The state of state cybersecurity

Just last Friday, at the annual meeting of the National Governors Association, Minnesota’s Governor Mark Dayton added his state’s name to 37 others in targeting cybersecurity a top priority, according to an article in the Minneapolis Star Tribune.

The article pointed out that Minnesota “state agencies fend off approximately 3 million cyberattacks daily.”

Minnesota’s pledge involved signing up to “A Compact to Improve Cybersecurity.” The compact, reported the Tribune involvement an agreement to “develop or build upon statewide plans to combat cyberattacks against IT networks and to protect both personal and government data shared on state systems.”

According to statescoop, this was the culmination, though not the conclusion of “a yearlong initiative spearheaded by Virginia Governor Terry McAuliffe, the National Governors Association’s outgoing chair.

As McAuliffe stated in a press release, “The goal of my initiative as NGA chair was to elevate the importance of cybersecurity on every governor’s agenda. To do that, we had to highlight why cybersecurity was more than just an information technology issue. I am proud that, throughout the last year, we have successfully engaged governors and their states on strengthening their cyber protocols and recognizing that cybersecurity is a technology issue, but it’s also a health issue, an education issue, a public safety issue, an economic issue and a democracy issue.”

All of this sounds like good news to us. For a long while, we’ve been writing articles citing cybersecurity as one of the biggest issues confronting the states. In fact, we’ve repeatedly complained that people view state’s efforts to control cyber attacks as exclusively an issue of privacy — when we fear that a major breach could cost lives and millions of dollars.

But even with the progress made at the NGA session, a question still stands in our minds: Why haven’t the other 13 states joined in?