Governors Of 38 States Sign Cybersecurity Compact

King & Spalding

As Governor Terry McAuliffe (D-VA) completed his term as Chair of the National Governors Association, he announced on July 14, 2017, that 38 governors had signed a compact to improve state cybersecurity. The compact was the culmination of Governor McAuliffe’s focus on cybersecurity as his main initiative during his year as Chair. He noted that his goal was to “elevate the importance of cybersecurity on every governor’s agenda” and demonstrate that cybersecurity was not only a technology issue, but also “a health issue, an education issue, a public safety issue, an economic issue and a democracy issue.” The compact itself states that “protecting citizens from cybersecurity threats” is now a central part of every governor’s basic duty to safeguard public safety. To meet this duty, the parties to the compact each agreed to move toward implementation of certain recommendations surrounding three major topics.

First, the governors agreed to build up their states’ cybersecurity governance. Recommendations to meet this goal include creating a cybersecurity governance structure, either through legislation or executive order, as well as the development of a statewide cybersecurity strategy focused on protecting a state’s critical infrastructure and IT networks. The compact recommends conducting a risk assessment to determine vulnerabilities and threats, potential consequences of attack, and avenues of mitigation.

Second, the governors agreed to prepare and defend their states from cybersecurity events by creating and exercising statewide cybersecurity disruption response plans. The compact recommends that each state create an information sharing framework between state homeland security, emergency management, and IT officials, as well as any managers of critical state infrastructure. Other recommendations to meet this goal include the creation of public communications plans for cyber events and the inclusion of National Guard response into cyber response plans.

Last, the governors agreed to grow the nation’s cybersecurity workforce. To do so, the compact recommends that states reclassify job descriptions for state cybersecurity positions to be in line with private sector practices. The compact recommends that governors work with colleges and universities to increase the availability of transferable, two-year cybersecurity degrees and to create programs to assign college students as cybersecurity interns to state agencies.

The full text of the compact, as well as the list of signatories, is available here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.