Updates from the Resource Center for State Cybersecurity team, January 31, 2023
NGA Webinar: State Support of Critical Infrastructure Cybersecurity
In the wake of cyber attacks across the state, Wyoming created its Cyber Assistance Response Effort (CARE) team in 2019, quickly morphing into a response team in late-2020 that has been assisting critical infrastructure entities in cyber response ever since. Neighboring Utah’s Statewide Information & Analysis Center (SIAC) has played a key role in the creation of the Governor’s Cybersecurity Commission, which is mandated to gather information and share cybersecurity best practices with the state legislature. Please join the National Governors Association as we host officials from Wyoming and Utah to discuss each state’s unique approach to improving cybersecurity response and resilience among the critical infrastructure sectors.
- Mikki Munson, Cybersecurity & Critical Infrastructure Protection Program Manager, Protected Critical Infrastructure Information Officer (PCII), Wyoming Office of Homeland Security
- Katherine Chipman, Supervisory Intelligence Analyst, Utah SIAC, Utah Department of Public Safety
- Mallorie Nielsen, Cyber Threat Intelligence Analyst, Utah SIAC, Utah Department of Public Safety
2023 State of the States
Each year, NGA closely monitors Governors’ inaugural and state of the state addresses to help inform the organization’s program offerings. NGA has collected Governors’ 2023 addresses to help showcase their leadership and priorities in the year ahead, which can be accessed here.
CISA Publishes RFI: Growing Cyber Talent in K-12 Education
On January 18th, the Cybersecurity and Infrastructure Security Agency (CISA) published a request for information (RFI) focused on “Growing Cyber Talent in Early Education (K-12).” Responses are due by February 8th. Access the RFI by selecting “Related Documents” here.
Webinar: .gov – The “Top” Top-Level Domain
Join MS-ISAC, NASCIO, NACo, and NLC on February 7th at 2:00PM EST for a webinar about the .gov domain. The information presented will prepare you for your transition planning to increase the security and integrity of your organization’s online presence.
- Report: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats | CISA
- Better Identity in America: A Blueprint for State Policymakers | Better Identity Coalition
- 2022 Year in Review | CISA
State Cyber Scan
More than just broadband – governors set tech agendas for 2023 | StateScoop January 25, 2023
Governors’ annual State of the State addresses are an opportunity for governors to lay out their priorities and budget proposals for the year ahead. Speeches across the country signaled key initiatives to anticipate coming out of the states’ IT agencies, such as transparency efforts, automation projects, technology consolidation, increased cybersecurity funding, and IT workforce development.
Mississippi Announces New Cybersecurity Unit and Leadership | Government Technology January 20, 2023
The Mississippi Department of Public Safety announced this month the creation of a new cyber unit and named the state’s first cyber director. The cyber unit, which will be led by Bobby Freeman, sit within the state’s Office of Homeland Security and will serve as a “centralized cybersecurity threat information, mitigation, and incident reporting and response center.”
Wisconsin, North Carolina ban TikTok from state devices on security concerns | Reuters January 12, 2023
Wisconsin Governor Tony Evers and North Carolina Governor Roy Cooper recently signed orders banning the use of TikTok on government devices due to cybersecurity concerns stemming from China. Their moves join the federal government and more than 20 other states who have taken similar actions against TikTok and other Chinese-owned technology platforms.
Iowa school district cancels classes another day due to cyberattack | The Record January 10, 2023
One of Iowa’s largest school districts, Des Moines Public Schools, cancelled classes for two days this month due to a cyberattack. Recovery efforts led to outages across the internet, WiFi, and various networked systems at school buildings and district offices. A week prior, several schools across Massachusetts were also forced to cancel classes due to a ransomware attack.
Dozens of States Proffer Bills About School Cybersecurity | Government Technology January 9, 2023
A recent analysis by the Consortium for school Networking found that legislators in 36 states introduced 232 school-related cybersecurity bills (37 of which were enacted) – that’s 62 more than were introduced in 2021 and more than twice the number of bills introduced in 2020. The most common policy strategies adopted by states last year include mandatory incident reporting, prevention and contingency planning requirements, and expansion of the cyber workforce.
Researchers Could Track the GPS Location of All of California’s New Digital License Plates | VICE January 9, 2023
A team of security researchers managed to gain “super administrative access” into Reviver, the company behind California’s new digital license plates that launched last year. This access allowed them to track the physical GPS location of all Reviver customers. Reviver quickly responded, patching the issues in less than 24 hours and confirmed the vulnerability had not been exploited.
San Francisco BART investigating ransomware attack | The Record January 9, 2023
Early this month, San Francisco’s Bay Area Rapid Transit (BART) was the victim of an alleged ransomware attack by the Vice Society ransomware gang. BART stated they were investigating the data that was stolen and posted by the group, but that no services or systems were impacted.
Flexibility, Culture Key to Attracting Laid-off Tech Workers | Route Fifty January 4, 2023
2022 was dubbed a “tech recession” – the tech industry saw thousands of workers being laid off. Some see this as an opportunity to attract these laid-off workers from the private sector into more stable government jobs. While it will be difficult, state and local governments could try “leaning into different flexibilities” around benefits and compensation for employees who are accustomed to the flexible job culture that private sector tech provides.
Four cyber concerns looming in the new year | The Hill January 2, 2023
Last year, officials and lawmakers renewed their focus on cybersecurity and safeguarding the country’s critical sectors against rising cyber threats. As the complexities expand, the four concerns expected to take priority in 2023 are: threats to critical sectors, ransomware attacks, foreign spyware, and labor shortage.
NGA Government Relations Updates
NGA released a statement regarding new leadership and name changes for NGA’s three Governor-led task forces. The task forces and their co-chairs are:
- Public Health and Disaster Response: Connecticut Governor Ned Lamont and Vermont Governor Phil Scott
- Economic Development and Revitalization: South Carolina Governor Henry McMaster and Kentucky Governor Andy Beshear
- Community Renewal: U.S. Virgin Islands Governor Albert Bryan and Idaho Governor Brad Little
Letter: TikTok’s Security Risks | January 12, 2023
NGA Chair New Jersey Governor Phil Murphy and NGA Vice Chair Utah Governor Spencer Cox sent a letter this month to their fellow Governors regarding the growing number of states taking action “to prohibit the use of TikTok on state-issued cellphones, computers, and other devices.” Both Governors have recently issued Executive Orders on this matter, and encourage “our fellow Governors to join the growing number of states taking action. By acting against foreign cyberthreats like TikTok, Governors can protect our states, bolster national security, and ensure our citizens can trust our states’ systems.”