Delaware Gov. Jack Markell is taking new steps to promote cooperation on cybersecurity initiatives among the state’s agencies and between the public and private sectors.
On Oct. 28, the governor signed an executive order to create the Delaware Cyber Security Advisory Council. Chief Information Officer James Collins will lead the new group of government and business leaders as they work to bolster the security of the state’s infrastructure and share information about cyberthreats.
“The biggest thing right now is we don’t know what we don’t know,” Collins told StateScoop. “I practice this philosophy that, together, we know everything.”
The council will be composed of at least 11 members, including Collins and Chief Security Officer Elayne Starkey, with more to be added at the governor’s discretion. The secretary of the Department of Safety and Homeland Security, the director of the Emergency Management Agency and adjutant general of the National Guard will also represent the state on the council.
The governor will choose three private sector representatives for the group, in addition to one representative from higher education. The presidents of the state’s League of Local Governments and Chamber of Commerce round out the council.
Collins calls the new group a “natural evolution” of Starkey’s work to raise awareness about cyberthreats across the state over the last few years, and he hopes it helps his staff at the Department of Technology and Information as they try to view cybersecurity through “a broader overall state perspective.”
He also sees the council as a key way to help the state refine its plans for responding to emergencies that could be triggered by a cyberattack.
“We’re not trying to stand up something totally separate, we think cyber is an important component of the state’s overall emergency preparedness strategy and incident response strategy,” Collins said.
But Collins stressed that the council’s capacity to encourage cooperation with the private sector is a huge reason behind its existence.
“What I envision this group doing is having a very specific conversation about the threats that businesses are seeing across their industries, some of the processes they’re putting in place to prevent those things, and identifying a very specific plan to respond to cyber incidents across those industries,” Collins said.
Beyond learning from businesses, Collins also anticipates sharing some of what the state’s IT staff have learned as they’ve worked to beef up Delaware’s defenses.
“We’re having a lot of conversations right now about how personally identifiable information is stored in the cloud and ‘how do we as the stewards of that information make sure the proper security is around that data?’” Collins said. “The cloud is not unique to state government, certainly private industry will be grappling with those issues, so we can probably be a resource for what we’ve learned from doing our due diligence on that.”
Starkey specifically hopes to involve representatives from Delaware’s utility providers to encourage close collaboration with the state on how to respond to any potential breaches in their networks.
“So much of our critical infrastructure is not owned by state government, and they’re a really important player in this whole mix,” Starkey said. “We’re looking at a partnership that can come together on a regular basis with important critical infrastructure providers as part of the council.”
But she’s also eager to reach out to small businesses in the state through the Chamber of Commerce, since many may not have the resources to detect and combat attacks.
“We have particular concern about small businesses and their level of vulnerability, them not knowing what some of the important areas are, so we look at this as a real opportunity,” Starkey said.
Collins said his department will “take the lead” in setting up the council’s meetings, but they’re currently waiting on the governor to make his appointments before they get the process started in earnest.
When the group does start meeting, Collins believes that the gatherings will mostly be open to the public, so that anyone can benefit from the tips and tricks the group shares.
“I don’t want anyone to think that it’s just the folks that are appointed, we’re going to have public meetings and we’ll be engaging industry experts that will benefit the broader community,” Collins said.