State cybersecurity concerns – critical for governors under normal circumstances – have only intensified during the COVID-19 pandemic. Malicious cyber actors have a history of exploiting the confusion and fear surrounding crises, 1 which the current pandemic offers on an unprecedented scale. State agencies, critical infrastructure sectors, and the general public are experiencing waves of COVID-themed malicious cyber activity. The mass transition to remote work environments is a challenge for state networks while increasing their cyber vulnerability, providing threat actors even more opportunity. The stakes riding on states’ abilities to prevent and protect its systems, staff, and entities within the state from cyberattacks is immense. A successful cyberattack on state networks or critical infrastructure, especially healthcare facilities, would cripple its ability to respond to and recover from COVID-19.
This memo provides:
- Actions for Governors Looking to Bolster State Cybersecurity
- An Overview of the Threat Landscape Facing States:
- – Increased Cyber Activity on State and Local Infrastructure;
- – Telework Vulnerabilities;
- – Cybercrime Concerns for Citizens; and
- – Mis & Disinformation Campaigns.
In addition to the recommendations below, NGA strongly encourages states to adhere to the cybersecurity best practices recommended by NGA and national cybersecurity experts, including using a whole-of-government approach to cybersecurity, updating and familiarizing incident response and cyber disruption plans, and messaging and practicing proper cyber hygiene.
All NGA coronavirus memos can be found here, or visit Coronavirus: What You Need To Know for current information on the status of COVID-19 In The United States, a list of actions states/territories have taken to address both the public health and economic impacts, and policy resources.