IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Idaho Takes Task Force Approach to Statewide Cybersecurity

Co-chairs Tom Kealey and Zach Tudor explain how the Idaho Cybersecurity Task Force will gather a holistic view of the state’s cybersecurity resources and needs to inform its recommendations to the governor in early 2022.

Zach Tudor at Cyber Press Conference.jpg
Zach Tudor speaks at Gov. Brad Little's press conference on cybersecurity.
Courtesy of Idaho National Laboratory
Idaho’s new cross-sector Cybersecurity Task Force will meet for the first time next week, launching a six-month effort to producecybersecurity recommendations in time to inform the governor’s next budget.

States across the nation are grappling with threats to public and private organizations and essential networks, as well as difficulties hiring enough cyber talent. Idaho’s task force aims examine all these issues together for a more coordinated, informed approach to challenges and is turning to 19 members with varied backgrounds to help it do so.

The 19-member team includes state officials reflecting federal, urban and rural viewpoints, as well as the IT and Emergency Management departments. Other members represent higher education, elections, utilities, finance and other interests, said Tom Kealey, task force co-chair and director of the state Department of Commerce.

This creates opportunities for organizations’ discussions of their existing and expected future cyber talent needs to inform how universities design their cyber curriculums, as well as for insights from Idaho Sen. James Risch’s office about upcoming federal funding opportunities and programs that the state may want to get ready to take advantage of, Kealey told Government Technology.

The new entity is expected to promote information sharing and better understanding of various organizations and sectors’ needs and challenges, as well as of the resources available. This can help connect under-resourced organizations to existing state and federal supports as well as advice.

Federal organizations like the Cybersecurity and Infrastructure Security Agency (CISA) publish a variety of cybersecurity resources, for example, but the task force can help organizations get the most out of them by adding state-specific context, explained Zach Tudor, co-chair and Idaho National Laboratory (INL) associate laboratory director, in a separate conversation with Government Technology. It can also help consolidate and distribute federal guidance.

“We can tailor some of the recommendations and understandings to our local economy as opposed to those national issues,” Tudor said. “[For example,] what are some of the vulnerabilities for agriculture, and the processing of all of those wonderful potato products that we make?”

It was also important to ensure that the group's membership reflect different constituencies to ensure everyone would “take it seriously,” Tudor said.

The task force will hold four monthly meetings from August to November 2021, before taking an additional two months to prepare a report for Gov. Brad Little outlining actionable steps and priorities. Tudor said he expects the effort to be a one-off initiative.

SUBCOMMITTEE STRATEGY


The task force plans to develop a variety of subcommittees that drill deeper into specific focus areas and bring in the voices of additional experts. Kealey said that the first meeting will likely involve identifying five to 10 subcommittees. He and Tudor said topics may include IoT security and election systems security.

The latter is of particularly keen interest as the 2022 midterm elections approach, Tudor said, and the governor highlighted it in an Aug. 5 press conference announcing the formation of the group. Former Secretary of State Ben Ysursa will bring an inside perspective to the team as one of the members.

Kealey said lessons from other task forces guided the decision to keep a relatively sleeker membership count while using subcommittees to add further viewpoints as needed. Kealey previously chaired a state broadband task force where he said the 38-person membership was “a little bit more cumbersome.”

EXPANDING BEYOND 2015 EFFORTS


Using a task force to address cyber needs is not entirely new for the state, where former Gov. Butch Otter established his own state Cybersecurity Task Force in 2015 with then-Lt. Gov. Little as its head.

That group’s recommendations lead to the 2017 creation of a new position — the state director of information security, per theIdaho Statesman. The inaugural office holder, Jeff Weak, is now serving on the 2021 task force in his current capacity as director of Information Technology Services.

This latest task force is launching against a backdrop of new threats but also greater state and federal government funding for cyber defenses, Kealey said. Its membership also reaches farther than the 2015 task force, which had more closely focused on state government, according to the co-chairs.
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.