The U.S. Department of Homeland Security could do a better job of helping state and local governments protect their IT infrastructures from attackers, according to the National Association of State Chief Information Officers (Nascio).
Specifically, DHS should do more to promote its existing IT security programs, best practices and methodologies, as well as tools for risk assessment, operations continuity planning and training, says Denise Moore, chief information technology officer with the state of Kansas.
The recommendations are based on two separate surveys of state and local IT officials, such as CIOs and CSOs, conducted by Nascio and the Metropolitan Information Exchange, an organization for local government IT executives.
The relationship between DHS and IT officials from state and local governments is “detached,” says Moore, who heads Nascio’s information security committee. She suggests that DHS’s National Cyber Security Division do more outreach. In addition, she says, DHS can do better to assess state and local cybersecurity needs, which would boost the likelihood of state and local agencies getting funding increases to protect their systems. Moore also says DHS should focus more on supporting state and local CIOs on matters related to criminal or malicious attacks and on problems caused by internal employees’ “ineptitude” concerning IT security.