States taking steps to bolster cybersecurity

States taking steps to bolster cybersecurity

Two governors this week took executive action to improve their states’ cybersecurity defenses. 

In California, Gov. Jerry Brown (D) outlined a cybersecurity ecosystem designed to facilitate cooperation between the private and public sector. 

ADVERTISEMENT

Brown called for the creation of both a cyber-reporting center under the state’s Office of Emergency Services and a dedicated incident response team. 

The so-called California Cybersecurity Integration Center will act as the state’s hub for incident reporting, while the new Cyber Incident Response Team will coordinate between law enforcement and the private sector in the event of a breach — an ongoing tension as national lawmakers work to strike a balance between data privacy and law-enforcement access. 

“The governor’s order will strengthen the integration between cyberintelligence and law enforcement communities in California and will increase our ability to effectively prepare for, prevent and respond to cyberattacks,” an OES representative said in a statement. 

The announcement comes in the wake of a damning state audit that found California agencies weren’t adequately protecting sensitive data, such as Social Security numbers. 

“State leaders including the governor have recognized that cybersecurity is a real hazard for the state, our counties and cities,” Brad Alexander, a spokesman for the California Office of Emergency Services, told SF Gate

In Virginia, Gov. Terry McAuliffe (D) took a more targeted approach, mandating a strategic plan to address data security across state government. 

McAuliffe concentrated on state agencies’ defenses, rather than involve the private sector. 

The executive directive sets an Oct. 15 deadline for the Virginia Information Technologies Agency (VITA) to review the state’s risk management stance and provide recommendations for strengthening the state’s cybersecurity profile. The order also calls for VITA to conduct agency audits and present status reports in 2016. 

“Cybersecurity is a responsibility shared by every level of government,” Secretary of Technology Karen Jackson said in a statement. “These risk mitigation steps will allow the Commonwealth to take a more strategic approach to securing our systems and data.”