States seek voice in setting cybersecurity strategy
Several state groups are asking Richard Clarke, the nation's cyber-security adviser, to ensure that federal efforts to protect the nation's computer systems are in line with state and local efforts.
The National Association of State Chief Information Officers (NASCIO) and the National Governors' Association (NGA) are asking for a meeting with Clarke to make sure groups at all levels are coordinating efforts to improve information-gathering systems and increase cybersecurity. NASCIO sent a letter to Clarke on Dec. 21, and NGA plans to send one to him this week.
The two groups have been working on a clearinghouse that would allow state governments to confidentially report security breaches and share tips on the best security practices. But Thom Rubel, NGA's program director for state information technology, said, "We're not anxious to be taking off with initiating something with the states" before discussions with Clarke.
In November, NASCIO members met with Paul Kurtz, the director of critical infrastructure for the White House Office of Homeland Security, and other officials. Such meetings and the more recent letter to Clarke "really make the point we feel the states and the state CIOs are an obvious and important partner to the federal government and its homeland security efforts," said NASCIO Assistant Director Matthew Trail.
In its letter, NASCIO suggests that Clarke and Homeland Security Director Tom Ridge appoint a NASCIO representative to the Critical Infrastructure Protection Board to serve as a liaison between state and federal officials. The board coordinates the protection of government and private-sector cyber assets. NASCIO noted its involvement on the Federal CIO Council as an example of how state CIO input is invaluable to governments at all levels.
"We think we have a role here," said NASCIO President and Connecticut CIO Rock Regan. "The fact that CIOs manage vast infrastructures across our states when it comes to critical infrastructure protection and security, we're only as strong as our weakest link in the chain. We're eager to assist and be at the table and make sure our voice is heard."
Trail said NASCIO will follow up with Clarke's office in the next week or so.
Clarke and Ridge have stressed the importance of state and local involvement in security decision-making. "We don't see any reason to doubt that," Trail said, "but ultimately, of course, it's going to be deeds that speak loudly."
Also on Tuesday, NASCIO announced that West Virginia's chief technology officer, Keith Comstock, has been named the new NASCIO liaison to the Federal CIO Council. Comstock will replace former New Jersey CIO Wendy Rayner, who retired in December.
NASCIO has been working with the council and Mark Forman, associate director for information technology and e-government at the White House Office of Management and Budget, to prioritize new e-government initiatives and encourage state involvement.
The Commerce Department's Critical Information Assurance Office, meanwhile, will begin a series of outreach efforts to states in Feburary.