An interview with Meredith Ward, Deputy Executive Director, National Association of State Chief Information Officers (NASCIO)
Whether they like it or not, state and local governments cannot afford to go it alone on cybersecurity. First, because so many of their systems and services are interconnected, an attack on one agency puts others at risk. Also, they can find strength in numbers, with the opportunity to share insights, information and even resources.
But historically, cross-government collaboration has been the exception, not the rule. Although most CIOs and chief information security officers (CISOs) see the value of collaboration, it can still feel awkward.
With that in mind, we asked Meredith Ward with NASCIO to share some best practices for building trust and working across boundaries. Here’s what she said.
Know who’s who. Cyber officials at the state and local level should build relationships before an incident occurs. It’s just human nature, Ward said. “In the event of a crisis, if you know someone already, it makes it a little bit easier to work together and deal with that crisis.” For local government, there’s a more tactical benefit to making those connections: intelligence gathering. A lot of cyber-related intelligence flows from the federal government and state fusion centers to state cyber offices. An open line of communication can keep that information flowing.
Don’t let lack of funding be a roadblock. Collaboration does not necessarily require a formal program with a dedicated budget. For example, state CISOs often connect with their local counterparts by speaking at conferences put on by universities or municipal associations. In short, they just make themselves visible and available.
At the very least, those kinds of gatherings make it easy for local officials to grab a business card, so they have contact information when they need it. “Because one of the biggest things that I’ve heard from local government is that the state’s huge, I have no idea who to call, I don’t even know where to start,” Ward said.
States, market your services to local governments. In some states, local government has access to statewide contracts that cover many common products and services, including around cybersecurity. By using these contracts, they can avoid the time and money needed to run their own procurements. States can negotiate better pricing because of the anticipated higher volume of business when they open these contracts to local government. That works in everyone’s favor. “Nine times out of 10, you’re going to see a huge cost savings,” said Ward. But it works only if local agencies know such contracts exist and understand the value, she said.
Local government, don’t see the state as Big Brother. All governments value their autonomy, so they often approach intergovernmental collaboration with some trepidation or even suspicion. But such concerns should not get in the way of collaboration, Ward said. “I know it doesn’t work perfectly in every state,” she said, “but, bottom line, there is no CISO who has the time or money to try and control anything on the local government level. They just don’t.”
Meanwhile, there’s no doubt about the upside of collaboration, especially for those smaller counties and towns that lack a cyber expert, she said.
Remember, bad guys don’t care about jurisdictional borders. Historically, state and local governments have tended to be insular, Ward said, dealing with their own problems in their own way. But that mindset puts them at a disadvantage when it comes to dealing with cyber threats, she said.
Cyber criminals often will launch serial attacks, first against one state or city, then another and another. By sharing information, states and localities can help each other prepare for and respond to those attacks, and not be blindsided. The same rationale applies to public-private collaboration.
“Everyone is a target,” Ward said. “We are all in this together, and cyber is everyone’s responsibility.”
This article appeared in our guide, “Building Trust With Tech In State and Local Government.” To see more about how agencies are using technology to build relationships with constituents, download it here:
Leave a Reply
You must be logged in to post a comment.