Strengthening cybersecurity boils down to three keys: the public, people, and partnerships.
That’s the message White House National Cyber Director Harry Coker Jr. delivered to NGA’s Cybersecurity Policy Advisory Network. The network will serve as a forum for governor’s offices to collaborate, share best practices, and develop policy solutions to combat ongoing challenges and emerging threats. Addressing cybersecurity policy advisors to governors, chief information security officers (CISOs), and other cybersecurity leaders from 23 states and territories at the network’s annual meeting, Coker addressed each of these three pillars. He detailed the state’s cybersecurity strategy and emphasized the impact that state policies and actions have on society. cyber security.
public
Coker noted that public awareness and action are essential. “Every American needs to know that this threat applies to both individuals and groups,” he said. “The public needs to know that we are under attack every moment of every day.”
Mr. Coker summarized several concerning trends included in the 2024 Report on the U.S. Cybersecurity Posture. Trends include evolving risks to critical infrastructure, ransomware, supply chain exploitation, commercial spyware, and artificial intelligence.
Cybercrime is on the rise, Coker said, stressing that ransomware attacks by nation-state and non-nation-state actors target “those least able to protect themselves in cyberspace.” These are what we call the “target rich and cyber poor.” This includes schools and hospitals.
Regarding artificial intelligence (AI), Coker offered a cautious assessment. “Like most technologies, there are pros and cons,” he explained. “We don’t want to run away from generative AI or AI in general. We want to take advantage of it, but we need to be calm.”
Key points to raise public awareness are: “Cyber knows no boundaries. What the public needs to know is that rural, suburban, interstate, it affects us all.”
people
With hundreds of thousands of unfilled cybersecurity positions, developing cyber talent is a top priority. Coker emphasized that the talent shortage “is not because we don’t have the talent.” “We need to better identify that talent, reach that talent, inspire, hire and retain that talent.”
He highlighted programs such as the “Service for America” campaign. This joint initiative, led by the Office of the Director of National Cyber Affairs (ONCD), the Office of Management and Budget, the Office of Personnel Management, the Department of Labor, and the Department of Veterans Affairs, aims to connect more Americans across the country. You can get a high-paying, meaningful cyber job. One of the central messages of this campaign is to “ensure the public knows that cybersecurity protects our country, cybersecurity increases economic prosperity, and cybersecurity drives innovation.”
partnership
“The federal government cannot and will not be successful in cybersecurity without partnerships with state, local, tribal and territorial governance, and without partnerships with the private sector,” Coker said. emphasized.
“People often forget that the private sector owns and operates much of our critical infrastructure,” Coker explained. “They are our mission partners, and we must support the owners and operators of critical infrastructure.”
Mr. Coker outlined several resources and services that federal agencies, such as CISA, provide to state partners, including the Protected Domain Name Service (PDNS), which is available free of charge to K-12 schools. ONCD has identified PDNS services as a common solution that all schools and districts should utilize to prevent ransomware and other cyber-attacks. PDNS services prevent your computer system from connecting to harmful websites and other dangerous areas of the Internet without you having to do anything. He encouraged the audience to refer their district to ONCD’s webpage for more information.
state spotlight
The Governor has implemented a number of strategies tailored to the state to achieve these priorities. This snapshot of four states shows just a few of the initiatives governors are leading in cybersecurity.
new york
Governor Kathy Hochul announces the appointment of a chief cyber officer and the establishment in 2022 of an integrated security operations center that will serve as the hub for joint local, state, and federal cyber efforts to provide a statewide view of the cyber threat landscape. did. In 2023, Governor Hochul will unveil the state’s first statewide cybersecurity strategy, clarifying agency roles and responsibilities, outlining how efforts and investments will combine into an integrated approach, and providing county and local It reiterated the province’s commitment to providing support to municipalities. Following the release of the Statewide Framework, the Governor will improve cybersecurity across the state by providing endpoint detection and response tools to more local governments and introducing attack surface management as a new shared service. announced the expansion of the state’s Cybersecurity Shared Services program. county. The Hochul administration also recently adopted new regulations to help New York hospitals establish cybersecurity policies and procedures.
north carolina
North Carolina’s statewide strategy includes an integrated cybersecurity task force. Officially established by Governor Cooper’s executive order in March 2022, the task force includes the state’s Office of Information Technology, Office of Emergency Management, National Guard, and Local Government Information Systems Association Cybersecurity Strike Team. Promote public-private cooperation to combat cyber threats to critical infrastructure. Adding to its arsenal, North Carolina also enacted a law banning ransomware payments by government agencies.
north dakota
Gov. Doug Burgum signed legislation in 2019 authorizing a central service approach to cybersecurity strategy across all aspects of state government, including state, local, legislative, judicial, K-12, and higher education. The state also adopted computer science and cybersecurity standards with the goal of “Every Student.” Any school. I am receiving cyber education. ” Based on this priority, North Dakota in 2023 passed legislation mandating the integration of computer science and cybersecurity education and content standards into K-12 school classrooms, making North Dakota the first state in the nation to Became the first state to require security education.
ohio
Gov. Mike DeWine issued an executive order in 2022 creating a new cabinet-level position, Cybersecurity Strategic Advisor, to guide the state’s cybersecurity efforts across agencies. Governor DeWine previously signed legislation creating the Ohio Cyber Reserve, a civilian volunteer cyber force under the command of the Adjutant General. In conjunction with the Ohio National Guard, the Ohio Cyber Sanctuary is organized as a regional team of trained and certified cybersecurity professionals across the state to respond to any cyber incident within Ohio. We are ready to deploy and respond. Ohio also complemented the Ohio Cyber Sanctuary with the Ohio Cyber Integration Center. The center is a cyber fusion center directed by the Ohio Department of Homeland Security, Department of Public Safety and co-located with the civilian staff of the Ohio Adjutant General. The center is the coordinating hub for incident response efforts in Ohio. Through CyberOhio, the DeWine Administration is developing free training and consultation services for local governments, as well as providing grants to support cybersecurity software and services to increase local government preparedness and resiliency. .
