and directives mean that states must spend hundreds of millions to build and support duplicative systems. State CIOs know that simple reforms could not only save billions in taxpayer dollars, but also provide better service delivery to the American people.”

In addition, our state CIOs want to build upon current collaboration with the federal government in a number of areas. The most pressing of these is to expand and mature collaboration on cybersecurity.

“There have been 94 million cases in which personal information has been exposed to potential identity theft through data breaches at government agencies since 2009, with a 680 percent increase in cyber threats against those systems in the last 5 years,” Mitch Herckis, Director of Government Affairs for NASCIO. “There is no more significant issue to state CIOs than keeping our citizens safe and their personal information secure—but we need greater collaboration and support from the federal government to deter the increasing threats.”

State CIOs are also looking to collaborate with the federal government on building a nationwide public safety broadband communications network, expanding the adoption of the national information exchange model to facilitate better collaboration across all levels of government, and working in partnership to provide employees and citizens with secure identities in cyberspace.