The National Association of State Chief Information Officers called on the federal government to help address the shortage of skilled cyber workers and urged flexible implementation of the State and Local Cybersecurity Grant Program.
The federal government should help states bolster their cybersecurity workforce with stronger partnerships and training programs, the National Association of State Chief Information Officers said in outlining its 2023 advocacy priorities.
With the state and local government job opening rate at its highest in 20 years, the federal government can play a role in helping fill those vacancies, NASCIO said. The organization repeated its previous calls for the federal government to partner more with state governments on building and filling the talent pipeline, rather than competing for the same workers.
NASCIO said that approach would “maximize and most efficiently leverage the resources needed to train, prepare and retain these workers, ensuring that the nation’s IT and cybersecurity infrastructure is properly protected.”
The group also called on the federal government to expand existing worker training and education programs like the CyberCorps Scholarship for Service initiative and ensure such programs are accessible to state governments. The worker shortage requires “comprehensive solutions,” including policies developed with the input of states, federal agencies and businesses, NASCIO said. There is no “silver bullet” to resolve the issue, the group added.
NASCIO President and Tennessee CIO Stephanie Dedmon said in a statement that an adequate cybersecurity workforce “is a challenge and priority for all state CIOs” and that the organization hopes to work with the federal government on solutions.
Amid its other priorities for 2023, NASCIO called for “responsible implementation” of the State and Local Cybersecurity Grant Program, an effort that some say will encourage closer cooperation between the various branches of government, even though the $1 billion initial investment may not be enough to resolve long-standing issues.
NASCIO urged the Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency to give states as much flexibility as possible in the cyber grant program they’re administering and to promote a whole-of-state approach to cybersecurity.
This funding should serve as a “change agent” for states to either begin investing in cybersecurity or increase their funding for the sector, NASCIO said, especially if state CIOs and CISOs are empowered to set policy and priorities for the grant program in their own states.
Federal cybersecurity regulations should also be harmonized to avoid duplicative requirements that cost states time and money to meet, NASCIO said. It cited a 2020 report from the Government Accountability Office that found that up to 80% of federal agencies’ security requirements had conflicting parameters. Congress and federal agencies should continue to implement GAO’s recommendations to coordinate, collaborate and streamline regulations where possible, “harmonize disparate interpretations” and “normalize the audit process,” the association said.
NASCIO’s fourth priority for the year called for the continued adoption of the .gov domain, especially among local governments, less than 10% of which are registered for it. NASCIO called on CISA to establish a stakeholder advisory group to educate governments on the business case and security benefits of migrating to the .gov domain, expand cybersecurity services that can be opted into when using the domain, tie federal grant funding to adoption and allow flexible usage of some grant funds to be used for migration.