State CIO Bo Reese testifies at U.S. Senate committee
Head of OMES Information Services speaks on federal cybersecurity regulations
WASHINGTON — Duplicative and inconsistent federal
regulations can hinder efforts to unify states’ information technology, save
taxpayers’ money and secure citizens’ data, Oklahoma Chief Information Officer
Bo Reese testified today before the U.S. Senate Homeland Security and Governmental
Affairs Committee.
“Over the past five years, (OMES has) reduced these
redundancies, made large strides to unifying technology, and completed
consolidation of 76 of the 78 mandated
state agencies and more than 30 voluntary agencies,” said Reese, who leads
the Information Services division for the Office of Management and Enterprise
Services.
“Consolidation has resulted in $283 million of estimated
reduced spending and projected savings,” Reese said. Oklahoma’s IT unification
has also created a robust cybersecurity program, Oklahoma Cyber Command. In
2016, Cyber Command successfully responded to about 32,000 cases of unique
malware, about 750 instances of malicious activity and nearly 400 occasions of
unauthorized access.
“We appreciate efforts by the federal government to secure
and protect sensitive citizen information because we also share that responsibility
at the state level,” Reese said. “But, we must accomplish our shared goal
without overly burdening state governments, ensuring that we are delivering
government services to citizens in the most efficient and cost-effective
manner.”
Reese, who also serves as vice president of the National
Association of State Chief Information Officers, was invited to testify at the
hearing, “Cybersecurity Regulation Harmonization,” to give an overview on how
federal data security regulations impact the work of CIOs to introduce
efficiencies and generate savings.
“State CIOs and chief information security officers must
comb through thousands of pages of federal regulations to ensure that states
are in compliance with rules from our federal partners,” he said. “Even though
many federal regulations are similar in nature, in that they aim to protect
high-risk information, they are mostly duplicative but have minor differences
which can obscure the goal of IT consolidation, the whole point of which is to
streamline IT applications and simplify the enterprise IT environment to
produce savings for taxpayers.”
In his testimony, Reese brought attention to several federal
cybersecurity regulations that pose obstacles for state IT unification and
risk-based cybersecurity investments. Examples included differences in IRS and
FBI regulations on what to include in passwords and how long to keep them.
Reese also called on federal regulatory agencies to
normalize the federal cybersecurity compliance audit process which encourages
states to make counterproductive compliance investments instead of ones based
on risk.
“This approach is problematic for state government
cybersecurity because it encourages state CIOs to make check-the-box compliance
investments instead of ones based on risk, which is the more secure approach to
managing sensitive data.”
Reese’s full testimony and a recording of the hearing can be found on the U.S. Senate Homeland Security and Governmental Affairs Committee website.
Media Contact
MICHAEL BAKER Director of Public Affairs (405) 522-4265 | michael.baker@omes.ok.gov
About the Office of Management and Enterprise Services
The Office of Management and Enterprise Services
provides financial, property, purchasing, human resources and
information technology services to all state agencies, and assists the
Governor’s Office on budgetary policy matters. Our mission: Supporting our partners through unified business services. For more information, visit OMES.OK.gov.
|
|