Cybersecurity Awareness Month is observed each October as a national effort to promote cybersecurity awareness and encourage individual Americans as well as organizations, businesses, and state and local governments take proactive digital safety measures that help protect the nation from cyber threats.
This year, the Cybersecurity and Infrastructure Security Agency (CISA) announced “Building a Cyber Strong America” as the theme, which aims to highlight “the need to strengthen the country’s infrastructure against cyber threats, ensuring resilience and security.” The theme stresses the importance of protecting systems and services that Americans use daily, such as clean water and secure transportation and financial transactions, as these and other important services are under constant threat from cyber-attacks.
To help mark the annual observance, many Governors have issued Cybersecurity Awareness Month proclamations – including Illinois Governor JB Pritzker and Vermont Governor Phil Scott – to help increase public awareness about the role individual Americans can play to bolster cybersecurity within their own homes and communities. The proclamations also augment many of the actions Governors take on an ongoing basis to implement policies that seek to protect their constituents as well as state government and critical infrastructure.
State Spotlights
Recent examples from Arkansas, New Mexico, New York and Ohio help illustrate examples of cybersecurity policies Governors have been advancing in recent months.
Arkansas
In June, Arkansas Governor Sarah Huckabee Sanders announced an executive order focused on modernizing and enhancing efficiency, security and oversight of statewide information technology services. The executive order includes a directive to establish a dedicated, centralized cybersecurity office that will be responsible for “managing and coordinating all cyber risk management activities across the state; maximizing state cybersecurity resources; and developing and enforcing statewide cybersecurity governance standards, policies, and practices, ensuring compliance with state and federal regulations.”
New Mexico
New Mexico Governor Michelle Lujan Grisham signed an agreement in September between the state of New Mexico and the Defense Advanced Research Projects Agency to establish the Quantum Frontier Project, a new partnership designed to accelerate the development, testing, and validation of emerging quantum technologies. With the many connections between quantum computing and cybersecurity, Governor Grisham stressed “Quantum computing may prove to be the most consequential technology of this century for national security and breakthrough innovations.”
New York
In July, New York Governor Kathy Hochul announced an effort to safeguard New York’s water infrastructure by developing nation-leading cybersecurity regulations for water and wastewater systems alongside a new cyber grant program and technical assistance to bolster the security and resilience of water and wastewater systems.” Following a collaborative multi-agency development process directed by her 2025 State of the State, several state partners released proposed cyber regulations for water and wastewater systems for public comment. “Cyber attacks on critical infrastructure can have devastating impacts on communities, and we must act now to defend our water and wastewater systems with the same urgency and rigor we bring to other critical sectors,” Governor Hochul said.
Ohio
Ohio Governor Mike DeWine joined leaders from CyberOhio, the Department of Education and Workforce and the Management Council of the Ohio Education Computer Network in May to announce a new initiative to further fortify cybersecurity in K-12 schools. The Ohio organizations are working together on a statewide implementation of TechGuard – a platform that equips schools and the state’s 16 Information Technology Centers with resources for cybersecurity training and simulated cyberattacks. “I launched CyberOhio as a way to help more schools and businesses fight cyberattacks,” said Governor DeWine. “These threats continue to evolve over time as technology changes, so we need to remain proactive in training people to spot the warning signs and protect our critical IT systems.”
Resources
The National Governors Association (NGA) maintains a Cybersecurity Policy Advisors Network that serves as a forum for Governors’ offices to share ideas and troubleshoot challenges with colleagues from other states, connect advisors with valuable resources and materials and provide opportunities to hear from subject-matter experts via periodic calls, webinars and workshops. Members of the network are identified by Governors’ offices to speak to Governors’ cybersecurity priorities.
Last month, NGA’s Governors Homeland Security Advisors Council held their summer meeting where they spoke with CISA Acting Director Madhu Gottumukkala. The meeting focused on “the importance of partnerships with state, local, tribal, and territorial governments to fulfill shared goals” as “state and local governments increasingly [are] on the frontlines of sophisticated cyberthreats” and “partnerships are essential to securing the communities and critical infrastructure across the nation.”
NGA also recently partnered with several organizations representing local and state governments to send a letter to Congressional leaders. The letter urges Congress to “reauthorize the State and Local Cyber Security Grant Program” as “this critical program has provided states and local governments with the resources they need to bolster their cybersecurity defenses and assisted in modernizing technology systems across the country.”
NGA maintains this resource to detail some of the latest information about the Cybersecurity Policy Advisors Network.
CISA provides information on cybersecurity best practices designed to help individuals and organizations implement preventative measures and manage cyber risks. CISA’s guide to Cybersecurity Best Practices can be found is here.
