Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Christopher Ipsen: Government transformation through technological innovation

The economic crisis gives government entities the opportunity to change for the better.

Government, by necessity, is undergoing significant transformation. This is particularly noteworthy because resilient governments, by design, change slowly. Radical changes in democratic states can create scenarios where citizens lose rights and control over their freedoms. We need to be mindful of both the opportunities and potential outcomes as we make decisions about how transformation will occur.

The first condition in transformation is a sense of urgency, as cited by Harvard Business School professor and change expert John Kotter in his eight-step framework for change (other conditions can be found in the National Association of State Chief Information Officers' Transforming Government Through Change Management). When the national economy plummeted in 2008, Nevada state government responded immediately by reducing projected budgets by 20 percent. Now, two years later, Nevada is facing an additional 45 percent budget shortfall. Our state government is being challenged by a significant increase in demand for services compounded by a decrease in funds to respond. Nevada typifies the sense of urgency condition facing most government entities today.

Technological innovation is a core response many government entities consider as they face fiscal challenges and undergo transformation. Technology, if developed correctly, can bring the efficiencies needed to address the growing mismatch between increased service demand and diminishing financial resources. It can provide citizens with a central, easy to find, place to do business. This efficiency can also be extended to encompass multiple scenarios whereby many governmental bodies share the same technology to provide multiple services to the same citizen. A good example is a one-stop online shop for creating a business -- a single place to incorporate, buy a business license, and pay business taxes.

Even democracy itself can be transformed by modern technology. One of the arguments for the creation of the Electoral College was the geographic inability for all candidates and electors to travel and vote. If individual votes can be validated by technological means through online voting, why maintain the Electoral College with its face to face validation of the decisions of electors?

Technology can allow governmental leaders to rethink how government works without the constraints of geographic requirements. DMV functions (like reissuance of driver licenses) that reside with state governments can be leveraged across the intergovernmental boundaries of counties and municipalities without a local physical presence. Similar capabilities can be leveraged from a county or city statewide. This capability, if captured and expanded, could make legacy governmental boundaries porous, allowing evolution of government functions toward more capable, more widely distributed, technologically-enabled entities.

Of course, in any aggregated service model that is geographically distributed, information security becomes critical. Confidentiality, integrity, and availability needs are amplified concurrently with the aggregation of data stored and processed. Moreover, if the integrity of technology -- such as electronic voting -- is compromised, the results would be catastrophic.

So how do we intelligently embrace emerging technologies in the transformational model described above? To capture the most favorable outcomes, I believe we need to focus on four major areas:

  • Vision and Empowerment to Act. Without strong leadership and executive sponsorship for the technologically enhanced vision, effective transformation does not occur. Once formed, the vision must be implemented and individuals empowered to act.
  • Strong Architecture and Rigorous Security Controls. Good architecture reflects business needs that have been distilled into an appropriate IT response. It also provides a means to measure outcomes and quantify costs in a manner meaningful to those who control government budgets. Rigorous controls, including continuous monitoring, build confidence and trust in the reliability of information stored and utilized by government and in the shared understanding that information security represents money well spent. Reliable data and the security of confidential information is a fundamental requirement of many governmental functions. Governments fail if they cannot provide trust with the systems they use.
  • Effective Intergovernmental Collaboration. In an efficient, citizen-centric world, governmental entities collaborate. Without the geographic constraints, successful technical solutions developed at any level of government can be leveraged for all citizens. Contract costs can be reduced and IT capabilities can also be improved by capturing larger enterprise economies of scale.
  • Effective Public/Private Collaborative. The transformational model is incomplete if we limit the scope of solutions. There are civic-minded individuals in the private sector who provide necessary feedback on security solutions and dedicated and effective IT professionals in the public sector who bring context and capability to solutions. When we value and capture the capabilities of all entities, we form communities of collaboration and defense. We also provide better service to the citizens.

While Nevada faces tremendous challenges, we are not searching blindly for a path. Four years ago, Nevada embraced intergovernmental collaboration through regular meetings of the State of Nevada Entities Technical Alliance (SNETA) and formal adoption of the Nevada Shared Information Technology Systems (NSITS) governance The "Nevada Experience" has been underpinned by the continuing evolution of the state Technological Crime Advisory Board, which is comprised of key federal, state, local and private sector decision makers spanning the legal, law enforcement, commercial, technological, education, and legislative communities. The advisory board's actions and recommendations support Nevada IT security professionals at all governmental levels, who, themselves, communicate regularly on current challenges and shared responses.

The fiscal crisis has been sufficiently long so that political posturing is decreasing along with a genuine realization that cooperation is the only remaining option. At the same time, security is a fundamental component of change that ensures rights and democracy.

By necessity, I'm optimistic. When the economy improves, Nevada will emerge from the crisis with streamlined capabilities that embrace information security as both a business and government enabler.


Christopher Ipsen

Title: Chief Information Security Officer

Organization: State of Nevada

Credentials: CISSP, CISM, Information Systems Security Architecture Professional (ISSAP)


  • Responsible for information security oversight of the statewide network infrastructure known as the Silvernet, which is used by all local and state government agencies and elected officials.
  • One of several drafters and the primary technical contributor of the revised Nevada Data in Transit Encryption Law, SB227. Testified in support of the legislation's technical merits as well as to why government agencies should be subject to the same encryption requirements as business. The legislation passed unanimously last year amid political contention and unprecedented gubernatorial vetoes.
  • Developed and fostered relationships with key IT, law enforcement, legislative, and business leaders within the state, which led to his selection as state representative on several key intergovernmental workgroups, including the Nevada Technological Crime Advisory Board (TCAB), the Nevada Shared Information Technology Systems, NASCIO, and the Nevada Threat Advisory Board (Fusion Center).
  • Instrumental in developing a statewide unified business portal that will provide a consolidated security capability that can be leverage by all state entities. The multi-million dollar project received legislative approval despite a state budget reduction of 30 percent.
  • Under his leadership, Nevada has been at the national forefront of developing security standards for emerging technologies. Nevada was the first state to produce a statewide security standard on server virtualization.


Consumerization of IT and enterprise evolution: Consumer devices in the workplace and the shift to cloud services require new security standards.
An effective information security program requires ongoing monitoring: A successful information security program uses ongoing oversight and monitoring to manage risks.
Online banking security is a balancing act: Online banking security requires providing users with choices in order to minimize risk without becoming intrusive.
Government transformation through technological innovation: The economic crisis gives government entities the opportunity to change for the better.
Maintaining health care privacy and security: In the world of health care, the more we value privacy, the harder we work to protect it.
Implementing an information security strategy in a decentralized environment: Implementing data security in a decentralized organization requires a collaborative approach.
Fighting online fraud requires delicate balance: Countermeasures for thwarting Internet fraudsters must be balanced with customer service.
Article 9 of 13

Dig Deeper on Government information security management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All