This is your brain on cybersecurity: Recapping the NASTD Annual Conference

Posted by Ashley Graham on September 2, 2015

Cyber security

The National Association for State Technology Directors (NASTD) featured several sessions on cybersecurity, staffing, big data, cloud computing, and service integration at its annual conference last week in Cincinnati, Ohio. The event provides an opportunity for senior state technology leaders and vendors to meet and discuss current trends, issues and challenges among the states. Though a variety of issues were covered, it’s clear that cybersecurity is at the forefront of concerns.

According to Jacklyn Wynn of EMC, a panelist on the “NIST Cybersecurity Framework” panel, it typically takes more than 200 days before a cybersecurity breach is discovered, and a majority of organizations do not have a comprehensive response plan. Wynn emphasized that cybersecurity is more than just monitoring the perimeter and should be approached from a holistic and integrated perspective.

Traditional reactive defense methodology such as firewalls, virus scanning, intrusion detection and prevention are no longer sufficient to comprehensively protect a state’s data. The NIST Cybersecurity Framework (CSF) was created to provide organizations in the public and private sectors with a more complete cybersecurity plan and is being enhanced to include measures such as authentication, automated indicator sharing, and data analytics.

Ohio is currently planning a statewide identity management project to provide user access and authentication from an enterprise perspective. The identity management project is a comprehensive effort to develop and extend identity access, authentication, and management across shared state services. The state is in the process of holding talks with vendors to determine what solutions have and have not worked in the past in order to help develop a future request for proposals.

According to the “State CIOs and the Forces of Change” panel, cybersecurity spending doesn’t rank high on many budget lists with states still in fiscal recovery status and the majority of IT budgets being spent on maintaining legacy systems and technologies. It was also noted that legislatures find it difficult to justify spending money on cybersecurity due to the fact that it is difficult to quantify return on investment since it is unknown how many attacks are repelled.

Though several panels emphasized the need for cybersecurity, it is evident that CIOs struggle with buy-in when it comes time to sign the check. One CIO even said that while cybersecurity is a major concern, it is not a major priority. Regardless of priority, it’s clear that cybersecurity is not going away.

You can learn more about current procurement opportunities in the GovWin IQ State and Local Opportunities database. Not a Deltek subscriber? Click here to learn more about Deltek's GovWin IQ service and gain access to a free trial.