The National Governors Association announced Tuesday that it will work with officials in seven state and territorial governments to help them develop improved cybersecurity policies. Over the next six months, the seven governments will build strategies to address a range of information security issues, including bolstering critical infrastructure systems, assisting localities with their cybersecurity needs, and strengthening overall governance.
The participating states, chosen through a competitive application process, are Arkansas, Louisiana, Maryland, Massachusetts, Ohio and Washington, as well as Guam, which is implementing a recently adopted governmentwide cybersecurity strategy. Under the partnerships, the NGA’s cybersecurity policy staff will work with governor’s offices, chief information officers, and other officials on a broad array of cybersecurity issues.
Louisiana and Washington plan to build strategies to help protect critical infrastructure facilities. Power plants, electrical grids and other installations have been increasingly targeted by well-known cyberthreats, like the Trisis malware, which recently started probing U.S. electric utilities.
Meanwhile, Maryland and Arkansas will look to develop methods to help their local governments, which are often much more strained for IT resources and talent, build better defenses. At a cybersecurity conference hosted by NGA in May, state IT officials from around the country discussed the appeal of a so-called “whole-of-state” approach that brings together resources from state, county and local governments, and sometimes the private sector. And in one state — North Dakota — cybersecurity for all levels of government, including courts and schools, is being handled by the state government.
Those projects hew closely to NGA’s last cybersecurity policy academy, which focused on collaboration between state and local governments.
In Maryland, the NGA will help the state implement an executive order Gov. Larry Hogan signed last month. Hogan’s order created a new Maryland Cybersecurity Coordinating Council, a group of state-government executives who tasked with developing policy recommendations and strategies for how the state can respond to cyberattacks.
The program is distinct from an annual cybersecurity policy academy the organization conducts, which will aid Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia in improving their election security policies.