State Governors Dig in On Cybersecurity Strategies
Governors considered the challenges of cybersecurity during the winter meeting of the National Governors Association. The endeavor requires sufficient state attention, speakers told governors as they gave recommendations on how to better coordinate and develop strategies in fighting existing cyberthreats.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The gathered governors discussed the possibility of what Gov. Martin O'Malley, D-Md., called a “cyber 9/11,” which requires “a new level of vigilance,” he said. He credited the NGA cybersecurity resource center developed in recent months as a positive step NGA had taken to address cybersecurity concerns. The Department of Homeland Security briefed governors in a closed session Sunday on cyberthreats. Cyberattacks have the potential to disrupt multiple state agencies and multiple levels of government, said Gov. Brian Sandoval, R-Nev., who pointed to a fall National Association of State Chief Information Officers report suggesting states aren’t ready for such attacks.
"The national intelligence estimate ... has concluded -- and we can say this in an open meeting -- that there is a pandemic of foreign espionage going after our companies, our research institutions throughout the country,” said Richard Clarke, a former national security official and author of Cyber War. “It’s a quiet pandemic but it’s a pandemic.” Cybersecurity intrusions have cost the U.S. $300 billion in lost research and development, Clarke said Saturday, costing the U.S. its global competitive edge. Three crucial dimensions of the cyberthreat manifest in crime, espionage and war, he said.
Michigan faces “a barrage” of attacks daily, said Dan Lohrmann, Michigan chief security officer, describing in 2012 the removal of 31 million pieces of malware from incoming emails, the halt of over 142 million website attacks and of 24 million network scans. “The threat is real,” he said. “We see it daily in Michigan, as does every other state in the nation.” Two American Legislative Exchange Council task force directors credited efforts of states such as Michigan as well as Virginia in a Friday Wall Street Journal op-ed on the topic (http://on.wsj.com/V1icZR). David Hannigan, chief information security officer of Zappos, briefed governors on how to develop and execute strategies for dealing with attacks he viewed as inevitable and potentially happening without their knowledge. The real reason for the vulnerabilities comes down to people “not doing their jobs,” he said.
"Think of yourself as a company,” Clarke told governors. States need to secure their data against cybercrime, he said. The regulatory role of governors is key when making sure entities protect themselves, as is governors’ role as emergency responders, he added. He also credited their roles as law enforcement agencies and as education leaders, with influence over people’s training at state universities. “You need to begin with a strategy,” he told them. O'Malley committed to examining the states and coming up with best practices and policies going forward.