Local, State Governments May Get Help With Hiring, Information Sharing as Part of Cybersecurity Framework

Doug Robinson, executive director of the National Association of State Chief Information Officers (NASCIO), said that while states are recovering from the economic downturn, cybersecurity funding has remained stagnant. About 30 percent of state IT workers, including those responsible for cybersecurity, are eligible to retire, he said.

Federal agencies also face the issue of hiring and retaining qualified IT staff, said Jenny Menna, director of the Department of Homeland Security Stakeholder Engagement and Cyber Infrastructure Resilience division. “You're not going to pay as much as Bank of America.” Federal agencies are examining ways to partner with local universities and would examine if similar partnerships could be built to help local governments, she said. The division also issued a request for information to find affordable security programs that could be used by small- and medium-sized businesses that have “one IT guy,” said Menna. That could benefit small governments as well, she said.

Cheri Caddy, director of the National Security Council’s Cyber Policy Integration and Outreach (NASCICO), said officials will also look at ways to develop metrics to show how well cyberprotection plans are doing, as well as a way to share best practices, model legislation and other information. The workshop comes six weeks after NIST released “Version 1.0” of the cybersecurity framework (CD Feb 13 p5). A response to President Barack Obama’s cybersecurity executive order (CD Feb 14/13 p1), the framework creates standards and best practices public and private entities can use voluntarily to improve cybersecurity efforts. DHS’s Critical Infrastructure Cyber Community (C3) program will provide assistance and resources as part of the effort.

As a “nexus of personal information from cradle to grave,” state and local governments represent a key aspect of protecting sensitive information nationally, Robinson said. Praising the effort, he said the framework would help states come up with their own plans. An NASCIO survey of states last year found 78 percent had a cybersecurity framework based on national standards.

Following the framework’s release, a next step is to promote its use, said Michael Daniel, White House cybersecurity coordinator. With more and more devices “connecting” to the Internet -- “so that pretty soon our coffee makers are going to be a threat, the way we are going” -- cybersecurity risks are becoming broader and more diverse, he said. Malware manufacturers are becoming more sophisticated, even offering a help desk “so if the malware doesn’t work, you can call and they'll help you,” he said. Cyberattacks are becoming more dangerous, he said. “None of us has the resources spend our way out of cybersecurity issues, so it’s important we work on this together."

The workshop in large part was aimed at letting state and local governments know what resources are available. National Cybersecurity Center of Excellence Deputy Director Nate Lesser said the center tries to find technological solutions to difficult issues brought up by industry groups, which can then be used by others dealing with the same problems. He invited the governments to bring their tough issues to the center.

The National Governors Association plans a summit to inform local governments of the resources available to them, said Thomas MacLellan, director of the group’s homeland security and public safety division. -- Kery Murakami (kmurakami@warren-news.com)