Iowa Governor Terry Branstad has released the state’s first ever cybersecurity strategy. On Dec. 21, 2015, Gov. Branstad signed Executive Order 87 which directed executive branch agencies to work together to develop the Iowa Cybersecurity Strategy by July 1, 2016. The strategy was recently finalized and is now available to the public.
The strategy primarily focuses on lifeline critical infrastructure sectors, such as energy, transportation, and communication, and state government as it relates to the protection of digital government services and citizens.
Iowa’s Chief Information Officer Bob Von Wolffradt led the effort to develop the strategy alongside the Department of Public Safety, Department of Homeland Security and Emergency Management, the Iowa Communications Network, and the Iowa National Guard.
In all the strategy provides a series of recommendations that will fortify the state’s defenses against cyberattack. Those recommendations include taking risk assessments of critical infrastructure, training state employees on cybersecurity and creating public/private partnerships with the security industry. The plan also includes a push for STEM education and training programs in Iowa in order to create a more qualified local labor pool.
More states are developing strategic cybersecurity response plans as attacks against critical infrastructure like utilities become more common. However, most of these plans – if they exist – are new and focus more on awareness than strong defense. Every state publishes an annual IT plan, but the way each state treats cybersecurity is different.
At the federal level, the Obama Administration has released the Cybersecurity National Action Plan which can act as a guidebook for states to follow. The National Association of State CIOs (NASCIO) has also recently released its guidebook for cyber disruption response at the state level.