DC trade association assesses state governments’ cybersecurity readiness

Internet Association (IA) reported that state governments across the country have a solid cybersecurity foundation and are making strides in improving IT modernization efforts.

IA, a trade and professional association based in Washington, D.C., boasting dozens of technology company members from Amazon to ZipRecruiter released its State, Local, Tribal, and Territorial Information Technology Advancing Reform Achievements (SITARA) map Tuesday, a state-by-state analysis of preparedness for the cybersecurity and civic tech challenges across all 50 states, the District of Columbia, and US territories.

IA’s SITARA map examines cloud-first initiatives, measures digital service innovation, and tracks cybersecurity efforts, among other valuable metrics.

According to IA’s press release SITARA uses an established baseline of participation in programs recommended by the Cybersecurity and Infrastructure Security Agency. The map provides examples and data that can be used to strengthen public sector IT infrastructure now and in the future, taking into account each state’s unique circumstances. It also shows where additional support, whether from the federal government or through the budgeting process, can help states and territories move beyond baseline metrics, to ultimately help them provide a modern and secure IT infrastructure to their employees and the general public.

Some states having harder time

“Whether because of under-resourced and under-funded information security programs, IT infrastructure based on legacy technology, or the lack of a digital service team or an innovation focused group, some US state and territories are having a harder time than others adapting to the digital and remote-first era we are in,” said IA Director of Cloud Policy Omid Ghaffari-Tabrizi. “SITARA allows us to identify the states and territories that need the most help and where we can lay out tangible examples of what other governments have done to address similar challenges, providing policymakers with a clear roadmap of nationally recognized best practices to ensure continuous improvement in a manner best suited for their state or territory.”

IA’s SITARA map analysis findings

Looking at IA’s map data, most states are preparing for cyber threats appropriately, but almost all are only getting started with their IT modernization plans. Three states achieved a score of “Very Good,” and 24 states achieved a score of “Good,” while 24 states and D.C. are still “Getting Started.” None achieved “Exceptional” or “Excellent.”

Additional support from the federal government can help states and territories improve their modern IT and cybersecurity preparedness. Among territories, only Puerto Rico scored “Good,” while two territories came in at “Getting Started” or “Baseline,” and one scored “Needs Help.” While states have made great progress since the start of the pandemic, federal support can make a difference for those states and territories that have had major impacts on their budget.

Most states lack a cloud-first statute that requires the prioritization of cloud solutions. While 32 states have a cloud-related strategy, only three have a cloud-first statute, leaving those strategy-only states without the support codification can bring to a modernization effort.

Most states are missing at least one of the three key components of a modern digital government experience. While 20 states are undergoing a modernization effort through a digital service team, innovation focused group, or other digital service plan, only seven states have a basic digital government experience with only one having the characteristics of a modern digital government experience.

Adoption of commercial cloud solutions is key

“Unemployment benefits, public transportation apps, and filing state tax returns or applications to start a new business are just a few services that would run more efficiently and securely if states modernized their IT infrastructure through increased adoption of commercial cloud solutions. Commercial cloud services allow state unemployment websites to be better equipped to deal with a sudden and unexpected usage increase—like what occurred early in the pandemic,” Ghaffari-Tabrizi. said.

He explained that states which are not using commercial cloud services leave sensitive information such as credit card information, location data input on mobile apps, and Social Security numbers on tax returns, vulnerable.

“Ultimately, IA’s SITARA analysis highlights how states and territories can improve their cybersecurity posture and IT modernization efforts, while expanding the availability of critically important services to Americans all across the country,” he said.

Related Stories

Comments

ASK THE CIO: SLED EDITION

THURSDAYS at 11:00 A.M.

Host John Thomas Flynn is former California and Massachusetts chief information officer and former president of the National Association of State CIOs. The show features conversations with state and local CIOs, CISOs, program leadership and elected officials, and the IT vendor community. Subscribe on Apple Podcasts or Podcast One.

Sign up for breaking news alerts