The sixth biennial Deloitte-NASCIO Cybersecurity Study reflects insights from all 50 states and 1 territory on the CISO’s role and budget, governance, reporting, workforce and operations. The CISOs filled out this year’s survey in May/June 2020—an unprecedented time as the world adjusted to the impact of the COVID-19 pandemic. State governments responded by moving their enterprise operations, services and employees to a virtual environment, and the study captures COVID-19’s impact on state cyber posture to the extent visible during the early response to the pandemic.
2020 is a year that has undoubtedly been defined by the COVID-19 pandemic. In this eleventh annual state chief information officer (CIO) survey, we received the perspective of 47 state and territory CIOs on the extraordinary and unprecedented challenges they faced this year. In addition to directly addressing the issues and lessons learned by CIOs in responding to the pandemic, we also received updates from CIOs on many of the traditional topics covered by the survey, including CIO organization business models, digital government, adoption of cloud and emerging technologies and state and local collaboration. As might be expected, there was not a single topic area where the pandemic did not impact state CIO experiences in some way. The continuing work to address the immediate challenges of COVID-19 and to prepare for the long-term impacts to state and citizen work and personal lives is reflected throughout this year’s survey.
This webinar covered the findings of the 2018 Cost of a Data Breach study and how states are preparing for and responding to data breaches.
The brief, a joint project between NASCIO’s Cybersecurity Committee and Data Protection Working Group, explains why a risk based cybersecurity approach is the most beneficial to state government data. When states take a risk based approach they improve operational efficiency, assessments are more accurate, attack surfaces are reduced and decision making is improved. As the brief states, taking an enterprise mentality brings together previously silo-based security and IT tools and allows for ongoing and continuous data monitoring and assessing.
Government is using more data than ever in rendering services to citizens, yet government has few tools to enforce privacy rules or considerations and can’t simply hire enough to meet the demand for expertise. After consulting with academic and legal experts form the privacy community in Seattle, the state’s Chief Privacy Officer, Alex Alben, retained a software firm to create a web application which returns relevant search requests based on the intended use of personal information in a product or service.
NASCIO, Grant Thornton LLP and CompTIA have collaborated for a seventh consecutive year to survey state government IT leaders on current issues, trends and perspectives. New service delivery models, innovative technology solutions, and rising customer expectations all require state CIOs to adapt continually to changing circumstances. We asked state CIOs to share their perspective on a number of topics, with a particular focus on the continued evolution of the CIO as a broker of shared services, on the IT workforce challenges facing CIOs, and on the use of data management and analytics at an enterprise level. These topics all involve CIOs looking into the future and adapting their strategies and plans to address a state IT and business environment that is becoming ever more complex. Cybersecurity, cloud solutions, mobility, procurement, cross-jurisdictional collaboration and privacy represent other high priority topics covered in the survey.
States are finding that the “Internet of Things” (IoT) can improve efficiency, reduce waste and connect citizens to state services in faster and more affordable ways. But with that value comes vulnerability. States must consider security, privacy, accessibility and standardization when crafting a roadmap for IoT. This policy brief describes ways that states are currently implementing IoT, possibilities for the coming years, and recommendations on avoiding difficulties along the way.
State governments are turning to unmanned aerial systems (UAS) for a variety of applications. This brief lays out important public policy issues when it comes to state CIO governance of UAS.
Cloud computing will continue to be an invaluable resource for state and local governments in their efforts to rationalize and optimize computing resources. Cloud computing should be seen as an IT innovation that can support rationalization and optimization of business services as well as IT services. Due diligence prescribes the necessity of exploring and evaluating jurisdictional issues in order to ensure long term sustainability and growing adoption of collaborative government operations in state and local government.
Cloud computing brings with it opportunities, issues and risks. One major consideration that must be addressed is the management of data – governance, stewardship, consistency, ownership and security. Data is the lifeblood of state government operations and critical for service delivery. With the fiscal stress and operational pressures that are driving state and local governments toward serious consideration and adoption of cloud computing, the data must not be ignored. These pressures must be managed intelligently to avoid pushing government into a future situation that could constitute greater cost, and more difficulty in achieving interoperability of government lines of business and government jurisdictions.