State-level cybersecurity policy could be changing. After a National Governors Association (NGA) cybersecurity initiative concluded in July, 38 governors signed a compact that pledges to protect state systems and data.
The NGA’s Meet the Threat initiative, which was spearheaded by the outgoing chair of the association, Virginia Governor Terry McAuliffe, created cybersecurity guidelines that can be applied universally across states. It also advised governors to institute cybersecurity governing bodies, organize computer crime units for law enforcement agencies, design cybersecurity education programs for staff, and coordinate state efforts within cities and counties.
Not just an information technology issue
In a press release, McAuliffe wrote: “The goal of my initiative as NGA chair was to elevate the importance of cybersecurity on every governor’s agenda. To do that, we had to highlight why cybersecurity was more than just an information technology issue. I am proud that, throughout the last year, we have successfully engaged governors and their states on strengthening their cyber protocols and recognizing that cybersecurity is a technology issue, but it’s also a health issue, an education issue, a public safety issue, an economic issue and a democracy issue.”
The NGA’s push for cybersecurity reform marks a rare case of state-level action. Previous discussions of cybersecurity laws have largely been done by federal government, which is developing a number of potential policies. The most prominent of these came after a hearing chaired by Wisconsin Senator Ron Johnson in June. He promised to write legislation to create an office that would review and streamline all cyber rules across government.
The Washington Examiner wrote: “If such legislation does emerge, it could become one of the chief vehicles for addressing cyber policy this year.”
However, the NGA’s compact shows that individual states are also taking an active role in cybersecurity rules. McAuliffe wrote: “Since the launch of my initiative,  governors have signed an executive order, legislation or announced a cybersecurity initiative. This has resulted in a dozen executive orders, 14 signed bills and 17 initiatives.”
Subscribe to our Daily Sentinel for all the latest cybersecurity news and advice.