February 2015 
In This Issue:
Top Stories
Are You Ready? Disruptive Change is the New Norm - NASCIO 2015 Midyear Updates

NASCIO Midyear Conference: April 26-29
Hilton Alexandria Mark Center, Alexandria, Va.

The NASCIO Programs Committee is putting together an excellent agenda for the 2015 Midyear Conference. Visit the 2015 Midyear Conference webpage for up-to-date information on the conference agenda and speaker line-up.

Midyear Conference registration is open! Register by March 13 to receive early bird registration rates.

To submit information for the next edition, contact Meghan Penning, NASCIO Connections editor.
Events of Interest
National Association of State Workforce Agencies Winter Policy Forum
February 19-20, 2015
Washington, DC

National Conference of State Legislatures Atlantic States Fiscal Leaders Meeting
February 20-21, 2015
Boston, Mass.

National Association of Counties Legislative Conference
February 21-25, 2015
Washington, DC

National Emergency Number Association 9-1-1 Goes to Washington
February 22-25, 2015
Arlington, Va.

National Association of Attorneys General 2015 Winter Meeting 
February 23-25, 2015
Washington, DC

National States Geographic Information Council 2015 Midyear Meeting
February 23-26, 2015
Annapolis, Md.

The American Council for Technology Industry Advisory Council Acquisition Excellence Training Conference
March 3, 2015
Washington, DC

The International Association of Privacy Professionals Global Privacy Summit 2015
March 4-6, 2015
Washington, DC

National League of Cities 2015 Congressional City Conference
March 7-11, 2015
Washington, DC

National Association of State Technology Directors 2015 Southern Region Seminar
March 9-12, 2015
Savannah, Ga.

AFCEA Homeland Security Conference
March 10-11, 2015
Washington, DC
Technology Association of Georgia
March 11, 2015
Atlanta, Ga.
National Association of State Auditors, Comptrollers and Treasurers NASC Annual Conference 
March 11-13, 2015
Richmond, Va.

National Association of Attorneys General 2015 Southern Region Meeting
March 12-13, 2015
Point Clear, Ala.

National Emergency Management Association 2015 Mid-Year Emergency Management Policy & Leadership Forum
March 13-17, 2015
Alexandria, Va.

2015 State Healthcare IT Connect Summit
March 23-24, 2015
Baltimore, Md.

National Association of State Procurement Officials 2015 How to Market to State Governments Meeting
March 29-31, 2015
Philadelphia, Pa.

2015 Midyear Sponsors
Gold Sponsors

Silver Sponsors

Bronze Sponsors

Interactive Technology Sponsors

Wifi Sponsor
Communications Sponsor
Tata Consultancy Services

Media Sponsors
Follow NASCIO to check out our new brand look, join the conversation, and participate in twitter contests!
Corporate Partners - Midyear Conference sponsorships are open and going quickly! Secure your sponsorship now by visiting NASCIO's online sponsor registration page.

The following sponsor levels are available in limited quantities:
- Pinnacle (1 available)
- Member Center (1 available)
- Silver (2 available)
- Bronze (3 available)

Give Back to Alexandria
Donations made at the Midyear Conference will go toward children in need in the Alexandria, Virginia area. Your donations will fund backpacks and school supplies for kindergartners. While all donations are gladly accepted, a $30 donation will provide one complete backpack. 

A fun networking event will be held at the conference where teams will stuff backpacks. Donate today!

NASCIO's 2015 Federal Advocacy Priorities
NASCIO strives to be an effective advocate for information technology polices at all levels of government. The 2015 federal advocacy priorities for the association were recently announced to focus in the following areas:

1. Cybersecurity: Securing Public Networks, Readying the Nation

2. Modernizing Outdated Federal Regulations Impacting State IT

3. Building a Sustainable Nationwide Public Safety Network

4. Collaboration on Broadband and Telecommunications

The association's federal advocacy priorities for the year are selected by its Executive Committee based on the intersection of the leading policy priorities of state CIOs (available at www.nascio.org/topten) and key opportunities to work with Congress and the executive branch.

Fact sheets and additional details on the NASCIO's 2015 federal advocacy priorities can be found at www.nascio.org/advocacy.
State IT Recognition Awards - Nominations Opening in March

Successful information technology initiatives in state government deserve to be highlighted and shared! Start thinking now about the projects your state will submit for the 2015 NASCIO State IT Recognition Awards.

Nominations open March 19 at www.nascio.org/awards/2015awards 

In addition to this, mark your calendar for March 26 when NASCIO will host an All States Call to review awards best practices, categories, and guidelines. Call details coming soon.

State IT Workforce Survey
Thank you to all who responded to the President's Initiative on State IT Workforce Survey. The results are being compiled and a report will be issued before the NASCIO Midyear Conference, in addition to a general session held at Midyear. For more information, contact NASCIO Senior Policy Analyst Meredith Ward at mward@NASCIO.org.
Watch on Washington
   from NASCIO Director of Government Affairs Mitch Herckis
Executive Action on Cybersecurity
The White House and administration took several actions on cybersecurity over the course of the past few weeks, culminating in the signing of Executive Order "Promoting Private Sector Information Sharing." While the thrust of the Executive Order is focused on improving and facilitating information sharing among private sector entities, it does allow for a role and perhaps a benefit to public sector counterparts beyond federal partners.

Perhaps most of interest to states, the federal executive order makes use of the legislation that allowed the Department of Homeland Security to create the Information Sharing and Analysis Centers (ISACs) for various industry sectors, including state and local governments through the Multi-State ISAC. The original legislation is much broader than these ISACs, defining Information Sharing and Analysis Organizations (ISAOs) broadly, as "any formal or informal entity or collaboration created or employed by public or private sector organizations" sharing information on critical infrastructure security (see the Homeland Security Act of 2002).

Under the new Executive Order, the President will leverage the ISAO definition to promote "the development of information sharing and analysis organizations (ISAOs) to serve as focal points for cybersecurity information sharing and collaboration within the private sector and between the private sector and government." Private sector entities that participate are exempt from FOIA, among other protections under the existing statute, but liability protections will require congressional action. The administration sees these organizations as occurring regionally or along other specific interest lines; it could be done on a state-level, across a FEMA region, or a local urban area. Many ongoing state initiatives could likely qualify as long as they adapted to a common set of voluntary standards for ISAOs that the Department of Homeland Security will fund a new non-profit organization to develop. These standards will include privacy and civil liberty protections. As with the existing ISACs, these ISAOs may enter into agreements with the National Cybersecurity and Communications Integration Center (NCCIC).

The administration also unveiled the Cyber Threat Intelligence Integration Center (CTIIC). Modeled after the National Counterterrorism Center (NCTC), the CTIIC will allow federal agencies to collaborate on cybersecurity intelligence across various agencies and disciplines. Like the NCTC, it will coordinate among the major intel agencies and other key players without any direct operations responsibility.

Related Cybersecurity Actions
When the President acts, typically other actors attempt to coordinate. In that spirit, Senator Carper has introduced the Cyber Threat Sharing Act to provide liability protections to private sector organizations that share cybersecurity intelligence through these new ISAOs and existing ISACs. The bill includes a five-year sunset, as well as the development for guidelines for sharing to ensure privacy protections.

Payment Information Fraud, Liability Shift May Impact States
There has also been action by the private sector to coincide with the Executive Order - primarily regarding online payment concerns. Visa announced the "tokenization" of credit card numbers for online transactions, making it more secure. This may impact how states receive and store payment information. In addition, states need to be aware of an upcoming liability shift at the end of October. Starting in October, entities utilizing the traditional "swipe and sign" approach to collecting and storing payment information will be liable for the cost of an information breach. This is an effort to quickly move the United States into the more secure "chip and PIN" credit card technology that has been the standard in most other nations for some time. President Obama took action to move federal agencies toward adoption of "chip and PIN" cards and terminals this past October.

Looming DHS Shutdown Could Impact NCCIC
Congress has until February 27 to pass legislation to fund the Department of Homeland Security (DHS), or face yet another federal agency shutdown. Currently, legislation is hung up in the Senate due to riders on the bill that would undo recent executive actions on immigration. While the department's cybersecurity personnel are generally exempt from furlough, DHS Assistant Secretary for Cybersecurity and Communications Andy Ozment testified last week before the House Homeland Security Committee that a shutdown would lead to the furloughing of 140 staff supporting the National Cybersecurity and Communications Integration Center (NCCIC).

FAA Issues Commercial Drone Rules
The Federal Aviation Administration (FAA) released proposed rules regulating commercial use of unmanned aerial systems (UAS), better known as drones. The rules are up for 60 days of public comments, but will likely not be decided for some time afterward. State and local agencies will continue to be able to obtain a Certificate of Waiver or Authorization (COA) from the FAA to operate drones. More information can be found at https://www.faa.gov/uas/.

National Governors Association Winter Conference to Include Technology Focus
The National Governors Association (NGA) Winter Meeting will take place in Washington, DC the weekend of February 20. Conversations will include the role of state government in defending against cyber threats, and how to respond to a significant cyber-attack. It is expected that the NGA will discuss the statewide response, including the potential role of the National Guard. In addition, the conference will likely highlight the NGA Chair initiative "Delivering Results." As Chair of the association, Colorado Governor Hickenlooper is using this initiative as a means to highlight innovative practices, including the use of emerging technologies to improve government services.
Get to Know the NASCIO Team
Meet Our Newest Members
New Chief Information Officers:
  • Mark Myers, Director, Arkansas
  • Tom Baden, Commissioner and Chief Information Officer, Minnesota
New Corporate Members:
  • Akamai Technologies
  • Apptio
  • Computer Sciences Corporation (CSC)
  • Kronos
  • KSM Consulting
  • Robots and Pencils Inc
  • SHI International Corp
Committee and Working Group Updates
The Broadband and Telecommunications Committee last met January 27 and was joined by guest speaker Kate Dumouchel, special counsel for the Federal Communications Commission (FCC). Dumouchel explained the recent actions by the FCC to reform the "E-rate" broadband for schools and libraries program and the reforms' implications for the states.

The next committee call will feature the National Telecommunications and Information Administration (NTIA) who will discuss the BroadbandUSA initiative and opportunities to collaborate in efforts to promote greater broadband deployment and higher connectivity speeds. In addition, the committee will be joined by the National Association of Regulatory Utility Commissioners (NARUC), who will discuss recent action by the FCC to regulate internet service providers as "Title II" carriers in an effort to create "net neutrality."  NARUC will explain the implications for state governments.

The Enterprise Architecture and Governance Committee 
held its monthly call on February 12. Discussion included a progress update on the state cyber disruption response planning guide and the NASCIO Midyear Conference interactive session on cyber analytics. The committee's last two calls have focused on priority #7 of the State CIO Top Ten Strategies - Strategic IT Planning. Mark VanOrden, CIO for the state of Utah, has been named co-chair for the NASCIO Enterprise Architecture & Governance Committee.
During the Health Care Working Group call January 28, the working group heard from Ron Baldwin, CIO of Montana; Stuart Fuller, CIO Public Health & Human Services of Montana; and Administrator, Risk Management and Tort Defense Brett Dahl. The presentation focused on Montana's success using cybersecurity insurance. Christopher Boone, the executive director of the Health Data Consortium will speak on the next working group call February 25.
The National Innovation Forum held a webinar February 11 where Eric Ellis, director of the North Carolina Innovation Center and CTO of the Environment and Natural Resources Department of North Carolina discussed sensors. The forum was polled during the webinar to gauge interest on upcoming topics.
The Security and Privacy Committee February meeting featured CIO Steve Emmanuel and CISO John Essner who discussed New Jersey's cyber preparedness self-assessment.

Please note the committee call schedule has now been changed to 2 pm on the 3rd Tuesday of each month.
The February call for the State IT Procurement Modernization Committee featured a recap of Governing's Outlook on the States conference and a procurement discussion led by NASCIO Executive Director Doug Robinson and NASPO Executive Director DeLaine Bender. The committee's next publication will be a case study on CalCloud. The paper is expected to be released before the NASCIO Midyear Conference and will be the focus of a Midyear Conference session.
NASCIO: Making Connections
NASCIO Executive Director Doug Robinson and NASCIO Director of Government Affairs Mitch Herckis will attend the National Association of Counties Legislative Conference, February 21-25 in Washington, DC where Herckis will present on cybersecurity to the National Association of Counties' Justice and Public Safety Steering Committee.

In addition to that conference, Robinson will speak or participate in the following events in February and March:
  • National Conference of State Legislatures Atlantic States Fiscal Leaders Meeting, February 20-21, Boston, Mass.
  • WSCA-NASPO Cloud Procurement Meeting, March 2-3, Salt Lake City, Utah
  • AFCEA Homeland Security Conference, March 10, Washington, DC
  • Technology Association of Georgia, March 11, Atlanta, Ga.
  • National Association of Attorneys General Southern Region Conference, March 13, Point Clear, Ala.
Herckis will also speak or participate in the following events in February and March:
  • The National Governors Association Winter Meeting, February 20-23, Washington, DC
  • The National Association of Regulatory Utility Commissioners Telecommunications Committee
  • The Governors Homeland Security Advisors Council Winter Meeting
  • A meeting hosted by the Center for Internet Security in Northern Virginia focused on creating a cybersecurity capability baseline and guidelines for Fusion Centers interested in serving as information sharing mechanisms
Eric SwedenNASCIO program director of enterprise architecture and governance, represented NASCIO at the combined meeting of the Justice Global Federated Identity Privilege Management and National Information Exchange Framework meeting at Georgia Tech Research Institute (GTRI) in Atlanta, February 3-5. The meeting included an update on GTRI's work on trustmarks, legal agreements, trustmark registries and attribute registries for enabling an identity ecosystem. Reference materials on trustmarks are published at https://trustmark.gtri.gatech.edu/.
NASCIO Committee and Working Group Schedule
  • Broadband and Telecommunications Committee
    - Tuesday, February 24 at 3 pm Eastern
  • Health Care Working Group
    - Wednesday, February 25 at 3 pm Eastern

  • Executive Committee
    Thursday, March 5 at 4 pm Eastern
  • National Innovation Forum
     Wednesday, March 11 at 12 pm Eastern
  • State IT Procurement Modernization Committee
    - Wednesday, March 11 at 2 pm Eastern
  • Enterprise Architecture and Governance Committee
    - Thursday, March 12 at 2 pm Eastern
  • Security and Privacy Committee
    - Tuesday, March 17 at 2 pm Eastern
  • Corporate Leadership Council
    - Wednesday, March 18 at 3 pm Eastern
Corporate Member Partner Profiles
Each month, NASCIO randomly draws three corporate members to be featured in the monthly newsletter. To view a complete list of NASCIO's corporate partners, visit www.nascio.org/aboutNASCIO/corpProfiles
Advocate Solutions, LLC

Contact: Alan Dillman
Title: Partner
Address: 762 South Pearl St, Columbus, OH 43206
Phone: 614 444 5144

Advocate is a privately held Limited Liability Company providing objective professional services to public and private sector clients. Established in 1995, Advocate provides clientele nationwide with a broad range of management consulting services. Advocate specializes in helping clients drive value through strategic thinking, project execution, risk mitigation, and professional resourcing.

Why we do what we do - We believe in Advocating for others - We are for you! How we do it - We solve tough problems, deliver valuable results, and collaborate What we do - We provide Strategic solutions, Projects solutions, and Risk solutions.

Strategic Solutions
* Strategic Planning
* Consolidation
* Shared Services
* Transformation & Business Process Management
* Standards Implementation

Project Solutions
* PMO/PCO Development
* Portfolio Management
* Project Management
* Architecture & Engineering
* Acquisition Support

Risk Solutions
* Independent Verification & Validation (IV&V)
* Quality Assurance
* Testing & Monitoring
* Assessment
* Service Level Development

Resourcing Solutions
* CIOs, Directors, OCM
* ITIL, CMMI Practitioners
* Project Managers, Scrum Masters
* Subject Matter Experts
* Business/System Analysts
Tata Consultancy Services

Contact: Mark Sekula
Title: Industry Marketing Manager
Address: One World Financial Center, 200 Liberty St,
New York, NY 12577
Phone: 732 590 2702 
Website: www.tcs.com

Tata Consultancy Services (TCS) is an IT services, consulting and business solutions organization that delivers real results to government organizations, ensuring a level of certainty no other firm can match. TCS offers a consulting-led, integrated portfolio of IT, BPS, infrastructure, engineering and assurance services. TCS is a part of the Tata group, India's largest industrial conglomerate, TCS has over 300,000 of the world's best-trained consultants in 46 countries. The company generated consolidated revenues of US $13.4 billion for year ended March 31, 2014 and is listed on the National Stock Exchange and Bombay Stock Exchange in India. For more information, visit us at tcs.com.

Contact: Tim Merrigan
Title: Senior Director for State, Local and Education
Address: 5 Cambridge Center, 10th Fl, Cambridge, MA 02142
Phone: 917 328 9220

VMware is the leader in virtualization and cloud infrastructure solutions that enable government to thrive in the Cloud Era. More than 480,000 customers rely on VMware to help them transform the way they build, deliver and consume Information Technology resources in a manner that preserves existing IT investments, security and control. Leveraging VMware virtualization as the foundation for cloud computing, government agencies can transform their existing IT departments into modern, cloud environments that can respond faster to the needs of policymakers and constituents while reducing IT infrastructure and operating costs. Visit www.vmware.com/industry/government.