38 governors sign cybersecurity compact

As leadership of the National Governors Association changes hands, state leaders pledge commitment to bolstering cybersecurity defenses in their states.

With cyberthreats growing in number and sophistication, 38 governors have signed a compact pledging commitment to cybersecurity efforts that protect state systems and data.

The announcement came Friday after a yearlong initiative spearheaded by Virginia Gov. Terry McAuliffe, the National Governors Association’s outgoing chair, to create guidelines that could be universally applied across states and promote cybersecurity generally. Under an initiative called Meet the Threat, governors were advised to institute cybersecurity governing bodies, organize computer crime units for law enforcement agencies, design cybersecurity education programs for staff and coordinate state efforts with cities and counties.

Alongside the compact signing, Nevada Gov. Brian Sandoval, a Republican, took the reins from McAuliffe, a Democrat, as the new chair of NGA. 

“The goal of my initiative as NGA chair was to elevate the importance of cybersecurity on every governor’s agenda. To do that, we had to highlight why cybersecurity was more than just an information technology issue,” McAuliffe said in a press release. “I am proud that, throughout the last year, we have successfully engaged governors and their states on strengthening their cyber protocols and recognizing that cybersecurity is a technology issue, but it’s also a health issue, an education issue, a public safety issue, an economic issue and a democracy issue.”


On April 24, at the National Association of State Chief Information Officers, McAuliffe said his push to standardize cybersecurity measures across states was driven by the federal government’s “poor job” of designing a national strategy for states. The lack of a federal framework, he said, was the result of legislators’ seeking to maintain authority on the issue across all of the many House and Senate committees.

“It is spread over all different types of committees,” McAuliffe said in April. “Which has made Congress very ineffectual.”

McAuliffe said the Meet the Threat initiative prompted work that includes 12 executive orders, 14 signed bills, and 17 initiatives led by governors.

“In New Mexico, Gov. [Susana] Martinez signed legislation clarifying when the National Guard can be used during cyber events,” McAuliffe said. “In Oregon, Gov. Kate Brown signed an executive order to unify all cybersecurity efforts into one agency. Lastly, our incoming [NGA] chair, Gov. Sandoval, recently signed a bill to create a cyber defense center to lead all their cyber projects in Nevada.”

McAuliffe’s cybersecurity initiative will continue as part of the NGA’s Resource Center for State Cybersecurity, which McAuliffe co-chairs with Republican Michigan Gov. Rick Snyder, and as part of the NGA’s Governor’s Guide to Cybersecurity, an outline for state officials on steps to improve cybersecurity.

Latest Podcasts