Governors of 38 States Join a Cybersecurity Compact
Tuesday, August 15, 2017
cybersecurity bar, nga,

Related Practices & Jurisdictions
Print Mail Download i

On July 16, 2016, the chair of the National Governors Association (NGA), Governor Terry McAuliffe (D-VA), unveiled his 2016−2017 initiative, Meet the Threat: States Confront the Cyber Challenge. Over the past year, the initiative has raised awareness of cybersecurity issues on a state level, held roundtables to address industry-specific cybersecurity issues, and held regional summits to bring together policy leaders and private-sector experts. The initiative also has published resources specifically tailored to assist and educate governors and state legislators, including memos comparing and contrasting states’ cybersecurity governance bodies and cybersecurity centers; breakdowns of various state cybersecurity response plans; surveys of state cybersecurity budgets; and recommendations to address the cybersecurity of critical infrastructure − including health care infrastructure, energy infrastructure, and election infrastructure − the electric grid and public safety.

Since the launch of the initiative, “more than 30 governors have signed an executive order, legislation or announced a cybersecurity initiative,” McAuliffe said. “This has resulted in a dozen executive orders, 14 signed bills and 17 initiatives.”

On July 14, 2017, the initiative culminated with 38 governors signing A Compact to Improve State Cybersecurity. In a press release, McAuliffe stated that the NGA has “successfully engaged governors and their states on strengthening their cyber protocols and recognizing that cybersecurity is a technology issue, but it’s also a health issue, an education issue, a public safety issue, an economic issue and a democracy issue.”

With this compact, the 38 governors committed to review and move toward implementation of key recommendations “to protect their residents from cybersecurity threats” in three areas:

  • First, the governors agreed to enhance state cybersecurity governance, including the creation of a cybersecurity governance structure through executive order or legislation, development of a statewide cybersecurity strategy, and implementation of a risk assessment to identify vulnerabilities and threats.

  • Second, the governors agreed to prepare and defend their states from cybersecurity events through the creation of statewide response plans, organization of an information-sharing framework, incorporation of procedures for the use of the National Guard’s cyber capabilities and the development of public communications plans.

  • Third, the governors committed to growing the nation’s cybersecurity workforce, as the underpinning to successful cybersecurity policy is a competent and robust workforce. This includes partnering with colleges and universities to seek National Security Agency certification as Centers of Academic Excellence and to increase the availability of two-year cybersecurity degrees, creating an internship program for qualified college students to state agencies and placing veterans into cybersecurity certification programs or open positions within state agencies.

The commitment of 38 governors to the NGA’s cybersecurity goals demonstrates that states will continue to be a driving force in the evolution of U.S. data privacy and security laws and best practices, especially where the federal government has refrained from outlining a clear strategy at the state level. These changes to state governments and their cybersecurity practices will inevitably shape the industries related to critical infrastructure, which include the health care, energy, financial and telecommunications industries. Such businesses will need to navigate and comply with an increasing number of federal and state laws, standards and practices.

Businesses that work directly with state governments or otherwise rely on government contracts as a source of business should anticipate that any new cybersecurity initiatives may directly impact those contractual relationships. This could include, for example, imposition of greater corporate privacy policies and technical standards, legal liability for cybersecurity events, the requirement to maintain cyber liability insurance, and compliance with new and evolving consumer protection laws and regulations.

© 2024 Wilson Elser

Current Legal Analysis

More from Wilson Elser Moskowitz Edelman & Dicker LLP

Luxury Brands Assert Intellectual Property Rights Against Resellers
by: Stephen J. Barrett
Employment Tip of the Month – April 2024
by: Joshua Bachrach
Fourth Circuit Reverses $1 Billion Award for Vicarious Liability Claim for More than 10,000 Works
by: Leia Leitner
Nevada Rejects Patient’s Effort to Create New PSQIA Privilege Waiver
by: James V. Lovett
Nevada Supreme Court Reverses $48 Million Verdict, Concludes Hospitals Do Not Owe Fiduciary Duty to Patients in the Provision of Medical Services
by: James V. Lovett
Disclosure upon the Death of a Client under Virginia Supreme Court Legal Ethics Opinion 1900
by: Matthew W. Lee
Accountants’ Role in the Beneficial Ownership Reporting Requirement Under the Corporate Transparency Act
by: Cynthia S. Butera , Kevin Shaftan
Relationships Are “Special” – But Insurance Brokers Ought to Be Wary
by: Christopher Martin , Benjamin Mehic
Oregon Reinstates $20 Million Subrogation Case
by: Michael Lowry
Nevada Reaffirms Inquiry Notice Standards for Medical Malpractice Statutes of Limitations
by: James V. Lovett

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins