The state now looks for a director who can begin staffing the new office and bolstering the government's networks, which one expert says need "a lot of changes."
Nevada Gov. Brian Sandoval. (Desert Research Institute / Flickr)
With the signing of a new bill this month, Nevada Governor Brian Sandoval has created a dedicated office for cybersecurity defense within the Nevada Department of Public Safety.
AB 471, which passed unanimously in the Senate (21-0) and nearly unanimously in the house (40-0-2), created a new body called the Nevada Office of Cyber Defense Coordination (OCDC). Sandoval, who signed the bill into law on June 5, has emphasized efforts to raise the state’s technology profile and leadership in the past, especially in his January State of the State address, in which he announced $3.5 million earmarked for the construction of this new office.
“There are now five battlefields in our constant fight for safety and security: land, sea, air, space and cyberspace,” Sandoval said in a statement. “I’m proud to create Nevada’s first Cyber Defense Center which will be tasked with detecting, preventing, and responding to attacks. We must remain vigilant and stay ahead of those who seek to steal our private information and endanger our resources.”
The OCDC will primarily act as a one-stop-shop for all cybersecurity-related cases facing the state and an overseer in the increasingly dangerous world of IT security. The director of the Department of Public Safety has yet to name an administrator of the OCDC, though whoever is named will be permitted to appoint “a number of employees which the director determines to be sufficient to carry out the duties of the office,” according to the bill.
Tony Rucci, director of information security and threat intelligence for Information International Associates, told StateScoop Nevada’s path on cybersecurity is a good one, but challenges lie ahead.
“The reality is, the director of public safety isn’t going to understand the breadth of the requirements and capabilities, so it will be imperative that new director [of the OCDC] is able to defend his positions in enhancing security platforms, requirements of scanning and providing resiliency and upgrades,” Rucci said. “Right now, the networks are not resilient, and a lot of changes need to be made.”
Under the Department of Public Safety, the OCDC has been tasked with periodically reviewing state IT systems and identifying risks in those systems, while creating policy and making recommendations, in the name building an infrastructure that can withstand digital attacks. The bill also stipulates the office establish and circulate policy and procedure for threat preparedness, assessment, mitigation and notification throughout the state.
The bill also directs partnerships to be formed between the OCDC and the Nevada System of Higher Education, local governments, and private sector IT and cybersecurity firms that could assist the government in establishing its cybersecurity defense plan.
Nevada isn’t alone in its state-level cybersecurity defense efforts. New Jersey, Oregon California, Washington and Idaho have all taken steps towards research and defense, but not all have placed their respective offices under the Department of Public Safety like Nevada.