October is cybersecurity awareness month and newly appointed chair of the National Governor’s Association, Virginia Governor Terry McAuliffe, used today’s NGA regional summit to launch his new cybersecurity program Meet The Threat. Speaking to governors and representatives from 26 states at the summit currently underway in Boston, McAuliffe released a new program aimed at getting state government to take cybersecurity seriously.
As CivSource reported last month, new findings released at the National Association of State Chief Information Officers (NASCIO) Annual Conference show that more governors are aware of the importance of cybersecurity as an issue, but few are putting significant budget and resources behind it. According to the report, states are spending approximately 1-2 percent of their annual IT budget on cybersecurity. That’s compared to the federal government, which has increased its spend by 35 percent this year alone.
Those findings are not good enough for Governor McAuliffe. In his comments before the NGA today, he pressed state leaders to understand cybersecurity as a threat to overall security in their states and also as an opportunity to create new jobs and foster economic development. “Cybersecurity jobs are the jobs of the twenty-first century,” the governor said in an interview with CivSource. “In Virginia alone, thousands of these positions are unfilled. So we are focused on training people, working with our universities and employers, because we need people with these skills. These are jobs we can provide right now today.”
Since McAuliffe took office, Cybersecurity has been a key focus area for his administration. After many Virginia residents had their personal information compromised in a recent cyber attack, McAuliffe says he wanted to find new ways to ensure it wouldn’t happen again. “Governments have massive amounts of sensitive data, we have a responsibility to protect that data,” he contends. “In Virginia especially, we have a significant defense industry and a number of other high-value targets. There were 36 million cyber attacks attempted on targets in Virginia in 2014 alone and there are more every year. We can’t afford to ignore this issue.”
Over his tenure, McAuliffe has been successful at getting both budget allocations and bond issues for cybersecurity projects through a conservative legislature that balks at the idea of government spending. The Commonwealth now has cybersecurity training and research programs in most of its major colleges and universities. Virginia is also supporting cybersecurity startups through the MACH-37 accelerator program at Virginia’s Center for Innovative Technology. Additionally, in 2015, the governor created the nation’s first state-level Information Sharing and Analysis Organization (ISAO). ISAOs are intended to complement existing structures and systems that are used to share critical cybersecurity threat information across levels of government and industry sectors. The ISAO works with public and private entities to monitor cyber threats and vulnerabilities.
McAuliffe is using what he’s done in Virginia, along with best practices from other forward thinking states, as foundational documents for the Meet The Threat initiative. The NGA has created a website and forthcoming podcast series that provides access to checklists, executive order language, legislative ideas, and other support for state governments to create a cybersecurity plan. “Nothing riles up governors like finding out what other states are doing,” McAuliffe adds wryly. “I’ve said, we’ll give you the legislation we put forward – I’ll show my executive orders. I want to have the conversations about how to create centers of excellence for cybersecurity. In Virginia, we can be spending money and time building up protections, but if other states aren’t doing the same thing, attackers can just use those unprotected systems as an open door.”
As part of his Meet The Threat program, McAuliffe will be holding a series of regional summits like the one this week in Boston, to meet with NGA members and private sector stakeholders about how to improve cybersecurity nationwide. “This isn’t just another initiative,” he says. “We have created real deliverables. At the end of the year, I want governors to have gone through the checklist and be able to say they have a real plan for cybersecurity. It’s not only important as a protective measure but, technology and cybersecurity are the jobs of the future. Creating those jobs should be important to governors everywhere.”
**Image Source: Governor McAuliffe