By John Guerriero, Cybersecurity Policy Analyst, National Governors Association
The National Governors Association (NGA) launched the 2021 Policy Academy to Advance Whole-of-State Cybersecurity to help states and territories develop, refine, and share best practices in cybersecurity governance, incident response, workforce development, critical infrastructure security, and local engagement and partnership. The 2021 Policy Academy is the latest in a series of collaborations between NGA and states on strengthening whole-of-state cybersecurity postures.
The NGA Center for Best Practices (NGA Center) chose five states for the 2021 initiative: Indiana, Kansas, Missouri, Montana, and Washington. Each state will work with the NGA Center through January 2022 on developing and implementing strategic action plans designed around its own specific priority areas:
Cybersecurity is an ongoing priority for governors and other elected officials, policymakers, business leaders, and citizens. Criminals and foreign adversaries continue to exploit software and supply chain vulnerabilities and human error to access confidential data, disrupt critical services and economic linkages, and endanger the public welfare.
Vinod Brahmapuram, chief information security officer for the State of Washington, said the Policy Academy initiative is near and dear to his heart. “As we have learned from multiple security threats over the past year, both nationally and in this state, an incident that impacts one organization can have cascading impacts for others,” Brahmapuram said in a recent post online. “We need to really unify the public sector, so that we are operating as one organization when it comes to sharing our expertise, knowledge, threat intelligence and resources.”
As part of the Policy Academy, NGA offers in-depth assistance to support the states’ strategic goals. Each state will build a multi-disciplinary team of local and state stakeholders and convene an in-state workshop to create an action plan for its specific focus area. NGA staff will work closely with the states in developing, refining, and implementing their strategic plans and offer regular coaching calls and opportunities for peer learning, including identifying common challenges and potential solutions. Concluding in January 2022, the Policy Academy will assist each state in accomplishing their strategic goals and producing outcomes and best practices for other states to look to as a national model.
“The opportunity to collaborate with other states to implement best practices and enhancements to advance our cybersecurity workforce will pay dividends by creating a job pipeline while assuring Montanans their data is protected,” Misty Ann Giles, director of administration for the State of Montana, said recently in a news release.
In 2012, the NGA Center created the Resource Center for State Cybersecurity, currently co-chaired by Louisiana Governor John Bel Edwards and Arkansas Governor Asa Hutchinson, to deliver technical assistance and help governors confront these threats and promote a mature cyber risk posture in their states. In addition to conducting the Policy Academy, the Resource Center issues cybersecurity publications, provides ad hoc state assistance, and holds a monthly webinar series and an annual National Summit on State Cybersecurity.
NGA has been supporting governors on cybersecurity since 2016. In 2019, the association engaged with seven states for a whole-of-state cybersecurity workshop series and conducted a six-state Policy Academy on Election Cybersecurity. In 2020, it worked with seven states in a series of workshops to enhance whole-of-state cybersecurity.