Since 2015, seven states have publicly established or announced the creation of a state “cybersecurity center,” tasked with implementing key cybersecurity policies. Unlike state information technology (IT) security offices, these centers are tasked with responsibilities that extend beyond defending state networks. Based on their current roles and responsibilities, these centers can be divided into three categories: (1) integration centers that focus on information sharing and incident response; (2) centers with a workforce and education focus; and (3) centers with policy making authority. Although these centers are in various stages of implementing their priorities, other states should review why and how these centers were organized, and their sustainability, if they are considering creating their own center.
