These States Are Best Prepared for Challenges to Cybersecurity, Civic Tech

Most states are adequately prepared for cyber threats, according to the map.

Most states are adequately prepared for cyber threats, according to the map. Shutterstock


Connecting state and local government leaders

A state-by-state analysis by the Internet Association, a trade group for tech companies, examines states' IT modernization efforts against a handful of metrics.

Minnesota, California and Florida are the three states best prepared for challenges to cybersecurity and civic tech, according to an interactive map released this week by the Internet Association.

The SITARA map—an acronym for State, Local, Tribal, and Territorial Information Technology Advancing Reform Achievements—ranks states’ IT preparedness on a handful of metrics, including cloud-first initiatives, digital service innovation and efforts in cybersecurity, among other things.

The analysis uses a baseline of participation in information-sharing and analysis center programs that are recommended by the Cybersecurity and Infrastructure Security Agency, considered the “bare minimum” that a government can do, said Omid Ghaffari-Tabrizi, director of cloud policy for the Internet Association, a trade association for technology companies.

“Considering that participation in these two organizations is one of the easiest and most responsible ways that a government can establish a cybersecurity posture, it was a really easy choice,” he said at a media briefing on Monday.

The map and rankings are designed to give government agencies and employees in different places a broad sense of how their modernization efforts compare to those of their peers, Ghaffari-Tabrizi said, as well as give them new ideas for further innovation.

“Anyone using SITARA...will be able to look at successful examples from across the country, choosing what works best for them in their own particular set of circumstances,” he said.

The map “also shows where additional support, whether from the federal government or through the budgeting process, can help states and territories move beyond baseline metrics,” the organization said in a statement.

The state-by-state analysis is helpful because different localities have “unique circumstances” when it comes to public sector IT infrastructure, Ghaffari-Tabrizi said. 

“There is no quote-unquote ‘right way’ to modernize, especially not right now,” he said. “Every state has to choose a path that works best for them.”

For example, he noted, Minnesota, California and Florida all achieved their high rankings in different ways. Minnesota, which holds the top spot, addressed all three categories, scoring well in cybersecurity (four out of a possible seven points), modern IT infrastructure (five out of a possible six points) and modernization efficacy (five out of a possible eight points). By contrast, California, tied with Florida for second, is “behind in rolling out a modern IT infrastructure,” while Florida “has only hit the baseline as it relates to the cybersecurity posture.”

Those states are a microcosm of the map’s key findings, which show that most states are missing at least one of the three key components of what the association calls “a modern digital government experience.” And while most states are adequately prepared for cyber threats, most are “only getting started with their IT modernization plans.” Even the top-scoring states achieved scores of “very good,” not “exceptional” or “excellent,” the best possible rankings.

The threat of cyberattacks was reemphasized this week with the revelation over the weekend that the U.S. Treasury and Commerce Department had been breached in attacks, possibly by a foreign government, made through hacking of the SolarWinds Orion software used by many federal government agencies. SolarWinds also contracts with state and local governments. 

Ghaffari-Tabrizi said his organization hopes to continuously review states’ progress on IT modernization and update the map accordingly, hopefully leading to what he called a “race to the top.”

“There’s really just no one-size-fits-all approach,” Ghaffari-Tabrizi said. “There are ways that states and territories can use what others have done. They can learn to do for themselves what SITARA shows what others have done throughout the country.”

Kate Elizabeth Queram is a staff correspondent for Route Fifty and is based in Washington, D.C.

NEXT STORY: Computer Science Jobs Pay Well and Are Growing Fast. Why Are They Out of Reach for So Many of America's Students?