Attn. incoming governors: On cybersecurity, you’re not alone
A casual glance at the daily news underscores that the work of cybersecurity is never done. Computer and software vulnerabilities continue to creep into every aspect of government and private life. Cyber criminals and foreign adversaries are persistent. But by fostering leadership at the state level, and building partnerships between government and private industry, we can meet this threat, and in time, beat it.
In January, 21 new governors will assume office. Many are likely to be struck, as we were, by the untold volumes of sensitive data and critical services that are entrusted to them. As governors across the nation work to address gaps in cybersecurity, they can look to the National Governors Association Resource Center for State Cybersecurity for support. Since Governor Snyder co-founded it in 2012, this unique, nonpartisan resource, which we chair, has delivered real results for citizens by serving as a clearinghouse of promising practices in state-level cybersecurity.
It is natural that Michigan and Louisiana share a place at the forefront of state-level cybersecurity. Michigan has been a leader in cyber innovation for many years. Since 2012, Michigan has hosted the annual North American International Cyber Summit in Detroit, convening internationally recognized experts on topics such as creating cybersecurity jobs, prosecuting cyber criminals and conducting international cyber exercises. Michigan also is known for its sophisticated cyber disruption response planning. For instance, Gov. Snyder signed a law to codify the Michigan Civilian Cyber Corps, a first-in-the-nation model akin to a volunteer firefighting unit that can respond to major cyber events. Supporting this effort is the Michigan Healthcare Cybersecurity Council, which provides a forum for Michigan hospitals to share information on cyberattacks and the best methods for defeating them. Recently, Michigan enacted legislation shielding certain cybersecurity-related information from public records requests, preventing cyber criminals from discovering cybersecurity plans.
Down in the Bayou, Louisiana also has been busy shoring up its cyber defenses. The state transformed its entire statewide computer system, eliminating whole categories of security weaknesses and allowing state defenders to focus resources on the most dangerous cyber threats. To further combat these threats, Gov. Edwards established a cybersecurity commission to bring state-of-the-art cybersecurity technology from the private sector into government. The commission also will solidify Louisiana’s position as a hub for cybersecurity innovation by fostering new educational opportunities for the next generation of cybersecurity professionals. The state will build on successes like the partnership between the Louisiana National Guard and Louisiana State University, where the Guard is training to protect the electric grid, gas pipelines, and vital elements of our infrastructure.
The good news is that we are not alone in our efforts. Other states are innovating as well. Nevada Gov. Brian Sandoval created the Office of Cyber Defense Coordination. Indiana released a comprehensive cybersecurity strategy this month to enhance its protection of private critical infrastructure in addition to state networks. Colorado activated its National Guard during a cyberattack this year on its Department of Transportation systems. And Texas, Wyoming and Virginia recently increased penalties for cyber criminals.
Replicating these types of initiatives and progress across all states is the chief objective of the Resource Center. This year, NGA launched the Policy Academy on Implementing State Cybersecurity, choosing Indiana, North Carolina, West Virginia and Wisconsin to spend a year designing innovative cybersecurity programs, turning plans into practice and producing best practices for all governors.