States called to action on security

Promoting information technology security as a "way of life," a new report is urging state governments to look at better governance and enterprise architecture models, deploy enhanced technologies to measure and prevent cyberattacks, and share data with other critical groups.

The report, "Public-Sector Information Security: A Call to Action for Public-Sector CIOs," was issued by the National Association of State Chief Information Officers ( and funded by the PricewaterhouseCoopers Endowment for the Business of Government.

John Lainhart, a PwC Consulting partner responsible for the group's information assurance practice, said the report should serve as a comprehensive roadmap to view IT governance not just as a technology issue, but also from a management perspective.

"It's a new topic. It's cutting edge if you will," said Lainhart, adding that governors and state legislatures have to come up to speed about the necessity for IT security. "It's clearly a huge problem for the states."

The report, written by former Kansas CIO Don Heiman and released July 23, spells out 10 recommendations to boost IT security:

* Develop an enterprise IT governance model including representatives from all branches of state government.

* Develop measures of success and best practices.

* Adopt IT control objects to manage, implement and maintain systems.

* Develop metrics to precisely measure intrusions, breaches, penetrations, and vulnerabilities and share such confidential information with appropriate groups.

* Develop an enterprisewide IT architecture that includes cybersecurity.

* Create a business case for security, including a full risk assessment of critical infrastructure vulnerabilities, inventory of critical systems and assets and gap analysis.

* Implement appropriate security technologies depending on the asset.

* Develop a state security portal for coordinating emergency response. The portal should integrate with emergency technologies.

* Establish an interstate information sharing and analysis center to help coordinate state responses to cyberattacks.

* Develop model legislation to all local, state and federal entities to share confidential security incident reports among themselves and private groups that support critical infrastructures.

With up to 45 states grappling with revenue shortfalls, the issue may have a difficult climb.

"This is a problem particularly for the states because of the budget crunches in the states and it's got to be put into a priority order," said Lainhart, who also sits on the nonprofit IT Governance Institute board, which is promoting the issue.

"They've got to look at this and identify their significant needs and put the funds there and certainly we've said in the report they need some help from the federal government. That's what Congress is considering right now in homeland security legislation," he said.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected