The State of State CIOs

July 10, 2018

Recent news of state CIOs on the move and cybersecurity issues across the country has brought increased attention to the National Association of State Chief Information Officers (NASCIO). Recently shared insight into the state of state tech chiefs shows that as many as 21 states have seen changes in their CIO posts since the start of 2017. Already in 2018, the following states have been identified as experiencing changes at the top: Kansas, Minnesota, Montana, Nevada, New Jersey, Oregon, and South Dakota. In 2017, states who announced changes to their top position – including newly hired, those vacated and left open, as well as those announcing interim or acting posts. They include: Alabama, Alaska, Florida, Illinois, Kentucky, Maryland, Massachusetts, New York, North Carolina, North Dakota, Rhode Island, Vermont, Washington, and West Virginia.

Municipal insiders suggest that the 2018 mid-term elections could bring changes to 15-20 governor seats. As top hires like a CIO post are typically made by Gubernatorial appointment, it stands to reason that the states with posts left vacant are holding out for post-election outcomes.

While reports of the statewide changes and vacancies at the top level get national attention, the Louisville, KY-based association has had a busy year so far focusing on its top priority: cybersecurity. Readying its upcoming and recently-awarded report on the issue, boosting the role of CIO as brokers, and engaging with federal officials to reinforce state tech leader’s roles in intergovernmental partnerships have also made news.

In late May, NASCIO was been named Silver Award recipient in the 2018 American Society of Association Executives (ASAE) Power of A program for its Deloitte-NASCIO Cybersecurity study. According to a May 22 news release announcing the selection, the Power of A awards recognize associations that distinguish themselves with innovative, effective and broad-reaching programs and activities that positively impact America and the world. The biennial report, begun in 2010, details how states are managing cyber risks. Throughout the years the study has continued to gain visibility, with this most recent release being cited in the White House's FY19 Budget Request as the most "comprehensive study of state-level cybersecurity spending."

“I’m so very proud of this study, the success of which is directly tied to the dedication and participation of our state Chief Information Security Officers (CISO),” said Meredith Ward, NASCIO Senior Policy Analyst and project lead. Ward added, “They are an incredible group of individuals who work day and night to protect our states. I look forward to releasing the newest iteration of the study this fall where, for the first time, all 50 states participated.”

The organization received positive news in late May, when it learned that FEMA Grant Guidance called for the inclusion of CIOs and CISOs in the Senior Advisory Committee and its Urban Area Working Group. In a statement issued by NASCIO, the organization’s current President and Oklahoma CIO, Bo Reese, applauded the inclusion. He noted that cybersecurity is a top priority for state CIOs (and has been for the past five years, according to its annual Top Ten Survey).

“Our CIO and CISO community looks forward to collaborating with our state emergency management and homeland security partners to enhance the capability of state and local governments to prepare for, protect against, respond to, recover from, and mitigate all hazards including and especially cybersecurity threats,” said NASCIO’s Reese.

According to NASCIO, the Federal Emergency Management Agency (FEMA) within the U.S. Department of Homeland Security (DHS) released grant guidance for FY 2018 preparedness grants which requires state chief information officers (CIO) and state chief information security officers (CISO) to be included in the Senior Advisory Committee (SAC) and the Urban Area Working Group (UAWG). The SAC and the UAWG are charged with coordinating preparedness activities across disciplines and stakeholders with the goal of maximizing coordination and reducing duplication of effort.

Reinforcing the Role of CIOs

In a report issued by NASCIO in April, the organization of top tech leaders across America focused on the cog in the wheel role in which CIOs are increasingly, and importantly, serving. “State CIO as Broker: A New Model,” was published as a way to generate open discussion and explore the underlying forces of change that are driving the need for a new operating model.  

In summarizing the NASCIO report, its authors offered this perspective: “Multisourcing is emerging as the discipline for managing a complex and diversified portfolio of services and service providers.  These services are being employed to meet the continual evolving demand for creatively delivering government services through new channels with new functionality.   In this evolving circumstance there is the need for a new operating model the state chief information officer can employ to bring together agencies needs and demands with available emerging technologies and management disciplines.”


In late April, NASCIO members met with federal officials to advocate “for strong intergovernmental partnerships to harmonize cybersecurity regulations and normalize the audit process.” Nearly 60 state CIOs and state technology officials participated in NASCIO's 2018 Fly-In where they advocated to advance NASCIO's advocacy priorities including the need to harmonize disparate and often conflicting federal cybersecurity regulations. Participants also advocated for the normalization of the corresponding federal regulations audit process. Specifically, state CIOs engaged with the IRS Office of Safeguards and FBI-CJIS to discuss how state governments can comply with federal regulations while also moving forward on state IT priorities like IT consolidation/optimization. Often, federal information security regulations can impede the IT consolidation/optimization process.

The strategic partners and federal officials with whom NASCIO members met included: Federal Emergency Management Agency (FEMA); the Internal Revenue Service (IRS) Office of Safeguards; and the Federal Bureau of Investigation Criminal Justice Information Services (FBI-CJIS). Strong intergovernmental partnerships, especially harmonizing disparate federal cyber regulations to which state government IT organizations are subject, were the focus of the discussion, according to NASCIO.

Members will meet in San Diego from October 21-24 for the NASCIO Annual Meeting. The association’s Midyear Conference was held in early May in Baltimore.

Overlay Init

Curated By Logo