Northam proposes $60M for cyber as Virginia agencies deal with hacks

The outgoing governor introduced his budget days after a ransomware attack disrupted the state legislature.
Virginia Gov. Ralph Northam speaks during a news conference on June 4, 2020 in Richmond, Virginia. (Zach Gibson / Getty Images)

Virginia Gov. Ralph Northam on Thursday proposed a two-year budget that includes a $60 million increase in the commonwealth’s cybersecurity funding.

Northam’s proposal for the 2022-2024 budget cycle has been in the works for months, but it also came in the wake of two fresh cyberattacks against state-government entities. The Virginia General Assembly, which opens its new session Jan. 12, is trying to recover from what officials called an “extremely sophisticated” ransomware that’s disabled many of the legislature’s IT systems, including those used to draft and publish legislation, like the budget.

Meanwhile, the Virginia Department of Behavioral Health and Developmental Services is one of several state and local government agencies around the country — along with numerous businesses — that are suffering the fallout of a ransomware attack against Ultimate Kronos Group, a major provider of payroll and human resource management services.

“[W]e’ve also got to protect our house — so this budget includes over $60 million for cybersecurity upgrades across state government,” Northam said during his budget address Thursday.


Most of the new funding will go toward the Virginia Information Technologies Agency, which serves the commonwealth’s executive-branch agencies. While the legislature has its own IT branch, VITA is reportedly assisting lawmakers in restoring their systems from the attack, which is also under investigation by state and federal law enforcement.

But the proposal from Northam, a Democrat elected in 2017, is likely to be altered by his Republican successor, Gov.-elect Glenn Youngkin, who’ll be responsible for getting the General Assembly to adopt a budget. In remarks to reporters in Richmond following Northam’s budget address, Youngkin, a former co-chief executive of the Carlyle Group, said the $60 million in cyber funding pitched by Northam is “wholly inadequate,” according to the Richmond Times-Dispatch.

While Youngkin also said he’s been briefed on the ransomware attack against the legislature, he has said little since his Nov. 2 election about who he plans to appoint to lead Virginia’s agencies, including VITA.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts