State CIOs List Security as Top Priority for 2015

CIOs at federal departments and agencies may have their hands full as they grapple with a bevy of mandates and government-wide initiatives to modernize their IT deployments, but state CIOs are carrying a heavy load, as well.

The National Association of State CIOs (NASCIO) recently surveyed its members to identify their goals for the coming year and their priorities for purchasing services and applications.

As a group, they have an ambitious agenda.

Priority 1: Cybersecurity

State CIOs name cybersecurity as their top priority for 2015, setting their sights on areas like risk assessment, governance and the appropriate levels of funding to shore up digital government systems. Additionally, CIOs say that they are aiming to guard against insider threats and tighten up their monitoring of the third parties that are handling more and more vital processes at a time of increased outsourcing.

It's a concern that NASCIO is working to address on an institutional level. On Wednesday, the organization announced that it received a $100,000 grant from the Department of Justice to develop and promote repeatable practices for responding to a cyber incident and deploying cyber analytics across state governments.

"Cybersecurity remains a top priority for state CIOs and CISOs as well as governors," Ohio CIO and NASCIO President Stu Davis said in a statement.

NASCIO's recent survey echoes the findings of an earlier study the group conducted in partnership with the consultancy Deloitte, in which state CISOs noted that the troves of citizen data housed in their systems make them attractive targets for hackers.

That study also highlighted challenges that state IT officials face in funding their security operations, running the gamut from winning the support of executive leadership to the same hard budget constraints that, though mildly improving, nonetheless affect most government activities.

"The improving economy and states' growing commitment to cybersecurity have led to an increase -- albeit small -- in budgets," the report notes. "Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs -- it continues to be the top barrier for CISOs."

The Deloitte study also found that most state governments are operating without a set plan for responding to a cyber attack and conducting the digital forensics needed to identify the source of the breach. With the DoJ grant, NASCIO hopes to advance more formal processes across state governments.

"Our goal is to bring all the states up to some level of parity related to these capabilities as well as cyber threat analytics," says NASCIO Executive Director Doug Robinson.

Priority 2: Adopting Cloud Services

State CIOs named the adoption of cloud services their second priority for 2015, with survey respondents identifying strategy, provider selection and governance models, among others, as key areas of focus. Unsurprisingly, CIOs said that security is also a top concern as they consider moving services and applications to the cloud.

Priority 3: Optimize and Consolidate Resources and Services

Checking in at No. 3 on state CIOs' list are efforts to optimize and consolidate resources and services, including physical infrastructure such as data centers, much as the feds have been doing in an efforts to reduce their IT footprint and move to a streamlined, multi-tenant cloud architecture.

These are not new priorities, NASCIO's Davis notes.

"Security, cloud services and consolidation remain at the top of the list for the third consecutive year," he says.

Other Priorities on NASCIO's List

Farther down the list of state CIO priorities are efforts to enhance broadband and wireless connectivity, managing IT costs in a frigid budget environment, and recruiting and developing top talent -- a challenge facing government technology officials at all levels.

Rounding out the state CIO agenda are initiatives to block out a strategic IT roadmap, advance mobile technologies and polices in the workplace, develop and test a cohesive disaster recovery and business continuity plan, and improve the tech shop's CRM operation.


Kenneth Corbin — Freelance Writer

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityresearchfederal goivernmentcloud servicesTop priorities 2015NASCIOdata protectionprivacy

More about DeloitteDepartment of Justice

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth Corbin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place