The seven-page report (click here for PDF), which was released Wednesday by the National Association of State Chief Information Officers, recommends that the Department of Homeland Security pay for fellowships for state and local employees in the agency's , better define and market what federal resources exist for combating cyberthreats, and hand over more funding for local training programs.
The organization took its cues from a survey last summer of chief information officers or chief information security officers in 27 states that house 57 percent of the American population. All 50 states and the District of Columbia were invited to respond. Neither the report nor its appendix named the states that ultimately supplied answers.
Respondents to the wide-ranging survey reported weaknesses in numerous areas. As many as one-third of the officials surveyed said they were "generally unfamiliar" with federal plans and documents related to cybersecurity. More than half said they had never sought federal assistance during cybersecurity incidents.
Although most of the officials said they had adequate information about "automated" attacks, such as worms and viruses, about half said they lacked sufficient information about "directed" external threats from "hackers/crackers, organized criminals, potential terrorists, etc.," the report said. A solid majority also reported having "inadequate or no information" about threats posed by "internal ineptitude" or "internal maliciousness."
More than half of the respondents said they had trouble finding information security professionals with enough education and experience in the field. Nearly all of the surveyed officials called for local community and technical colleges to offer associate's degree programs in "practical cybersecurity."
Democrats on the U.S. House of Representatives Homeland Security Committee were quick to back the survey's findings, issuing their own report (click here for PDF) that largely echoed the state officials' concerns.
"An effort by the department to promote and publicize its key cyberdocuments, offer high-quality training to state and local officials, and create a budget that reflects its priority toward securing state and local cyberspace will go far in achieving the national cybersecurity that all Americans desire," they wrote.
Homeland Security representatives did not immediately respond to requests for comment on Thursday.