Ohio governor names cybersecurity strategic adviser, a ‘critical’ new role

Ohio Gov. Mike DeWine this week named Kirk Herath as his cybersecurity strategic adviser, a new position created to “prevent cyberattacks against state government.”

Herath, an adjunct professor of law at Cleveland State University and Ohio State’s Moritz College of Law, was also serving as chairman of CyberOhio, the state’s cybersecurity advisory board. He spent 32 years at Nationwide Mutual Insurance Company, retiring as a vice president, associate general counsel and chief privacy officer.

In a press release, Lt. Gov. Jon Husted called the new role “critical to help keep our state safe.” The position was created by an executive order in which DeWine cites several statewide cybersecurity initiatives, including CyberOhio and the Ohio Cyber Reserve, a civilian volunteer group commanded by the state’s adjutant general.

The order calls for a “unified approach” among state agencies to guide the state’s cyber initiatives. The main roles of the cybersecurity strategic adviser are to lead that coordination, protect the state’s data and infrastructure, develop a cyber-response plan, develop uniform reporting standards and support state agencies, local governments and academic institutions throughout the state. 

Herath is also directed to work with the Ohio Department of Public Safety, its Department of Homeland Security and other agencies, the National Guard, the Office of Information Security and Privacy, the Ohio Department of Higher Education and other agencies involved in shoring up the state’s cybersecurity. 

The order notes the adviser “may also develop plans to engage the private sector in its statewide efforts of cyber protection activities and for workforce development in Ohio.”

Other governors have created similar roles. Most recently, New Mexico Gov. Michelle Lujan Grisham in March named a senior adviser for cybersecurity and critical infrastructure, a reaction to “potentially crippling Russian cyberattacks.”