The State of Cybersecurity in State Government NAST March 26, 2019

Slides:



Advertisements
Similar presentations
Cybersecurity Update December 5, Agenda Cybersecurity – A growing problem Cybersecurity in other states (NASCIO/Deloitte Study) Structure Challenges.
Advertisements

Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.
 National association Pamela Walker, Director of Government Affairs National Association of State Chief Information Officers NLC Congressional City Conference:
Welcome to the Deloitte-NASCIO Cybersecurity Webinar Reviewing the results and recommendations of the third biennial Deloitte-NASCIO Cybersecurity Study.
BENEFITS OF SUCCESSFUL IT MODERNIZATION
David A. Brown Chief Information Security Officer State of Ohio
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
State IT Priorities and Trends: Collaborating with Your State CIO SERI Institute July 9, 2013 Doug Robinson, Executive Director National Association of.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Real world cloud computing challenges Giedrius Markevičius Territory account manager.
State of the States 2012: IT Priorities, Issues and Trends National State Auditors Association IT Conference Nashville, Tennessee Doug Robinson, Executive.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Fraud and Prevention: Lessons from the Fire Service August 24,
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
IBM State and Local Government Team Strategic Vision to Transform Government in Arizona – December 20, Presentation to Society for Information Management.
Enterprise Cybersecurity Strategy
DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.
IT Strategic Plan Project Consultation with Web Advisory Committee 19 December 2012.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Threats & Challenges in the Digital World EY 2015 Global Information Security Survey.
Information Security Officer Meeting
State-of-the-States: CIO Priorities, Trends and Opportunities
Security and resilience for Smart Hospitals Key findings
Cybersecurity as a Business Differentiator
Broadband Challenges 2017 Christopher Tamarin
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace
Thomas A. Baden Jr. | Commissioner and State Chief Information Officer
Information Security Program
3 Do you monitor for unauthorized intrusion activity?
Information Security – Current Challenges
Updating the Value Proposition:
Cybersecurity - What’s Next? June 2017
Outline Review of Past Challenges Biggest Challenges/Issues
Information Technology Sector
Integrated Management System and Certification
Introduction to a Security Intelligence Maturity Model
U.S. COAST GUARD CYBERSECURITY POLICY and CYBERSECURITY PLANNING
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
San Francisco IIA Fall Seminar
San Francisco IIA Fall Seminar
I have many checklists: how do I get started with cyber security?
8 Building Blocks of National Cyber Strategies
Managing Change and Other Keys to Successful Implementation
Get Ready for GDPR Compliance
SMB practice development: Security play
Securing the Threats of Tomorrow, Today.
PGE Chris Nolke, Director of Cybersecurity
ITP Maturity Model Survey 2018
SMB practice development: Security play
Continuity Guidance Circular Webinar
Responds quickly to the business needs
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
UW System Information Security
MAZARS’ CONSULTING PRACTICE
Managing IT Risk in a digital Transformation AGE
KEY INITIATIVE Shared Services Function Management
Session 8: Innovative Uses of Captives: Cyber and Beyond
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
KEY INITIATIVE Finance Function Management
MODULE 11: Creating a TSMO Program Plan
Alliance for Telecommunications Industry Solutions (ATIS) Update
In the attack index…what number is your Company?
What is Cybersecurity Office of Information Technology
Streamline your move to the cloud
Enterprise Cybersecurity Initiative Department of Information Technology Vince Martinez, State CIO, Executive Sponsor Lorenzo Ornelas, Managing Director.
Presentation transcript:

The State of Cybersecurity in State Government NAST March 26, 2019

Speakers Doug Robinson Meredith Ward

About NASCIO National association representing state chief information officers and information technology executives from the states, territories and D.C. NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. NASCIO provides members with products and services designed to support the challenging role of the state CIO, stimulate the exchange of information, and promote the adoption of IT best practices and innovations.

22 new governors in 2018; 25 state CIO transitions in the last twelve months. 14 CIO transitions in 2019 to date More focus on enterprise cybersecurity models; cyber talent and workforce crisis remains CIO as broker business model: evolution from owner-operator to more managed services and multi-sourcing initiatives Digital government: user centric design, citizen IAM Interest and use of AI and RPA slowly grows as state roadmaps are created and benefits are realized State IT organization transition continues: more consolidation, hybrid models and unification initiatives

STATE CIO TOP 10 PRIORITIES 2019 Strategies, Management & Process Solutions 1. Security and Risk Management 2. Cloud Services 3. Consolidation/Optimization 4. Digital Government 5. Broadband/Wireless Connectivity 6. Budget, Cost Control, Fiscal Management 7. Customer Relationship Management 8. Data Management and Analytics 9. Enterprise IT Governance 10. Identity and Access Management Source: NASCIO State CIO Ballot, November 2018

Cybersecurity Risks in the States Protecting legacy systems Malicious software Foreign state-sponsored espionage Mobile devices and services Use of social media platforms Phishing, ransomware, hacktivism Adoption of cloud services; rogue cloud users Not organized and mature to be successful Third-party contractors and managed services Cybersecurity Risks in the States

Cyber Disruption: Impacting State Services “State governments and the critical infrastructure within the state are at risk from a cybersecurity attack that could disrupt the normal operations of government and impact citizens. “ Source: NASCIO. This project was supported by Grant No. 2010-DJ-BX-K046 awarded by the Bureau of Justice Assistance.

And People…

What Do States Care About? State Business Risk Life, Health and Safety Delivering Services to Citizens Delivering Services to Employees Financial Risk Lost Revenue Fraud and Theft Breach Costs Privacy & Confidentiality Risk Personal Information – Identify Theft Confidential Information Reputational/Political Risk Elected Officials Agency Directors Program Managers

Cybersecurity involves more than just IT – it’s a team sport Protecting critical infrastructure and data is a core responsibility of the state and an investment in risk management If somehow you are the only person on the hook for Cyber – there is more work to be done. Business Executives and line employees need to understand the risks and the role they play in protecting state assets. From training, communication, awareness, funding, etc.

Source: 2018 Deloitte-NASCIO Cybersecurity Study

Source: 2018 Deloitte-NASCIO Cybersecurity Study

Cybersecurity Maturity in the States is Improving… Risk based strategies are being adopted Expanded focus from operational to strategic Expect continued progress in 2019 Source: NASCIO 2018 State CIO Survey

however persistent challenges remain Budget, talent, and threats top three since 2010 2012 2014 2016 2018 1 3 2 2 3 Based on 2018 study responses, CISOs agree that they have obtained senior executive support, they continue to be challenged by inadequate funding, struggling to secure a sufficient, reliable budget to develop their statewide security program. In most states, the CISO’s only source of cybersecurity funding is derived from the state’s IT budget, and is not designated as a separate line item. Cyber annual budget increases have not kept pace with the needs of today’s security landscape and tomorrow’s evolving challenges. Survey question: Identify the top barriers that your state faces in addressing cybersecurity challenges. Source: 2018 Deloitte-NASCIO Cybersecurity Study

Budget Challenge Most states only spend 0-3% of their IT budget on cybersecurity Survey question: What percent of your state’s enterprise IT budget is allocated to enterprise cybersecurity? (all executive branch agencies)

Three Bold Plays for Change Srini to panelists: Let’s focus on the cover art with chess metaphor for this question; Can you use the chess metaphor to describe your bold play strategy in one sentence? For instance my example is – “I would lift the King & crown jewels using drones and secure them in the cloud”

Evolving Business Model: CIO as Broker Source: 2018 NASCIO SURVEY | State CIO as a Communicator

Source: NASCIO 2018 State CIO Survey

Source: NASCIO 2018 State CIO Survey

Looking Forward…Action Needed States must organize for success – think enterprise Threat information sharing is essential Focus on risk assessment and response planning Identify and protect critical infrastructure Invest in continuous awareness and training Talent pipeline: advocate for cybersecurity degrees Emerging trends – AI, Internet of Things, UAS Crisis communication…you will be breached

NASCIO’s Cybersecurity Call to Action Key Questions for State Leaders Does your state government support a “culture of information security” with a governance structure of state leadership and all key stakeholders? Has your state conducted a risk assessment? Is data classified by risk? Are security metrics available? Has your state implemented an enterprise cybersecurity framework that includes policies, control objectives, practices, standards, and compliance? Is the NIST Cybersecurity Framework a foundation? Has your state invested in enterprise solutions that provide continuous cyber threat detection, mitigation and vulnerability management? Has the state deployed advanced cyber threat analytics? Have state employees and contractors been trained for their roles and responsibilities in protecting the state’s assets? Does your state have a cyber disruption response plan? A crisis communication plan focused on cybersecurity incidents?

Contact Information Doug Robinson drobinson@nascio.org                  Meredith Ward mward@nascio.org