From February 24th to the 27th, 47 Governors attended the annual National Governors Association’s (NGA) Winter Meeting. Attendees discussed a range of issues, including security issues such as the protection of the nation’s critical infrastructure and natural resources and the role of state governments in cyber security.

(Cyber Security Concept Image/Marcos Tulio)

Virginia’s Governor Terry McAuliffe (D) led a session on cybersecurity as it pertains to critical infrastructure; this was prompted by repeated attacks on the cyber infrastructure of the U.S. national and state governments. These hacks include the 2015 breach of the Office of Personnel Management, which compromised the personal information of more than 20 million Americans, and the recent Russian cyber interference in the 2016 U.S. presidential election. On a state level, Governor McAuliffe noted that “Virginia was targeted by 86 million cyberattacks last year.” Further, compromised voting machines in Arizona and hacks in Illinois caused almost every state to request assistance from the Department of Homeland Security to secure voting systems. Governor McAuliffe announced an effort this weekend to bolster cybersecurity in Virginia by launching a partnership between Amazon Web Services and the Virginia Cyber Range in order to promote and enable cyber security education.

In order to help governors and state governments adapt to emerging cyber threats, the NGA provided resources and documents to help disseminate cyber security knowledge and best practices. These resources include documents outlining cyber security frameworks to secure critical infrastructure, as well as resources for specific sectors, such as healthcare or electricity. The governors heard testimonies from a panel of experts, ranging from Google Vice President Vinton Cerf to John Carlin, the former assistant attorney general for the Justice Department’s national security division, currently a partner at Morrison Foerster. These experts warned that the current level of security leaves the U.S. exposed, with Carlin explaining that “There is no internet-connected system that is safe from the dedicated nation-state adversary or sophisticated criminal group if they’re determined to get in right now.”

Further Sources and Reading:

  1. National Governors Association Cybersecurity Panel – CSPAN
  2. Governors put spotlight on cybersecurity – The Hill
  3. States Confront the Cyber Challenge – National Governors Association
  4. Resource Center for State Cybersecurity – National Governors Association
  5. 2017 NGA Winter Meeting – National Governors Association
  6. National Governors Association 2017 Winter Meeting – National Governors Association
  7. One Year After OPM Data Breach, What Has The Government Learned? – NPR
  8. The intelligence community report on Russian activities in the 2016 election – Washington Post
  9. Framework for Improving Critical Infrastructure Cybersecurity – National Institute for Standards and Technology
  10. Healthcare Sector Cybersecurity Framework Implementation Guide – Health Information Trust Alliance
  11. Electricity Subsector Cybersecurity Capability Maturity Model – Department of Energy
  12. Governor McAuliffe Announces New Strategic Relationship With Amazon Web Services to Expand Cybersecurity Education – State of Virginia