Letter from NGA leadership (Governor Bullock and Governor Hogan) to the Department of Homeland Security on how the Department can support state efforts to strengthen their cybersecurity posture.
April 18, 2019
Mr. Mike Miron
Homeland Security Advisory Council
Department of Homeland Security Mailstop 0385
245 Murray Lane SW
Washington, D.C. 20528-0385
Dear Mr. Miron and the U.S. Department of Homeland Security’s Homeland Security Advisory Council:
On behalf of the National Governors Association (NGA), please find below recommendations for enhanced state cybersecurity as requested by the U.S. Department of Homeland Security’s (DHS) Homeland Security Advisory Council (HSAC).
Last year, NGA’s Center for Best Practices (NGA Center) briefed the Homeland Security Advisory Council (HSAC) Cybersecurity Subcommittee on state cybersecurity trends. The discussion covered state challenges and corresponding cybersecurity activities, such as:
- Building workforce development initiatives that retain current talent, recruit from a diverse field of applicants, and develop the next cadre of cybersecurity workers;
- Creating governance bodies that formalize strategic partnerships between state, federal, and private partners;
- Developing and implementing statewide strategies that detail cybersecurity goals and objectives, with measurable outputs and outcomes, that extend beyond the protection of state IT assets; and
- Institutionalizing and exercising disruption-response plans that emphasize a whole-of-state approach by incorporating the National Guard, emergency management agencies and private sector partners, among others, to protect critical infrastructure.
Following the presentation, the HSAC asked the NGA Center to submit recommendations on how DHS can support state efforts to strengthen their cybersecurity posture. The NGA Center would like to propose the following steps for Acting Secretary McAleenan and the HSAC to consider:
- Ensure Dedicated Funding. DHS should allocate new funds through current or new grant mechanisms that give states discretion in using those funds to enhance their cybersecurity. This will allow states to implement strategic initiatives identified in their cybersecurity strategies while balancing other funding priorities and state-specific considerations.
- Provide Cybersecurity Technical Assistance. DHS should consider creating technical assistance programs through national organizations to assist states with implementing DHS priorities, sharing best practices, and collaborating across jurisdictions. This will ensure that states are implementing national guidance and best practices in a standardized and effective fashion, while taking their respective needs into consideration.
- Disseminate Additional Cybersecurity Guidance. DHS should produce implementation guidance for all appropriate state stakeholders on current and future DHS cybersecurity policies and programs. One such example could be guidance or technical assistance on how to enhance a state disruption response plan in line with the National Cybersecurity Incident Response Plan. Another would be guidance on how state-level information-sharing activities can best integrate with DHS and MS-ISAC information sharing programs. This will help states align their efforts with DHS’ cybersecurity vision and national objectives.
We thank the HSAC for providing us the opportunity to submit the preceding recommendations for Acting Secretary McAleenan’s review. Please direct any questions to Maggie Brunner, NGA Center Program Director, Homeland Security & Public Safety (firstname.lastname@example.org or 202-624-5364) or Mary Catherine Ott, Legislative Director, Homeland Security and Public Safety Committee, NGA Government Relations (email@example.com or 202-719-2867).
Governor Steve Bullock Governor Larry Hogan
Chair Vice Chair
National Governors Association National Governors Association