Virginia will be the first state in the nation to establish a state-level information sharing and analysis organization, or ISAO, Gov. Terry McAuliffe announced Monday.
“Virginia’s ISAO is our logical next step [on cybersecurity],” McAuliffe said in a statement. The announcement gained added attention within the security industry, however, when Virginia’s Technology Secretary Karen Jackson announced the ISAO’s establishment at the RSA Conference in San Francisco on Monday, saying it “just makes sense.”
The announcement comes two months after President Barack Obama ordered that the U.S. Department of Homeland Security encourage states to create their own ISAOs.
“In order to address cyber threats to public health and safety, national security and economic security of the United States, private companies, nonprofit organizations, executive departments and agencies and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible,” Obama’s executive order reads.
The National Cybersecurity and Communications Integration Center, established in a presidential order in 2002, will engage in continuous, collaborative and inclusive coordination with ISAOs on the sharing of information related to cybersecurity risks and incidents, according to the executive order.
“With Gov. McAuliffe’s leadership of both the National Governors Association Homeland Security and Public Safety Committee, and the NGA Resource Center for State Cybersecurity, it just makes sense for Virginia to leverage our existing and future information sharing efforts by creating the first state-level ISAO,” Jackson said at the RSA Conference.
This is not the first White House-backed cybersecurity initiative that Virginia jumped quickly to support.
Last year, when the White House released the National Cybersecurity Framework, McAuliffe announced that the commonwealth would adopt it into its existing framework just hours after the initial announcement. The National Association of State Chief Information Officers also announced its support for the framework just a day after it was announced.
“Virginia has an award-winning cybersecurity program in place, but must continue to advance our ability to keep our families and businesses safe and make the commonwealth the national hub for the cybersecurity industry and the jobs that come with it,” McAuliffe said at the time.
Shortly after McAuliffe announced the adoption of the national framework, the governor signed an executive order to create “Cyber Virginia,” a name describing the commonwealth’s cyber efforts. Under “Cyber Virginia,” McAuliffe created the Virginia Cyber Security Commission, which was designed to bring together public and private sector efforts to make recommendations how how the state can be a global cyber leader.
McAuliffe said the new ISAO would be a way for the commonwealth to build on the successes of the already-established parts of the state’s cybersecurity enterprise. That includes “the work of the Virginia Cyber Security Commission, Virginia Cyber Security Partnership, Virginia Information Technologies Agency and the cybersecurity efforts of so many other public and private sector partners throughout the Commonwealth,” McAuliffe said.