National Governors Association Seeks Higher Profile on Cybersecurity

NGA’s new chairman Virginia Gov. Terry McAuliffe says states can play a pivotal role in cybersecurity, including emergency response, workforce development and protecting health care data.

Steve Zurier, Contributing Writer, Dark Reading

July 20, 2016

3 Min Read

Most people don’t think of state governments as the focal point for combating high-profile hacks or improving cyber security, but Virginia Gov. Terry McAuliffe aims to change that.

In the past few days, McAuliffe, the new Chairman of the National Governors Association, has unveiled his 2016-2017 chair’s initiative, Meet the Threat: States Confront the Cyber Challenge, and held a roundtable on the intersection of cyber security and health care in Fairfax, Va.

Democratic Gov. McAuliffe has been a leader in working for states to have an increased role in cybersecurity. He’s consistently pointed out that health care records are held at the state level and state governments also hold the state tax records of citizens.

“It’s the Governor’s responsibility to keep their citizens safe,” he said at the National Governor’s meeting in Iowa last week. “We have to protect our businesses and protect people’s personal information.”

Gov. McAuliffe added that since January 1 of this year, the state of Virginia had experienced 53 million cyber attacks – that’s roughly four attacks every second.

The new NGA cyber initiative seeks to have states develop strategies to strengthen cybersecurity practices in five focal areas: health, education and workforce development, economic development, public safety and critical infrastructure.

“Workforce development is an important area,” said Gov. McAuliffe. “We have 17,000 cyber jobs open in the state of Virginia alone and the starting salaries are $88,000.”

Gov. McAulifee adds that the cyber security industry can be a catalyst for economic growth. For example, 650 cyber security companies are based in Virginia and the state estimates that cyber security jobs will increase 25 percent by 2022.

Virginia Secretary of Technology Karen Jackson added that once Gov. McAuliffe took office two years ago the state formed a cybersecurity commission that focused on five areas: economic development, education and workforce development, public awareness, cyber crime and infrastructure.

Jackson said a number of important pieces of legislation came out of the commission include:

  • The job description of agency heads explicit states that they are responsible for data protection.

  • The state’s cyber security plan can no longer be accessed via a FOIA request.

  • The Secretary of Technology can now go into a closed meeting to brief officials on cyber plans and specific cyber threats.

Along with the legislation, Jackson added that the Virginia National Guard has been going into municipal governments across the state to conduct cyber assessments. To date, three have been completed, one is under way and six are planned for the upcoming fiscal year. 

Timothy Blute, program director in the NGA’s Homeland Security and Public Safety Division, added that other states are also becoming more active in cybersecurity.

For example, Michigan has developed a detailed Cyber Disruption Response Plan that was released in the fall of last year. And the Washington State Military Department has teamed up with the state’s Emergency Management Division to develop a formal Cybersecurity Program.

Blute said the NGA also plans to expand its Resource Center for State Cybersecurity, a website that will serve as a clearinghouse for state IT executives and other officials to learn more about IT security and share best practices.

Over the next year, Gov. McAuliffe will host several regional summits that will bring together policy leaders from state and federal agencies, along with private sector experts. These summits will culminate with a national meeting on cybersecurity in Virginia in April 2017.

Related content:


Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

About the Author(s)

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights