On October 23, NASCIO member and Missouri CIO Dan Ross testified on behalf of the state of Missouri and NASCIO before the U.S. House Oversight and Government Reform Subcommittee on Information Policy, Census and National Archives on efforts to prevent and respond to Internet disruptions at the state level.
Ross's testimony, provided at the request of the Subcommittee Chairman Wm. Lacy Clay (D-MO), emphasized information technology (IT) security as a vital component in securing our nation's Internet infrastructure and described the important role that the CIOs and their IT security personnel play in responding to Internet and critical IT system disruptions, when they occur.
"As the nation becomes increasingly Internet- and technology-dependent, the need to avert a prolonged, large-scale loss or disruption of critical IT infrastructure or the Internet due to a cyber attack, natural disaster, or terrorist incident, becomes as basic as securing our homes, borders and modes of mass transportation," wrote Ross in his full written testimony. "However, should an Internet or network disruption take place, it is essential that we have effective and well-coordinated processes in place to ensure successful and rapid restoration of critical IT systems and applications as well as the Internet."
Ross's testimony called attention to the need for effective planning and coordination in responding to an Internet and critical IT system disruption indicating that state CIOs and their IT security personnel are increasingly forging partnerships with state homeland security, emergency management, law enforcement and public safety officials to plan for the potential of major disruptions and security events.
"Today's IT security domain is in a constant and evolving state of threat," said NASCIO Executive Director, Doug Robinson. "Should a critical IT system, application, or an Internet disruption take place, it is critical that effective and well-coordinated processes are in place to ensure rapid restoration of services. Successful restoration processes must, however, involve an upfront investment in both human and technology resources. A reactionary response to a security event will only patch system disruptions."
