Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

States’ Cybersecurity Opportunities in a New Presidential Administration

While the Trump White House has done some good things, the president-elect has shown genuine interest in the issue, and more federal resources are becoming available.

While Vice President, Joe Biden worked with Homeland Security Director Jeh Johnson, center, on issues regarding cybersecurity. (Olivier Douliery/Abaca Press/MCT)
I was recently asked how state governments could more effectively leverage the federal government to improve their own cybersecurity. With a change in the executive branch at hand, it seems the perfect time for state chief information security officers to begin thinking about how to take advantage of not only the gravitas of the White House but also the growing funding and contracting opportunities provided by federal agencies.

But let's first look at what the current presidential administration has accomplished. It has not been idle on issues related to cybersecurity and should be given credit for the hard work of identifying critical policy issues that needed attention.

The Trump administration delivered, among other things, the 2018 National Cyber Strategy, along with four critical cyber-specific executive orders covering federal networks and critical infrastructure; the cybersecurity workforce in both the public and private sectors; information and communications technology and its services supply chain; and the nation's bulk-power system. These are significant issues and provide some foundational background for CISOs embarking on similar cybersecurity policy issues at the state level.

While there are a number of ways state CISOs could potentially leverage support from within the new administration to advance their states' cybersecurity programs, I'd like to highlight three that I think could achieve immediate and critically important results.

Leverage the White House

During my tenure in the Obama administration as deputy undersecretary for cybersecurity at the Department of Homeland Security, I was fortunate to participate in Cabinet and national security meetings where then-Vice President Joe Biden was present. I remember coming away from those meetings with a feeling of assurance that he was actively engaged in and attentive to the cybersecurity issues we were dealing with. I have high confidence that cybersecurity will be a front-and-center issue in the Biden administration.

Looking forward into the new administration, the 2021 National Defense Authorization Act passed by Congress last week and sent to President Trump would create a leadership role for cybersecurity in the White House: a position of national cyber director. This Senate-confirmed appointment in the Executive Office of the President would have influence within both the White House and Congress, so while certainly not an independent office, a degree of nonpartisanship should prevail. The role would have two key functions: policy and budget authority over the implementation of the national cyberstrategy and coordination for national cyber-incident response efforts.

Why does this matter? This is where state CISOs can use the intangible influence of leadership in the White House to promote cybersecurity within their own governors' offices and state legislatures. In the national cyber director's role of orchestrating responses to cyber-incidents at the national level, relationships with state CISOs will be acutely important and provide them with a highly visible platform.

In addition to sources of funding typically unheard of in state government, the federal government has long had the advantage of broad situational awareness. In contrast, states have the advantage of micro-level local knowledge critical to defending against the vast array of malicious actors attempting to create cyber-chaos. State CISOs also have the personal networks, extending to the local-government level and their private-sector counterparts, that can mitigate against the cybersecurity variant of "contagion risk," a term the financial industry uses to describe market disturbances that can spread quickly.

Leverage Grant Funding

It's no surprise to this audience, but state-level funding for cybersecurity lags well behind the levels our private-sector brethren enjoy. As I noted previously in this space, according to the 2020 Deloitte-NASCIO cybersecurity survey, many private-sector companies allocate more than 10 percent of their overall information technology budgets for cybersecurity, while most state government cybersecurity budgets come in at less than three percent of IT spending.

With this paucity of funding, CISOs need to seek out every creative opportunity at their disposal. One of the best is the 2020 Homeland Security Grant Program (HSGP), where DHS has identified four critical priority areas: cybersecurity; soft targets and crowded places; intelligence and information sharing; and emerging threats. Importantly for CISOs, those receiving grants from the HSGP's State Homeland Security Grant Program and Urban Area Security Initiative are required to dedicate a minimum of five percent of those funds to each of HSGP's critical priority areas — 20 percent in all.

Leverage Federal Procurement

Finally, DHS' Continuous Diagnostics and Mitigation (CDM) program was expanded several years ago to provide state CISOs, among others, with a procurement vehicle to acquire cybersecurity tools for ongoing risk identification and mitigation. The CDM initiative is one of the programs we started in 2013 when I was at DHS, and it is an efficient and cost-effective way for state governments to procure the same kinds of proven security tools being deployed by other states and by federal and local-government organizations.

While these ideas aren't entirely new or revolutionary, there is no better time to take advantage of these kinds of opportunities than every four (or eight) years as a new presidential administration takes hold. Be bold.

Governing's opinion columns reflect the views of their authors and not necessarily those of Governing's editors or management.

Mark Weatherford, Governing's cybersecurity columnist, is the chief strategy officer for the National Cybersecurity Center.
Special Projects
Sponsored Stories
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.
Service delivery and the individual experience within health and human services (HHS) is often very siloed and fragmented.
In this episode, Marianne Steger explains why health care for Pre-Medicare retirees and active employees just got easier.
Government organizations around the world are experiencing the consequences of plagiarism firsthand. A simple mistake can lead to loss of reputation, loss of trust and even lawsuits. It’s important to avoid plagiarism at all costs, and government organizations are held to a particularly high standard. Fortunately, technological solutions such as iThenticate allow government organizations to avoid instances of text plagiarism in an efficient manner.
Creating meaningful citizen experiences in a post-COVID world requires embracing digital initiatives like secure and ethical data sharing, artificial intelligence and more.
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?
As more state and local jurisdictions have placed a priority on creating sustainable and resilient communities, many have set strong targets to reduce the energy use and greenhouse gases (GHGs) associated with commercial and residential buildings.