Artificial Intelligence & Machine Learning
,
Critical Infrastructure Security
,
Legislation
NASCIO Agenda Focuses on AI Policy, Cyber Investment and Critical Infrastructure
State CIOs have lots on their plates, juggling priorities such as artificial intelligence pilots, legacy systems modernization, cybersecurity updates, data privacy and management issues, disaster response planning, and critical infrastructure resilience – just to name a few demands.
See Also: OnDemand | Fireside Chat: Staying Secure and Compliant Alongside AI Innovation
But the state IT programs don’t have to go it alone. Federal legislation – and federal funds – can give state CIOs a helping hand, according to the National Association of State CIOs, which announced its support for key federal initiatives to help state CIOs stay ahead.
This year the organization is focusing on prioritizing state flexibility, long-term cybersecurity investment and continuity for critical infrastructure.
“States are being asked to perform a national security function that has historically been the purview of the federal government, but that’s no longer the case,” said Alex Whitaker, director of government affairs, NASCIO. Plus, states are increasingly facing technology and security challenges with ecosystems that extend well beyond their borders.
“States are on the front lines of international attacks, be those from state actors or criminal networks,” Whitaker said. “They’re doing a lot with very little.”
This year AI has overtaken cybersecurity as the top concern for state CIOs, and to help support their AI efforts, NASCIO is opposing federal preemption of state AI policies. At the state level, readiness, risk tolerance and desired use cases very widely, but all share a focus on data protection, privacy and accessibility. In the absence of clear federal regulations governing the use of AI technology, many states have put forward their own policies, and the NASCIO wants to foster collaboration between states and the federal government.
“States have been developing AI policy and working on AI solutions and cybersecurity solutions for years. We don’t want to nullify that,” Whitaker said. “We’re not pushing back on federal AI policy for the sake of pushing back. It needs to be done in conjunction with the states.”
The association is also advocating for reauthorization of the State and Local Cybersecurity Grant Program, a $1 billion four-year program launched by the Department of Homeland Security in 2022 that ended last year. It has enabled states to provide cybersecurity training, migrate to .gov domains, and install multifactor authentication and other cybersecurity measures. It also helped some communities to modernize outdated systems.
Whitaker said that NASCIO is asking for long-term, secure funding for the program, but it isn’t specifying a specific dollar allocation.
“There’s no number that is enough funding,” Whitaker said. “Cybersecurity is unending.”
NASCIO is also lobbying for greater harmonization of federal regulations for cybersecurity reporting. State CIOs report that hours are lost to duplicating reporting efforts to different federal agencies, a process that strains already limited resources and creates new cybersecurity risk.
“You’re talking hundreds of hours just to upload the same data to different federal agencies,” Whitaker said. “Every time you submit data, you’re opening the door to additional penetration or attacks.”
NASCIO is also seeking reauthorization of the FirstNet network, created by Congress in 2012 to mitigate communications challenges exposed by the September 11th terrorist attacks. The network supports more than 29,000 public safety agencies across the United State, and is used during hurricanes, wildfires and other disasters. FirstNet is currently authorized through February 2027.
“It’s demonstrated its value tremendously, for states and first responders to be able to communicate,” Whitaker said. “Letting a lapse in funding occur would really kind of roll the clock back on a lot of the work that’s being done.”