The National Association of State Chief Information Officers is urging its members to put plans in place for how they’d handle cyberattacks on pieces of critical infrastructure, like power grids or water treatment facilities.
The trade association issued a “planning guide” Thursday, laying out how states can prepare for a so-called “cyber disruption,” which it defines as an event that “either causes a disaster, or is specifically launched by a perpetrator to coincide with a natural disaster.”
In a statement, New Mexico CIO and NASCIO President Darryl Ackley said the group envisions the guide serving as “both a practical implementation document and a call to action for states to develop state cyber disruption response plans.”
“We’ve provided guidance on how to get started and who needs to be engaged,” Ackley said.
The report is careful to distinguish between run-of-the-mill cyber incidents — stray attacks on state systems that state chief information security officers are traditionally charged with monitoring — and the more advanced attacks on infrastructure that can have “significant or even catastrophic effects” on governments, and require “a coordinated response from a whole host of organizations.”
[Read more: State CIOs call for IT procurement reform nationwide]
Due to the need for that high level of coordination, NASCIO’s analysts recommend that every state establish a “cyber disruption team” to detect these kinds of attacks and respond to them once they happen. The association suggests that the state CISO head up this team, but it recommends including representatives from all parts of the government, including the governor’s office and law enforcement agencies.
Beyond leading this team, the report suggests that the CISO also take the lead in laying out governance processes for any cyber disruption to clearly delineate what each state agency is in charge of managing to cut down on chaos in the midst of an attack.
NASCIO also calls on CISOs and their cyber disruption teams to maintain open lines of communication with other states, as well as with federal information sharing organizations and private sector firms to build a “collaborative network” that’s prepared for any major disruption.
Indeed, the analysts stress that “communication is possibly the most critical element of a cyber disruption response plan,” and they add that states should ensure their alternative communication networks (like emergency radio systems) can function even with the type of major grid failures that could stem from an attack.
But NASCIO also hopes to see states take steps to prevent these types of attacks from being successful, such as developing robust training programs for all state employees — not just those in IT departments — and conducting “proactive assessments” of the health of infrastructure networks and “the current threat landscape.”
“A proper defense and offense can not be formulated without understanding the enemy,” the analysts wrote. “The proactive assessment must include an ongoing vigilance of these threats and their underlying ideologies.”
Contact the reporter at firstname.lastname@example.org, and follow him on Twitter @AlexKomaSNG.