Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:10 PM
Connect Directly

National Governors Association Seeks Higher Profile on Cybersecurity

NGA's new chairman Virginia Gov. Terry McAuliffe says states can play a pivotal role in cybersecurity, including emergency response, workforce development and protecting health care data.

Most people don’t think of state governments as the focal point for combating high-profile hacks or improving cyber security, but Virginia Gov. Terry McAuliffe aims to change that.

In the past few days, McAuliffe, the new Chairman of the National Governors Association, has unveiled his 2016-2017 chair’s initiative, Meet the Threat: States Confront the Cyber Challenge, and held a roundtable on the intersection of cyber security and health care in Fairfax, Va.

Democratic Gov. McAuliffe has been a leader in working for states to have an increased role in cybersecurity. He’s consistently pointed out that health care records are held at the state level and state governments also hold the state tax records of citizens.

“It’s the Governor’s responsibility to keep their citizens safe,” he said at the National Governor’s meeting in Iowa last week. “We have to protect our businesses and protect people’s personal information.”

Gov. McAuliffe added that since January 1 of this year, the state of Virginia had experienced 53 million cyber attacks – that’s roughly four attacks every second.

The new NGA cyber initiative seeks to have states develop strategies to strengthen cybersecurity practices in five focal areas: health, education and workforce development, economic development, public safety and critical infrastructure.

“Workforce development is an important area,” said Gov. McAuliffe. “We have 17,000 cyber jobs open in the state of Virginia alone and the starting salaries are $88,000.”

Gov. McAulifee adds that the cyber security industry can be a catalyst for economic growth. For example, 650 cyber security companies are based in Virginia and the state estimates that cyber security jobs will increase 25 percent by 2022.

Virginia Secretary of Technology Karen Jackson added that once Gov. McAuliffe took office two years ago the state formed a cybersecurity commission that focused on five areas: economic development, education and workforce development, public awareness, cyber crime and infrastructure.

Jackson said a number of important pieces of legislation came out of the commission include:

  • The job description of agency heads explicit states that they are responsible for data protection.
  • The state’s cyber security plan can no longer be accessed via a FOIA request.
  • The Secretary of Technology can now go into a closed meeting to brief officials on cyber plans and specific cyber threats.

Along with the legislation, Jackson added that the Virginia National Guard has been going into municipal governments across the state to conduct cyber assessments. To date, three have been completed, one is under way and six are planned for the upcoming fiscal year. 

Timothy Blute, program director in the NGA’s Homeland Security and Public Safety Division, added that other states are also becoming more active in cybersecurity.

For example, Michigan has developed a detailed Cyber Disruption Response Plan that was released in the fall of last year. And the Washington State Military Department has teamed up with the state’s Emergency Management Division to develop a formal Cybersecurity Program.

Blute said the NGA also plans to expand its Resource Center for State Cybersecurity, a website that will serve as a clearinghouse for state IT executives and other officials to learn more about IT security and share best practices.

Over the next year, Gov. McAuliffe will host several regional summits that will bring together policy leaders from state and federal agencies, along with private sector experts. These summits will culminate with a national meeting on cybersecurity in Virginia in April 2017.

Related content:


Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-08-22
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
PUBLISHED: 2019-08-22
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
PUBLISHED: 2019-08-22
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
PUBLISHED: 2019-08-22
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
PUBLISHED: 2019-08-22
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.