How Your Governor Is Keeping Your State Cyber-Secure

Less than two weeks into Cybersecurity Awareness Month, we’ve already had two major breaches. More than 3 billion Yahoo! users’ had their information compromised, and 145 million people were notified their data had been exposed as part of a breach of the credit monitoring firm Equifax.

On top of that, last year we saw how the Mirai botnet closed access to major web domains, the WannaCry ransomware disabled dozens of hospitals across the United Kingdom and its cousin NotPetya forced the closure of port facilities in Los Angeles.

It’s easy to get lost in the seemingly never-ending cycle of bad news and throw your hands up. Which is why it’s good to know some elected officials are working not only to stamp out these threats, but also to prevent them from happening in the first place.

Governors, through the National Governors Association (NGA), have put cybersecurity at the forefront of their agendas. Virginia Gov. Terry McAuliffe chose cybersecurity as the focus of his chair’s initiative, Meet the Threat: States Confront the Cyber Challenge. This yearlong project engaged states across the country, promoted cybersecurity as more than just an IT issue and offered concrete policy steps toward confronting the threat.

Nevada Gov. Brian Sandoval, the current chair of NGA, recently created the Nevada Office of Cyber Defense Coordination. Nevada is one of many states moving aggressively to defend citizen data and critical services from cyber criminals.

In the past year alone, at least 41 states have introduced more than 240 pieces of legislation related to cybersecurity, and governors signed more than 35 of these into law, addressing issues such as:

· National Guard: North Dakota and New Mexico enacted legislation authorizing governors to activate the National Guard in case of a cyberattack.

· Cyber crime: Texas, Wyoming and Virginia increased the penalty for particularly serious computer crimes.

· Reorganization: Mississippi, Oregon, Utah and Texas restructured how they manage state technology resources, consolidating offices and making state systems easier to defend.

· Information sharing: Colorado, Iowa, Florida and Washington amended existing law to encourage private companies to share information on cyberattacks with state authorities.

· Education: Nevada and Texas introduced statutory requirements for cybersecurity education in public schools.

Some governors have acted unilaterally. In Rhode Island, South Carolina, Idaho and Connecticut, governors appointed dedicated cybersecurity advisors. Former New Hampshire Gov. Maggie Hassan created a statewide integration cell to exchange cyber threat intelligence among state, local, private and federal partners. Rhode Island Gov. Gina Raimondo launched a program to bring advanced computer science instruction into every public school, and Gov. McAuliffe kicked off Cyber Vets Virginia to help veterans obtain cybersecurity training.

States will not drop their guard when it comes to cybersecurity. Adversaries are persistent and will continue to probe for weaknesses, especially as emerging technologies integrate computers into every aspect of daily life, increasing risks to public safety.

Governors understand they cannot offload the responsibility of keeping their citizens safe onto agencies or other state offices. It is only through a whole-state approach involving cabinet secretaries, emergency managers, education leaders, criminal investigators, businesses and others can alleviate these dangers.

It’s governors who are working across the aisle, launching innovative cybersecurity programs and devoting the critical time and attention this pressing problem requires to keep the people of their states safe from future attacks.

David Forscey is a policy analyst with the National Governors Association Center for Best Practices Homeland Security and Public Safety Division.