Combating Cyber Threats Through Transformation: A Conversation with State CIOs and CISOs

Although state and local technology leaders are increasingly prioritizing cybersecurity in their operations, government has a long way to go in securing critical information and systems from cyberattacks.

In light of this struggle, Route Fifty, in partnership with CrowdStrike, recently hosted a webcast that showcases the work of state and local governments who have undergone a transformation in cybersecurity protocols – and the challenges they continue to face.

Featuring, Eric Boyette, Secretary and State CIO, North Carolina Department of Information Technology, and Nancy Rainosek, CISO, State of Texas Department of Information Resources (DIR), the webcast, now available on-demand here, is a fascinating insight into the best practices that state and local governments of any size and budget are taking to more effectively combat cyber threats.

Although cyber threats faced by every U.S. state, city, or county are not particularly unique, many geographies and jurisdictions have different priorities and approaches to achieving their cyber goals. Let’s take a look.

Securing North Carolina during hurricanes, election season, and in the face of a skills gap

In the wake of Hurricane Florence’s devastation in 2018, North Carolina was challenged on many fronts. For Eric Boyette, an immediate concern was a surge in online scams and attempted hacking. Such attacks are commonplace after natural disasters as bad actors try to take advantage of citizens in times of need. To head off this threat, NC DIT’s Chief Risk Officer (CRO) headed up several initiatives to protect citizens, which Boyette discusses in the webcast.

Election security is also a hot topic in North Carolina. To help prepare for potential hostile interference in the 2020 presidential election Boyette’s team took unprecedented measures. During the 2018 mid-terms and for the first time ever, the office of the CIO partnered with the North Carolina National Guard and Board of Elections to share best practices, defend against cyber threats, and assist counties and municipalities with cyber incidents. A security operations center (SOC) was also established to monitor and manage statewide threats to the election infrastructure. In addition, 13 iSensors or Albert Sensors were provided to county partners to detect potential network intrusions.

Like many states, North Carolina is confronted with a shortage of cybersecurity skills in the workforce. In response, the Department of Information Technology is sponsoring several initiatives including CyberVetsUSA which provides NC veterans with cyber training and certification; the Girls Go CyberStart program, an online free cyber competition for grades 9-12; and the TechHire program, a federally-funded partnership with NCWorks which helps the Department recruit from technical colleges.

Progress aside, battling cyber efforts remains a considerable funding challenge for North Carolina. Boyette’s initiatives are yet to receive full funding and he continues to push hard for sustained, recurring funding.

Texas cost-effectively battles cyber threats and challenges on all fronts

In Texas, CISO Nancy Rainosek, shared the significant steps the state has taken in its cybersecurity program, including building a culture of security, without incurring huge costs. These initiatives include:

• The addition of public community colleges to DIR’s oversight
• Requiring city and county employees who use computers to receive cyber training
• Mandating election assessments at the county level and training electoral officials on cybersecurity. Officials are also required to report breaches to the Secretary of State
• The appointment of cybersecurity coordinators in all K-12 school districts
• Security assessments of utilities grids

To address funding gaps in its cyber technology program, DIR has taken an innovative approach to procurement. In recent months, DIR adopted a pre-bid Managed Security Services (MSS) contract model. With MSS, DIR can offer cost-effective security services to state, local and higher education organizations, including security monitoring and device management, incident response, and risk and compliance.

The services are delivered via DIR’s Shared Technology Services portal, a single interface, whereby customers can interact with all available service providers using standard processes for service onboarding, incident management, change management, SLA performance reporting, and consolidated billing.

Check out the webcast and learn more from Eric Boyette, Nancy Rainosek, and CrowdStrike about the following topics:

• How agencies and government organizations can work together to secure their networks
• The security measures states can take to secure their networks in a cost-effective and timely fashion
• What cybersecurity concerns keep CIOs and CISOs awake at night
• How agencies are spreading limited resources to combat cyber threats
• How CrowdStrike provides cost-effective, lightweight, resilient endpoint security for the public sector