Challenges in whole-of-state cybersecurity shift examined

States transitioning into a whole-of-state cybersecurity approach were noted by officials to be hampered by the lack of sustainable funding and cybersecurity workers, reports StateScoop. Federal cybersecurity grants are not enough to address states' cybersecurity issues, said North Carolina Chief Risk Officer Torry Crass at the National Association of State Chief Information Officers annual conference. "The reality is it's not. Most of the grants are set up so it's one time you get to use the grant money to establish the tool or the service that you're looking at and then it's up to the local, the county, and the state to sustain after the initial infusion of capital," noted Crass, who added that certain cybersecurity services and tools had to be removed by states if they fail to identify new funding sources once the grant runs out. Meanwhile, Arizona Chief Information Security Officer Ryan Murray said that while the state has implemented the StateRAMP cybersecurity compliance program, evaluations of vendors are being hindered by the significant lack of cyber compliance analysts. Such predicaments have prompted former Arizona Security Program Manager Jennifer Pittman-Leeper to suggest cyber conversations between lobbyists and lawmakers to ensure adequate cybersecurity support in states.