State Notebook

摘要

Governors need to establish a statewide governance structure to prepare for, respond to and preventncyberattacks, said the National Governors Association in a paper presented to Congress Sept. 27 (http:/bit.ly/19CNNUU). In many states, chief information security officers (CISOs) are responsible for developingnand carrying out information technology security policies, and they have limited responsibility overnstatewide cyber networks, said NGA. The sharing of cyberthreat information with the private sector andnlocal governments is handled by the state homeland security agencies, which is “further complicating thenoverall cybersecurity governance structure,” said NGA. Governors can grant their chief information officersnor CISOs the authority to “develop and steer a coordinated governance structure ... that can greatlynimprove coordination and awareness across agencies that operate statewide cybernetworks,” said the paper.nStates need to do risk assessments to identify information assets, "model different threats to those assets"nand allow for planning to conduct those threats, said NGA. Hands-on activities and exercises arenneeded as part of the assessments to establish “sound business practices and use existing resources,” saidnthe paper. States must monitor threats to mission-critical systems with technologies and business practicesnthat will “identify potential threats, track all stages of cyber attacks in real time, and offer mitigationntechniques and options for any resulting loss or damage,” said NGA. The NGA Resource Center for StatenCybersecurity will issue a series of reports on actions governors can take on critical areas in the mid andnlong term over the next year, said the paper. NGA will lead efforts through the Council of Governors toncollaborate with the departments of Defense and Homeland Security on how the National Guard can benused to protect both state and federal efforts.