July 2017

NASCIO Brings Attention to Impact of Disparate and Inconsistent Federal Cyber Regs and Audits 

Yejin Cooke , Director of Government Affairs

On June 21, NASCIO vice president and Oklahoma CIO, Bo Reese, brought attention to an issue unique to the state CIO and CISO community; harmonizing federal cybersecurity regulations. Reese testified before the Senate Homeland Security and Governmental Affairs Committee (HSGAC) "Harmonizing Cybersecurity Regulations" hearing about complex federal cybersecurity regulations and the disjointed and inconsistent audit process that usually accompanies these regulations.

Reese spoke about disparate federal regulations and the impact to state government IT, highlighting the fact that these regulations encourage cybersecurity investments based on compliance and not risk, which is the more secure approach. Reese also spoke about how federal regulatory audits often produce inconsistent results. For instance, one state CISO reports receiving five different results from the IRS when they audited five state agencies, all auditing the same statewide information security policy.

We encourage state CIOs and CISOs to share their story about how the federal regulatory scheme impacts state IT priorities like IT consolidation/optimization or its impact to cybersecurity investments. NASCIO will continue to work with Senate HSGAC, federal policy makers, and federal agencies that have authority over this issue to harmonize disparate federal cybersecurity regulations and normalize the federal regulatory audit process.

For additional information and to read Bo's testimony, click here .
Watch on Washington Top 5

1. NASCIO on the Hill On June 21, NASCIO VP Bo Reese (CIO, Okla.) represented NASCIO at the   "Cybersecurity Regulation Harmonization" hearing  in the Senate Homeland Security and Governmental Affairs Committee. Reese spoke about disparate and inconsistent federal cyber regulations and audits and its impact to state IT consolidation efforts. Thanks also to state CISOs who contributed to the testimony by offering specific examples of how federal cyber regs affects their work in state government IT. 

2.  Governors gather in the Ocean state On July 13-15, Governors gathered in Rhode Island for the annual NGA Summer Meeting where they discussed issues like: attracting international investment, opioid epidemic, cybersecurity among others. Governor McAuliffe passed the Chairmanship to Governor Sandoval whose initiative will focus on innovation. Click here to see the agenda. 

3. Threat met The culminating event for NGA's Chair's initiative "Meet the Threat," was held in mid-June in Leesburg Virginia. Topics discussed include: cyber insurance, elections, privacy, information sharing, blockchain, behavioral science in cybersecurity, IoT security and more. 

4. First to FirstNet On July 10, Virginia Governor Terry McAuliffe signed a letter of intent declaring that the Commonwealth will "allow FirstNet and AT&T to proceed with the deployment of the National Public Safety Broadband Network" in Virginia. Virginia is the first state to opt-in to the FirstNet network. Read more here.

5.  New cyber leadership at DHS Jeanette Manfra is the new assistant secretary for cybersecurity and communications (CS&C) at DHS. This post had been held by Andy Ozment in the previous administration. The CS&C office frequently interacts with the state CIO community. 
Capgemini provides services that range from Information Technology (IT) strategy, business consulting to innovation centers, solution development for data analytics, and digital transformation  to local, state and federal clients, working collaboratively with government organizations.

Navigator Management Partners is a  consulting partner that implements solutions, including Strategy, Program / Project Management,Organizational Change Management, Business Intelligence, Business Analysis and Process Design, Testing and Deployment, Solution Architecture, Software Solution Selection, and cloud-based solutions. 

BMC provides innovative software solutions that enable businesses to transform into digital enterprises for the ultimate competitive advantage. BMC's Digital Enterprise Management solutions are designed to make digital business fast, seamless, and optimized from mainframe to mobile to cloud and beyond. 
NASCIO has been out and about - check out where we've been the last month. 
Just click the map for details.

Texas State CIO, Todd Kimbriel, on Cloud Services
(NASCIO 2016 Annual Conference Top Ten Talks)