July | August 2017







State Leaders Briefed on Cybersecurity

By Jennifer Burnett, CSG Director of Fiscal and Economic Development Policy
In May, more than 50 state policymakers, federal experts and private-sector representatives convened for two-and-a-half days in Seattle for The Council of State Governments’ second annual Cybersecurity and Privacy Policy Academy.
“If you aren’t innovating, you are falling behind,” said Michael Cockrill, chief information officer for Washington state.
That was the key takeaway during the event. Technology is constantly changing and evolving, experts told attendees. In tandem, cybersecurity threats are evolving and becoming more sophisticated—and states are under attack.
Ron Baldwin, the chief information officer for Montana, described the immense scale of the threat. Montana experiences more than one billion cyberattacks every month, he said. “And that’s in a state with more cows than people.”
“Governments at all levels are targets,” said Agnes Kirk, chief information security officer for Washington state. But states are working to get ahead of the problem. “Governments are increasingly engaging in cybersecurity from both an offensive and a defensive position,” said Kirk.
One of the reasons why cybersecurity is increasingly important is because of the way people are using technology. Cloud computing and a growing reliance on the Internet of Things have drastically changed the way people work and play—and that will only be more so the case in the future. The Internet of Things, or IoT, is a term used to describe the concept that devices are now connected to the internet and to each other. For example, a washing machine might be connected to the internet, which allows it to automatically update the software that makes it run more efficiently.
“People used to say, ‘I’m going online.’ No one says that anymore because you are always online,” said Mark Relph, head of Global Business Development, Mobile and IoT for Amazon Web Services.
Kentucky Sen. Whitney Westerfield asked the panelists what states could do to proactively address these threats. “Is it a technology problem? Is it a resource problem? How can we deal with this threat?”
“It isn’t an either/or. The highest priority is well-trained human beings— technology solutions will always trail the bad guys. You have to rely on technology, just based on scale,” answered Cockrill. “But having a ready workforce is key.”
According to Doug Robinson, executive director of the National Association of State Chief Information Officers, states’ cybersecurity workforces need critical attention.
“States are experiencing a severe talent crisis,” said Robinson, a theme that was repeated throughout the conference by every state expert and pracitioner. According to NASCIO’s annual survey of its members, 9 out of 10 state chief information security officers said their top challenge was staffing.  A major obstacle for state leaders is money: nearly 92 percent of states say salary rates and pay grade structures present a challenge in attracting and retaining IT talent.
Cockrill noted that by 2020, 40 percent of the workforce will be millennials, and studies show that they are motivated by different things than their predecessors. To attract them, Washington is actively working to rebrand government service as a more desirable place to work and where employees can make a difference or impact people’s lives.
“The bad guys only have to get it right once, but the good guys have to get it right all of the time,” said Cockrill.



1 | 2 Next >