In an effort to step up Iowa’s cyber defenses, Gov. Terry Branstad ordered several agencies to develop a cybersecurity strategy for the state on Monday.
The state’s Office of the Chief Information Officer, the Homeland Security and Emergency Management Department, the state Communications Network, the National Guard, the Department of Public Safety, and other agencies and stakeholders will work together to develop the plan, according to the order. They must also educate the public on cybersecurity, and work with the private sector and educational institutions on how to implement best practices.
Additionally, the order requires the multiagency group to find grade school and college-level educational programs designed to foster a more robust cybersecurity workforce in the future, and to re-evaluate and update the state’s emergency response plan to include a response to cyberattacks that could affect critical infrastructure.
State Chief Information Security Officer Jeff Franklin told StateScoop Tuesday that input from each agency would be critical to developing a plan.
“Each of these agencies has their own swim lane when it comes to cybersecurity, but where it overlaps is anything having to do with critical infrastructure, and that’s key to whatever strategy we put together,” said Franklin, who added that his office would coordinate the efforts to develop a strategy. “This launches us into the next phase and gives us some leadership and gives us some authority behind it.”
The partnership will allow each representative to tap into his or her department’s strengths, Franklin said.
“We see cyber incidents. Every day we get attacked, and every day we respond. To date, knock on wood, they haven’t risen to this critical level,” Franklin said. “What’s key to us is to get those stakeholders involved as well. We’re focused on protecting our systems, the delivery of government services and records, but Homeland Security’s focus is working with the counties, and emergency management, and responding, so maybe cyber isn’t their number one area of expertise, but it’s getting there, and that’s why that partnership is key.”
In the order, Branstad said that the state was “becoming increasingly reliant on technology, which exposes our computer networks and information systems to the risk of cyberattacks,” and that bolstering defenses was a top priority for his administration.
“I know how important cybersecurity is to our state’s posture,” Branstad said in a release announcing the order.
The order builds on a December 2014 effort by Branstad to form a state cyber working group of state agencies, federal and private sector members to find ways to prevent, detect, respond to and recover from cyber threats in the state. The group’s efforts, which included input from the FBI, the U.S. Department of Homeland Security and the Multi-State Information Sharing and Analysis Center, are the foundation for Branstad’s executive order, according to the release.
But for Franklin, what distinguishes this new group is its increased emphasis on collaboration.
“A lot of the discussions have been around how do we work together and where we can find that collaboration,” Franklin said.