The association representing state CIOs has an ambitious policy agenda in the nation's capital this year, when members and their advocates will be appealing to Congress for help in securing critical infrastructure and for relief from a thicket of federal regulations.
At the top of the list is cybersecurity, perhaps unsurprising given that members of the National Association of State CIOs (NASCIO) ranked that issue at the top of their own set of operational priorities late last year.
"Cybersecurity has been a big priority for NASCIO for many years," says Yejin Cooke, the trade group's director of government affairs. "So naturally, our federal advocacy, reflecting those priorities, is again [focused on] cybersecurity."
NASCIO is appealing for greater federal resources to protect critical systems and data repositories overseen by the states, but is pragmatic enough to appeal for targeted funding or incentive programs that could advance specific goals in the cybersecurity arena.
"It would be ideal if the federal government said, here's a lot of money to go work on your cybersecurity," Cooke says. "That's not realistic. What we would hope that our federal partners understand is that our state resources when it comes to cybersecurity tend to be very low."
How low? Cooke says that state CIOs typically only allocate about 2 percent of their IT budgets to cybersecurity, some of which is spent safeguarding federal programs that the states administer. Those funding constraints are compounded by a severe shortage of highly skilled security workers, she explains.
"We have a personnel/HR issue, a workforce issue in the cybersecurity field in the state-government level," Cooke says. "It's very, very hard to hire those cybersecurity positions within state government."
So NASCIO is generally supportive of legislative proposals that would expand cybersecurity funding and widen the pipeline of skilled workers into state governments, which struggle to compete in the IT labor market both with the private sector and their federal counterparts.
The group is also appealing to the Department of Homeland Security to strengthen the cyber programs it oversees that extend to the state level to "support the enhancement of cybersecurity preparedness, protection, response and recovery in the states," the group says in a fact sheet.
State CIOs struggle with federal regulations
NASCIO's cybersecurity campaign comes with the caution against any federal mandates for prescriptive technologies that could dampen innovation or add to states' compliance burden.
Already, Cooke argues, state CIOs are chafing under a tangle of federal regulations that are impeding some of the major tech initiatives they are trying to advance. In particular, the distinct mandates that come with the administration and oversight of different federal programs (food stamps, Medicaid, etc.) include disparate IT specifications that can greatly complicate the work of establishing a streamlined enterprise architecture.
Sign up for CIO Asia eNewsletters.