Virginia Gov. Terry McAuliffe has already taken a stab at improving cybersecurity across state governments, but now he’s calling on the federal government to help.
In a keynote at the VMware Public Sector Innovation Summit, produced by FedScoop and StateScoop, McAuliffe, a Democrat, called on Congress to take steps to bring political leaders together around cybersecurity.
“I have been very public in my displeasure with the Congress,” McAuliffe said. “I think this is the biggest threat that faces the United States of America.”
McAuliffe criticized Congress for not having a committee in either chamber dedicated exclusively to cybersecurity — instead, the responsibilities for oversight and legislation are split between many different panels. He also called on Congress to act on building a national plan for cybersecurity that includes states, cities, counties and the federal government.
“Put all the partisanship aside and come together to come up with a comprehensive plan,” McAuliffe said. “[States] need more funding to do what we need to do. We understand where we are collectively.”
Last month, at the National Association of State Chief Information Officers midyear conference, McAuliffe told an audience of state CIOs that they had to keep working to improve cybersecurity — even as the federal government lags behind.
In Virginia, McAuliffe touted the progress he has made on cybersecurity since he was elected in 2013. The Virginia governor cannot serve consecutive terms, so McAuliffe is not up for reelection in 2017.
In 2014, McAuliffe made Virginia the first state to publicly sign on to the National Institute of Standards and Technologies’ cybersecurity framework. A year later, he announced the creation of the first state information sharing and analysis organization via executive order.
When he took the helm of the National Governors Association in 2016, McAuliffe announced that his chairman’s initiative would be called “Meet the Threat” and focus on boosting cybersecurity preparedness across all 50 states and 5 territories.
But even if one state like Virginia takes the lead on cyber, McAuliffe said, that doesn’t mean the state is not susceptible to being rocked by a massive attack like the ones seen in recent years at the federal level and in states like South Carolina.
At the winter meeting of the National Governors Association, in early 2017, the group gave each governor in attendance a private, confidential cybersecurity scorecard to show governors where they needed to improve. Not only did this scorecard expose potential vulnerabilities in their statewide cybersecurity, but it also helped to clue-in governors on potential political risks around cybersecurity.
“We’ve got to take it to that next level. It is a threat I worry about every single day,” McAuliffe said. “I want to thank the public sector folks, the private sector folks — we cannot do this alone. At the end of the day, I tell our fellow governors, if you get hacked and you could’ve done something, you will pay a very large political price.”