Governors from states across the country put the spotlight on cybersecurity at an annual gathering in Washington on Saturday.
Virginia Gov. Terry McAuliffe (D) hosted a session at the National Governors Association winter meeting to discuss the “serious cybersecurity issues” facing the nation and how states need to improve their defenses against cyber threats.
“Cybersecurity is critical to each and every governor,” said McAuliffe, who noted that Virginia was targeted by 86 million cyberattacks last year. “We have a wealth of information that every single day people are trying to get in and get our information through cyber threats and cyber criminals.”
The governors heard testimony from a panel including John Carlin, former assistant attorney general for the Justice Department’s national security division; Vinton Cerf, vice president and chief internet evangelist for Google; and Mary Galligan, managing director at Deloitte & Touche LLP.
“We are not where we need to be,” Carlin, who is now a partner at Morrison Foerster, told the governors. “There is no internet-connected system that is safe from the dedicated nation-state adversary or sophisticated criminal group if they’re determined to get in right now.”
“We’re just at the beginning of this conversation where people are treating it as the risk that it is,” Carlin added later.
Saturday's session was one of two events at the winter conference focusing on cybersecurity. There will also be a cybersecurity briefing at the U.S. Capitol building on Monday afternoon, before the conclusion of the four-day meeting.
The focus on cybersecurity comes in the wake of both the intelligence community’s assessment about Russia’s cyber intrusions in the U.S. presidential election and concerns in states across the country about the security of their voting systems.
Nearly all 50 U.S. states asked the Department of Homeland Security for help securing their voting systems in the lead-up to the presidential election last November, following reports that systems in Illinois and Arizona had been breached.
The U.S. government and organizations in the private sector have suffered devastating cyber breaches in recent years, including the massive Office of Personnel Management computer breach revealed in 2015 in which over 20 million Americans had their personal data stolen.
McAuliffe made cybersecurity the focus of his chairmanship of the National Governors Association last July.
Under McAuliffe’s leadership, the NGA has been providing cybersecurity resources for states and holding roundtables to secure systems in the healthcare sector and other critical infrastructure.
The association held its first regional summit on cybersecurity in Boston in October and has set up a “cyber center” to help states secure infrastructure and thwart cyber threats.
McAuliffe noted Saturday that states have made some progress on cybersecurity, such as building foundations to pursue investigations into cybercrime. At the same time, he said that states need to improve how they assess and safeguard critical infrastructure vulnerabilities, implement the NIST cybersecurity framework and develop “strategic plans” for how to tackle cybersecurity.
McAuliffe has been outspoken about cyber threats and the need for states to work together and with the private sector to bolster their cyber defenses.
Earlier this month, he announced a new partnership between Amazon and Virginia’s cybersecurity education initiative to support efforts to strengthen the state’s cyber workforce.
McAuliffe on Saturday underscored the need for more cybersecurity workers, noting that there are currently 36,000 unfilled cybersecurity jobs in his home state.
“These jobs are not going away and they are continuing to grow,” he said.