Presentation is loading. Please wait.

Presentation is loading. Please wait.

The State of Cybersecurity in State Government NAST March 26, 2019

Published byMagdalen Montgomery Modified over 5 years ago

Similar presentations

Presentation on theme: "The State of Cybersecurity in State Government NAST March 26, 2019"— Presentation transcript:

1 The State of Cybersecurity in State Government NAST March 26, 2019

2 Speakers Doug Robinson Meredith Ward

3 About NASCIO National association representing state chief information officers and information technology executives from the states, territories and D.C. NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. NASCIO provides members with products and services designed to support the challenging role of the state CIO, stimulate the exchange of information, and promote the adoption of IT best practices and innovations.

4 22 new governors in 2018; 25 state CIO transitions in the last twelve months. 14 CIO transitions in 2019 to date More focus on enterprise cybersecurity models; cyber talent and workforce crisis remains CIO as broker business model: evolution from owner-operator to more managed services and multi-sourcing initiatives Digital government: user centric design, citizen IAM Interest and use of AI and RPA slowly grows as state roadmaps are created and benefits are realized State IT organization transition continues: more consolidation, hybrid models and unification initiatives

5 STATE CIO TOP 10 PRIORITIES
2019 Strategies, Management & Process Solutions 1. Security and Risk Management 2. Cloud Services 3. Consolidation/Optimization 4. Digital Government 5. Broadband/Wireless Connectivity 6. Budget, Cost Control, Fiscal Management 7. Customer Relationship Management 8. Data Management and Analytics 9. Enterprise IT Governance 10. Identity and Access Management Source: NASCIO State CIO Ballot, November 2018

6 Cybersecurity Risks in the States
Protecting legacy systems Malicious software Foreign state-sponsored espionage Mobile devices and services Use of social media platforms Phishing, ransomware, hacktivism Adoption of cloud services; rogue cloud users Not organized and mature to be successful Third-party contractors and managed services Cybersecurity Risks in the States

7 Cyber Disruption: Impacting State Services
“State governments and the critical infrastructure within the state are at risk from a cybersecurity attack that could disrupt the normal operations of government and impact citizens. “ Source: NASCIO. This project was supported by Grant No DJ-BX-K046 awarded by the Bureau of Justice Assistance.

8 And People…

9 What Do States Care About?
State Business Risk Life, Health and Safety Delivering Services to Citizens Delivering Services to Employees Financial Risk Lost Revenue Fraud and Theft Breach Costs Privacy & Confidentiality Risk Personal Information – Identify Theft Confidential Information Reputational/Political Risk Elected Officials Agency Directors Program Managers

10 Cybersecurity involves more than just IT – it’s a team sport
Protecting critical infrastructure and data is a core responsibility of the state and an investment in risk management If somehow you are the only person on the hook for Cyber – there is more work to be done. Business Executives and line employees need to understand the risks and the role they play in protecting state assets. From training, communication, awareness, funding, etc.

11 Source: 2018 Deloitte-NASCIO Cybersecurity Study

12 Source: 2018 Deloitte-NASCIO Cybersecurity Study

13 Cybersecurity Maturity in the States is Improving…
Risk based strategies are being adopted Expanded focus from operational to strategic Expect continued progress in 2019 Source: NASCIO 2018 State CIO Survey

14 however persistent challenges remain Budget, talent, and threats top three since 2010
2012 2014 2016 2018 1 3 2 2 3 Based on 2018 study responses, CISOs agree that they have obtained senior executive support, they continue to be challenged by inadequate funding, struggling to secure a sufficient, reliable budget to develop their statewide security program. In most states, the CISO’s only source of cybersecurity funding is derived from the state’s IT budget, and is not designated as a separate line item. Cyber annual budget increases have not kept pace with the needs of today’s security landscape and tomorrow’s evolving challenges. Survey question: Identify the top barriers that your state faces in addressing cybersecurity challenges. Source: 2018 Deloitte-NASCIO Cybersecurity Study

15 Budget Challenge Most states only spend 0-3% of their IT budget on cybersecurity
Survey question: What percent of your state’s enterprise IT budget is allocated to enterprise cybersecurity? (all executive branch agencies)

16 Three Bold Plays for Change
Srini to panelists: Let’s focus on the cover art with chess metaphor for this question; Can you use the chess metaphor to describe your bold play strategy in one sentence? For instance my example is – “I would lift the King & crown jewels using drones and secure them in the cloud”

17 Evolving Business Model: CIO as Broker
Source: 2018 NASCIO SURVEY | State CIO as a Communicator

18 Source: NASCIO 2018 State CIO Survey

19 Source: NASCIO 2018 State CIO Survey

20 Looking Forward…Action Needed
States must organize for success – think enterprise Threat information sharing is essential Focus on risk assessment and response planning Identify and protect critical infrastructure Invest in continuous awareness and training Talent pipeline: advocate for cybersecurity degrees Emerging trends – AI, Internet of Things, UAS Crisis communication…you will be breached

21 NASCIO’s Cybersecurity Call to Action Key Questions for State Leaders
Does your state government support a “culture of information security” with a governance structure of state leadership and all key stakeholders? Has your state conducted a risk assessment? Is data classified by risk? Are security metrics available? Has your state implemented an enterprise cybersecurity framework that includes policies, control objectives, practices, standards, and compliance? Is the NIST Cybersecurity Framework a foundation? Has your state invested in enterprise solutions that provide continuous cyber threat detection, mitigation and vulnerability management? Has the state deployed advanced cyber threat analytics? Have state employees and contractors been trained for their roles and responsibilities in protecting the state’s assets? Does your state have a cyber disruption response plan? A crisis communication plan focused on cybersecurity incidents?

22 Contact Information Doug Robinson Meredith Ward                  

Download ppt "The State of Cybersecurity in State Government NAST March 26, 2019"

Similar presentations

Cybersecurity Update December 5, 2012. Agenda Cybersecurity – A growing problem Cybersecurity in other states (NASCIO/Deloitte Study) Structure Challenges.

Cybersecurity Update December 5, Agenda Cybersecurity – A growing problem Cybersecurity in other states (NASCIO/Deloitte Study) Structure Challenges.
Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.

Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.
 National association Pamela Walker, Director of Government Affairs National Association of State Chief Information Officers NLC Congressional City Conference:

 National association Pamela Walker, Director of Government Affairs National Association of State Chief Information Officers NLC Congressional City Conference:
Welcome to the Deloitte-NASCIO Cybersecurity Webinar Reviewing the results and recommendations of the third biennial Deloitte-NASCIO Cybersecurity Study.

Welcome to the Deloitte-NASCIO Cybersecurity Webinar Reviewing the results and recommendations of the third biennial Deloitte-NASCIO Cybersecurity Study.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
State IT Priorities and Trends: Collaborating with Your State CIO SERI Institute July 9, 2013 Doug Robinson, Executive Director National Association of.

State IT Priorities and Trends: Collaborating with Your State CIO SERI Institute July 9, 2013 Doug Robinson, Executive Director National Association of.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Real world cloud computing challenges Giedrius Markevičius Territory account manager.

Real world cloud computing challenges Giedrius Markevičius Territory account manager.
State of the States 2012: IT Priorities, Issues and Trends National State Auditors Association IT Conference Nashville, Tennessee Doug Robinson, Executive.

State of the States 2012: IT Priorities, Issues and Trends National State Auditors Association IT Conference Nashville, Tennessee Doug Robinson, Executive.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Fraud and Prevention: Lessons from the Fire Service August 24, 2015 1.

Fraud and Prevention: Lessons from the Fire Service August 24,
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
IBM State and Local Government Team Strategic Vision to Transform Government in Arizona – December 20, 2006 0 Presentation to Society for Information Management.

IBM State and Local Government Team Strategic Vision to Transform Government in Arizona – December 20, Presentation to Society for Information Management.
Enterprise Cybersecurity Strategy

Enterprise Cybersecurity Strategy
DRAFT 1 Belfast 2015 5 th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.

DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.
IT Strategic Plan Project Consultation with Web Advisory Committee 19 December 2012.

IT Strategic Plan Project Consultation with Web Advisory Committee 19 December 2012.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Similar presentations

Ads by Google