Georgia Gov. Kemp orders cybersecurity training for state employees

Recent ransomware attacks and nudging from national associations have prompted the governor to mandate all state employees undergo twice-yearly training.
Brian Kemp
Brian Kemp (Getty Images)

Citing several recent ransomware attacks at the state and local levels, Georgia Gov. Brian Kemp this week issued an executive order instructing state employees to undergo semiannual cybersecurity training and tweaking the state’s executive cybersecurity board.

July brought ransomware attacks against both the state’s court system and the Department of Public Safety, while several local governments around Georgia — most notably Atlanta — have suffered attacks that were both severe and expensive.

“The State of Georgia must take immediate and comprehensive action to better defend against cyber intrusions, prioritize intergovernmental cybersecurity, and enhance the protection of critical data,” read the order from Kemp, who while serving as Georgia’s secretary of state once mistook a federal worker verifying a professional license for a cyberattack.

Kemp’s order references a July 29 memorandum from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency that urged state and local governments to take “immediate action” to shore up their defenses against ransomware.


“The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries,” read the statement, which was also signed by the National Association of State Chief Information Officers, National Governors Association and the Multi-State Information Security and Analysis Center.

Under Kemp’s order, the Georgia Technology Authority will submit educational materials to the cybersecurity board, which will then establish the coursework for the twice-yearly training for state employees.

The order also stipulates that the first round of training be completed within 90 days of Kemp’s directive, and that employees who do not comply with the training requirements receive punishments as severe as being fired. The order extends to all parts of the state government’s executive branch.

The cybersecurity board itself, which was first assembled in 2015 under Kemp’s predecessor, Nathan Deal, is also getting a bit of a makeover. Its membership will now include David Allen, the state’s chief information security officer; Eric Toler, the executive director of the Georgia Cyber Center at Augusta State University; and the newly created position of the governor’s technology adviser. The heads of the state National Guard, Georgia Bureau of Investigation and Emergency Management and Homeland Security Agency will also sit on the cybersecurity board.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts