This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners and the latest on effective security awareness."
Download it now to read this article plus other related content.
Government, by necessity, is undergoing significant transformation. This is particularly noteworthy because resilient governments, by design, change slowly. Radical changes in democratic states can create scenarios where citizens lose rights and control over their freedoms. We need to be mindful of both the opportunities and potential outcomes as we make decisions about how transformation will occur.
The first condition in transformation is a sense of urgency, as cited by Harvard Business School professor and change expert John Kotter in his eight-step framework for change (other conditions can be found in the National Association of State Chief Information Officers'
Technological innovation is a core response many government entities consider as they face fiscal challenges and undergo transformation. Technology, if developed correctly, can bring the efficiencies needed to address the growing mismatch between increased service demand and diminishing financial resources. It can provide citizens with a central, easy to find, place to do business. This efficiency can also be extended to encompass multiple scenarios whereby many governmental bodies share the same technology to provide multiple services to the same citizen. A good example is a one-stop online shop for creating a business -- a single place to incorporate, buy a business license, and pay business taxes.
Even democracy itself can be transformed by modern technology. One of the arguments for the creation of the Electoral College was the geographic inability for all candidates and electors to travel and vote. If individual votes can be validated by technological means through online voting, why maintain the Electoral College with its face to face validation of the decisions of electors?
Technology can allow governmental leaders to rethink how government works without the constraints of geographic requirements. DMV functions (like reissuance of driver licenses) that reside with state governments can be leveraged across the intergovernmental boundaries of counties and municipalities without a local physical presence. Similar capabilities can be leveraged from a county or city statewide. This capability, if captured and expanded, could make legacy governmental boundaries porous, allowing evolution of government functions toward more capable, more widely distributed, technologically-enabled entities.
Of course, in any aggregated service model that is geographically distributed, information security becomes critical. Confidentiality, integrity, and availability needs are amplified concurrently with the aggregation of data stored and processed. Moreover, if the integrity of technology -- such as electronic voting -- is compromised, the results would be catastrophic.
So how do we intelligently embrace emerging technologies in the transformational model described above? To capture the most favorable outcomes, I believe we need to focus on four major areas:
- Vision and Empowerment to Act. Without strong leadership and executive sponsorship for the technologically enhanced vision, effective transformation does not occur. Once formed, the vision must be implemented and individuals empowered to act.
- Strong Architecture and Rigorous Security Controls. Good architecture reflects business needs that have been distilled into an appropriate IT response. It also provides a means to measure outcomes and quantify costs in a manner meaningful to those who control government budgets. Rigorous controls, including continuous monitoring, build confidence and trust in the reliability of information stored and utilized by government and in the shared understanding that information security represents money well spent. Reliable data and the security of confidential information is a fundamental requirement of many governmental functions. Governments fail if they cannot provide trust with the systems they use.
- Effective Intergovernmental Collaboration. In an efficient, citizen-centric world, governmental entities collaborate. Without the geographic constraints, successful technical solutions developed at any level of government can be leveraged for all citizens. Contract costs can be reduced and IT capabilities can also be improved by capturing larger enterprise economies of scale.
- Effective Public/Private Collaborative. The transformational model is incomplete if we limit the scope of solutions. There are civic-minded individuals in the private sector who provide necessary feedback on security solutions and dedicated and effective IT professionals in the public sector who bring context and capability to solutions. When we value and capture the capabilities of all entities, we form communities of collaboration and defense. We also provide better service to the citizens.
While Nevada faces tremendous challenges, we are not searching blindly for a path. Four years ago, Nevada embraced intergovernmental collaboration through regular meetings of the State of Nevada Entities Technical Alliance (SNETA) and formal adoption of the Nevada Shared Information Technology Systems (NSITS) governance The "Nevada Experience" has been underpinned by the continuing evolution of the state Technological Crime Advisory Board, which is comprised of key federal, state, local and private sector decision makers spanning the legal, law enforcement, commercial, technological, education, and legislative communities. The advisory board's actions and recommendations support Nevada IT security professionals at all governmental levels, who, themselves, communicate regularly on current challenges and shared responses.
The fiscal crisis has been sufficiently long so that political posturing is decreasing along with a genuine realization that cooperation is the only remaining option. At the same time, security is a fundamental component of change that ensures rights and democracy.
By necessity, I'm optimistic. When the economy improves, Nevada will emerge from the crisis with streamlined capabilities that embrace information security as both a business and government enabler.
|SECURITY 7 AWARDS|
Title: Chief Information Security Officer
Organization: State of Nevada
Credentials: CISSP, CISM, Information Systems Security Architecture Professional (ISSAP)
INFORMATION SECURITY MAGAZINE'S 6TH ANNUAL SECURITY 7 AWARDS
Consumerization of IT and enterprise evolution: Consumer devices in the workplace and the shift to cloud services require new security standards.
An effective information security program requires ongoing monitoring: A successful information security program uses ongoing oversight and monitoring to manage risks.
Online banking security is a balancing act: Online banking security requires providing users with choices in order to minimize risk without becoming intrusive.
Government transformation through technological innovation: The economic crisis gives government entities the opportunity to change for the better.
Maintaining health care privacy and security: In the world of health care, the more we value privacy, the harder we work to protect it.
Implementing an information security strategy in a decentralized environment: Implementing data security in a decentralized organization requires a collaborative approach.
Fighting online fraud requires delicate balance: Countermeasures for thwarting Internet fraudsters must be balanced with customer service.
This was first published in October 2010