It is called the New America think tank.
And in its research, it lists three states that have gotten the most attention for weaving cybersecurity into the way they operate.
- Arizona
- New Jersey
- Washington
Think tank researchers say these states have demonstrated approaches that have the potential to inform others in information security. Says the report:
"The following three approaches demonstrate how proper leadership, organization, governance, and prioritization can succeed in fostering information sharing, improving defensive efforts across the entire ecosystem, streamlining incident response processes, and supporting workforce development programs."
Arizona cybersecurity program
The authors call the Arizona information security program the community approach.
"The State of Arizona and the Arizona Cyber Threat Response Alliance (ACTRA) have formed a successful partnership that has achieved notable success in facilitating, supporting, and encouraging the sharing of real, actionable information on cyber threats and vulnerabilities. There have also been collaborations around related issues, such as cybersecurity talent development, etc."
New Jersey cybersecurity program
Report authors say New Jersey has adopted the bureaucratic superstructure approach.
"By standing up the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) and consolidating services through a shared model, New Jersey has been able to increase the breadth and quality of its monitoring services, expand its information sharing and educational initiatives to reach organizations and individuals across multiple sectors, and increase its efficiency across developing cybersecurity priorities. Especially important to this consolidation and coordination is offering state and external partners a single point of contact for cyber concerns.
Placing the CISO under the aegis of the Homeland Security Office in New Jersey sends a strong message that cybersecurity is not just an IT problem, and gives the state CISO a mandate to expand cybersecurity planning across state agencies."
Washington cybersecurity program
Washington has what the report's authors call the shared services model.
"The state of Washington has taken the shared services model to its full maturity, with IT services centralized through the Office of the Chief Information Officer (CIO) in the Washington Technology Solutions department (WaTech) and through the Office of the Chief Information Security Officer, who reports directly to the CIO. Washington is also notable for its multidisciplinary approach to cybersecurity, extending responsibility outside of the information technology community to the emergency management and military departments of the state bureaucracy.
Washington’s shared services model has improved compliance, security, and visibility across the executive branch of government."
These are just snippets from the New America report, Cybersecurity for the States: Lessons from Across America.
