The team was formed by the governor as a means to protect against the millions of cyberattacks volleyed at its computers each year.
Vermont Gov. Phil Scott signed an executive order Tuesday creating a cybersecurity advisory team.
In the face of "increasingly sophisticated cyberattacks," Scott, a Republican, created a team designed to protect the state's "vulnerability to adverse economic impacts, life-threatening institutional disruption, critical infrastructure damage, privacy violations and identify theft." At the official announcement, Scott was joined by leaders from the Agency of Digital Services, the Department of Public Safety and the Vermont State Police, each of whom play a role in protecting the state's digital infrastructure.
The governor reported that there have been more than 3.3 million attacks on the state's networks since January, and while none of them were successful, the state must advance cybersecurity coordination, information sharing and emergency response capabilities.
The newly formed team will consist of "no more than" 10 members appointed by the governor and may include both those from inside and outside state government. State members designated for the cybersecurity advisory team include:
- The chief information security officer.
- The chief information officer.
- The governor’s homeland security advisor or designee.
- A representative from the Vermont National Guard.
- The attorney general or designee.
- A representative from Vermont Emergency Management.
The remaining officials from outside state government are permitted to include leaders from "the utilities sector, higher education health care, and business," and the team is permitted to consult with the private sector, cybersecurity officials in other states and those in the federal government.
The order calls for the team to meet once a quarter, starting Oct. 15, to develop a strategic plan for protecting the state's information and systems, evaluate statewide readiness, build relationships and partnerships, and make recommendations on workforce, public education, training, and legislative changes.
Vermont's new team follows growing concern related to cybersecurity among state governments, which frequently cite a lack of adequate funding to protect themselves. The National Association of State Chief Information Officers released its Annual Survey results last week, noting that cybersecurity remains both a the top priority for CIOs and one that officials are acting on. Almost all CIOs — 95 percent — report their of states have adopted cybersecurity frameworks based on national standards and guidelines, compared with just 78 percent adoption in 2013.
These standards are guidelines are manifesting in the creation of new advisory bodies and operational centers, like the California Security Operations Center announced last month, or the international partnerships sought by the State of Maryland. The Georgia Technology Authority is now building a 167,000-square-foot facility expected to open summer 2018 that bridges law enforcement, research, education, private industry, and state government operations in ways so far seen nowhere else in the country.