10.5 Working with local government

State government support and coordination are essential for successfully implementing homeland security efforts. The list in Appendix B shows the contacts, addresses, phone numbers, and, where available, the Web sites for state-level homeland security offices. Several organizations of governments have provided research and assistance for state and local governments to work on homeland security initiatives and specifically cybersecurity.

The National Governors Association Center (NGAC) for Best Practices provides support to governors in responding to the challenges of homeland security leadership through technical assistance, policy research, and by facilitating their participation in national discussion and initiatives. Center activities focus on states' efforts to protect critical infrastructure; develop interoperable communications capabilities; and prepare for and respond to bioterrorism, agroterrorism, nuclear and radiological terrorism, and cyberterrorism impacting the government's ability to obtain, disseminate, and store essential information.

Interim Report of the Task Force on Protecting Democracy of the National Conference of State Legislatures, released in July 2002, makes several recommendations to state legislatures about cybersecurity, including the following:

• Require law-enforcement agencies to refocus security to include electronic threats as well as physical threats.

• Review and update your state laws and penalties regarding cyberterrorism.

• Conduct appropriate response exercises.

• Ensure appropriate and timely backup and maintenance of computer systems.

• Ensure that the legislature saves its electronic files outside a normal operating environment.

• Determine how classified information is shared in your state and who has access.

• Encourage universities and colleges to offer degrees or certificates in IA computer security.

• Establish computer emergency response teams (CERTs) in each state to respond to cyberattacks and assist with physical/intelligence technology vulnerability assessments.

• Establish university and college programs to supplement CERTs.

• Consider funding computer-crime units for state law-enforcement agencies, regional computer forensics labs, computer-investigative training for law-enforcement personnel, and state infrastructure protection centers.

The National Association of State Chief Information Officers (NASCIO) has established the NASCIO-DHS Interstate ISAC Information Sharing Program. All 50 states, the District of Columbia, and several of the U.S. territories are participating in the program. NASCIO also developed an enterprise architectural framework for government IS integration. The adaptive enterprise architecture is designed to support effectively the business of government, and it enables information sharing across traditional barriers, enhances governments' ability to deliver effective and timely citizen services, and supports agencies in their efforts to improve government functions.

The NASCIO Architecture Program and the Enterprise Architecture Development Tool Kit guides state and local government agencies in the definition, development, utilization, maintenance, and institutionalization of an enterprise architecture program. The NASCIO Architecture Working Group, comprising state, county, and federal CIOs and government and corporate architects, developed the NASCIO architecture framework and the explanatory document, the 'Enterprise Architecture Development Tool Kit.' As part of the architecture program, NASCIO continues to serve as a champion of the benefits of sound infrastructure and enterprise architecture. The NASCIO architectural framework is a nationally accepted foundation for IT architecture development.