States expect perks from the plan

The comprehensive part of the Comprehensive National Cybersecurity Initiative (CNCI) relates in part to the eventual involvement by the private sector and state and local governments, primarily as partners in information-sharing efforts. Those tighter bonds have not happened.  “Initially, I don’t see much impact for us,” said Robert Maley, chief information security officer of Pennsylvania. “But I’m hoping that what does come out of this is a better situational awareness of the larger [security] space that the feds can share with us.”Much of what the CNCI is proposing for the federal space, such as installing better network sensors through the Einstein program and reducing network access points through the Trusted Internet Connections program, was accomplished at the state level several years ago, he said.However, the threat level continues to increase. During this year there have been several significant changes in the attack strategies used to try to infiltrate the state’s networks, Maley said, whereas it used to take years for that to happen.The information shared during the past few years through the multistate Information Sharing and Analysis Centers has been a major resource for Pennsylvania in fighting these attacks, he said.“If the federal government likewise takes the information gathered through the CNCI and shares it with us, that will be a huge benefit to us,” he said.