Governor Terry McAuliffe (D-Virginia), Chair of the National Governors Association (NGA), delivered earlier this month, a keynote address on the role of states in strengthening the nation’s cybersecurity to protect critical infrastructure and personal data.
“By 2020, 200 billion networked devices are expected to be connected across the globe,” McAuliffe said to an audience of state officials and business leaders in Silicon Valley. “Domestic and foreign actors target sensitive information and systems that, if compromised, could have significant economic and political consequences, and result in serious damage to our vital infrastructure.”
“For far too long, cybersecurity has been seen as an information technology issue that requires technical solutions,” McAuliffe added. “Through my initiative, I have sought to highlight that cybersecurity is a whole-of-state issue that affects every level of government and every facet of our daily lives.”
McAuliffe’s comments were part of the second regional cybersecurity summit (the first in Boston) tied to his NGA 2016-2017 Chair’s Initiative, Meet the Threat: States Confront the Cyber Challenge. The initiative focuses on developing state strategies for strengthening cybersecurity practices and bringing together policy leaders from every state, as well as private sector experts and federal partners, to highlight innovative practices and identify ways in which state-driven solutions can be replicated nationwide.
NGA announced in April 2016 that five states – Connecticut, Illinois, Louisiana, Nevada and Oregon – would participate in a policy academy on developing and implementing comprehensive cybersecurity strategies. The NGA policy academy is an interactive, team-based, multi-state process in which a number of states develop and implement a plan to address a complex public policy issue. Participating states receive guidance and technical assistance from NGA staff and faculty experts, as well as consultants from the private sector, federal agencies, research organizations, and academia.
Illinois, as a beneficiary of this policy, has developed a new cybersecurity strategy. On Tuesday, Governor Bruce Rauner (R-Illinois) and the state’s Department of Innovation & Technology (DoIT) announced a comprehensive state cybersecurity strategy as an important step toward the governor’s vision for a cyber secure Illinois. “States are constantly targeted and security threats pose daily risks to our ability to serve taxpayers and protect critical and confidential information,” Rauner said. “When I came into office our computer systems were inefficient and broken. We are trying to change that and ensure a secure Illinois. Cybersecurity is not simply an IT issue, it is a public safety issue and we will do all we can to protect our state.”
The plan outlines five strategic goals: protecting the state of Illinois information and systems, reducing cyber risk, best-in-class cybersecurity capabilities, enterprise approach to cybersecurity, and a cyber secure Illinois.
“The statewide cybersecurity strategy has been strengthened through guidance and support from state agency leaders and security professionals, the state’s public safety leadership and open collaboration with key public and private sector partners,” said Kirk Lonbom, DoIT’s Chief Information Security Officer. “Our progress in cybersecurity is being accelerated through our many alliances and the strong executive support of Governor Rauner, his cabinet and other key state leadership.”