Artificial Intelligence & Machine Learning,
Critical Infrastructure Security,
Legislation
NASCIO Agenda Highlights AI Policy, Cybersecurity Investments, and Infrastructure Resilience
State Chief Information Officers (CIOs) are currently navigating a complex landscape filled with pressing issues such as artificial intelligence initiatives, modernization of legacy systems, cybersecurity enhancements, and resilience of critical infrastructure. These challenges are compounded by the continual demands for robust data privacy and disaster response planning.
The National Association of State CIOs (NASCIO) stresses that state programs do not need to tackle these challenges independently. The organization is actively endorsing federal initiatives and funding strategies that aim to empower state CIOs in addressing these critical concerns.
This year, NASCIO is prioritizing state flexibility, long-term investments in cybersecurity, and strategies for ensuring the longevity of critical infrastructure. Alex Whitaker, NASCIO’s Director of Government Affairs, noted that states are increasingly asked to manage national security aspects traditionally handled at the federal level, particularly as international cyber threats escalate.
As the cybersecurity landscape evolves, AI has overtaken traditional security concerns for state CIOs, leading NASCIO to oppose federal preemption of state AI policies. Currently, various states are formulating their own AI regulations, focused on data protection and accessibility, amidst a lack of comprehensive federal guidelines. Collaboration between federal and state agencies is crucial to support effective policy development.
NASCIO is also advocating for the reauthorization of the State and Local Cybersecurity Grant Program, a $1 billion initiative launched in 2022 that has provided essential support for training, system migration, and security upgrades. Whitaker emphasized the need for sustained funding for these initiatives, noting that cybersecurity challenges are constant and multifaceted.
In addition, the association is pushing for more consistent federal regulations regarding cybersecurity reporting, an effort aimed at alleviating the burden of redundant processes that consume valuable resources and increase vulnerability. The repetitive nature of these reporting requirements can divert attention away from critical security measures.
NASCIO is also seeking the reauthorization of the FirstNet network, designed to enhance communication for public safety agencies across the United States. The network has proven invaluable during crises and is set to remain authorized until February 2027. Whitaker cautioned that allowing funding to lapse could reverse significant progress made in improving public safety communications.
Given the increasing complexity of the cybersecurity environment, as well as the emergence of sophisticated threat vectors, a comprehensive understanding of tactics like initial access, privilege escalation, and persistence from the MITRE ATT&CK Matrix can help elucidate the strategies employed by potential adversaries. This understanding is crucial as state CIOs work to fortify their defenses, harness AI technologies, and navigate the interdependencies of state and federal cybersecurity initiatives.