Cyber Circuit – April 2022

Updates from the Resource Center for State Cybersecurity team, April 29, 2022


Resource Center Announcements

National Summit on State Cybersecurity – June 22-24 in Columbus, Ohio

NGA will host its fifth National Summit on State Cybersecurity from June 22-24, 2022, in Columbus, Ohio. As the only national meeting exclusively focused on state cybersecurity, this unique event will convene Governors’ offices, state homeland security advisers, chief information officers, chief information security officers, National Guard leaders, and others from all 55 states and territories.

While eligible CIO/CISO attendees may seek reimbursement from NASCIO up to a limit of $1500 per state, NGA will cover airfare and hotel accommodations for two (2) officials per state provided they register with the support of their Governors’ offices. From the “Registration Type” drop-down menu, these individuals should select “NGA-Sponsored State Official.” Other state personnel are welcome to attend; however, they must register as a “General State Attendee,” pay a $200 registration fee, and are responsible for their own hotel and airfare costs. Please contact the NGA Cybersecurity Team at cyber@nga.org with questions.


We’d Like to Hear From You!

Are you familiar with state-run programs that train groups of volunteer cybersecurity experts to provide rapid response assistance to organizations across their respective states in the event of a critical cyber incident? Michigan’s Cyber Civilian Corps (MiC3) was the first of its kind, but similar models are gaining traction around the country. NGA would like to gain a comprehensive view of states’ existing capabilities or interest in standing up such volunteer cyber team functions. Is this something your state has developed or would like to learn more about? Let us know!   Submit a Response Here.


Cybersecurity Resources 


State Cyber Watch

Governor DeWine Appoints Kirk Herath as Cybersecurity Strategic Advisor | Office of the Ohio Governor April 26, 2022

Ohio Governor Mark DeWine appointed Kirk Herath as Cybersecurity Strategic Advisor, a new role established under Executive Order 2022-07D, signaling his commitment to addressing the evolving cyber threat. Herath will be responsible for leading cybersecurity efforts across state agencies, including Ohio’s Adjutant General’s Office, Department of Administrative Services, and Department of Public Safety.


Kansas prioritizes cyber, IT modernization, workforce | StateScoop | April 14, 2022

In this podcast episode, Kansas Chief Information Technology Officer DeAngela Burns-Wallace explains how the state’s participation in NGA’s cybersecurity policy academy and work with Governor Laura Kelly’s cyber task force has helped it better position itself in the event of a major cyber incident.


Federal agents disrupted cyberattack targeting phone, internet infrastructure on Oahu | Hawaii News Now | April 12, 2022

Homeland Security Investigations (HSI) was able to thwart a cyber attack in which hackers were targeting a critical underseas cable linking Hawaii and the Pacific to telecommunications infrastructure. Thanks to the information Hawaii officials shared with HSI, they were able to mitigate any damage and identify an international hacking group as responsible for the attack.


Major state technology upgrades coming in Vermont, CIO says | StateScoop | April 12, 2022

Vermont has a $66 million budget to embark on several major state technology modernization initiatives, including an overhaul of the Vermont Department of Motor Vehicles and upgrades to six other agencies’ online systems. Vermont’s Chief Information Officer, John Quinn, said the goal of these projects is to rid the state of its longstanding technical debt, which is increasingly cited as a cybersecurity risk.


New cybersecurity bill authorizes DHS to ramp up incident response efforts nationwide | FCW | April 12, 2022

The U.S. Department of Homeland Security is set to collaborate with the National Cybersecurity Preparedness Consortium to provide technical assistance services and training to state, local, tribal, and territorial officials to bolster cybersecurity preparedness and incident response initiatives across the country.


Colorado names Texas agency CISO as new cyber chief | StateScoop | April 11, 2022

The Colorado Office of Information Technology brought on Ray Yepes as the state’s new Chief Information Security Officer this month. Yepes is passionate about ensuring security requirement compliance and is eager to enforce cybersecurity policies that protect everyone.


North Carolina First State to Prohibit Agencies From Paying Ransoms | Route Fifty | April 11, 2022

As part of 2021-2022 appropriations legislation, North Caroline state and local government agencies are prohibited from paying ransoms to someone who has encrypted their IT systems. Rather than communicate with attackers, agencies must report incidents to the Department of Information Technology within 24 hours. Other states, like Pennsylvania and New York, are considering enacting similar legislation, but North Carolina is the first to put it in effect.


North Dakota agencies meet to coordinate whole-of-government response to potential cyber incidents | North Dakota Office of the Governor | April 8, 2022

In response to the growing threat of Russian cyber interference, representatives from North Dakota’s state agencies met to review the existing framework for responding to a potential cybersecurity incident and reiterate the importance of a proactive, whole-of-government approach. The state is set to conduct a cyber exercise in June to put its plan into practice and make the necessary refinements.


Blockchain Could Power State Government Processes | Route Fifty | April 6, 2022

The U.S. Government Accountability Office recently released a report, listing suggestions for the application of blockchain in government processes, including voting and identity management. The report also acknowledges some of the challenges and security concerns associated with the use of blockchain features and provides four policy recommendations for capitalizing on its advantages and ensuring more secure implementation.


New Jersey Introduces Portal to Defend Against Disinformation | Government Technology | April 6, 2022

New Jersey’s Office of Homeland Security and Preparedness launched a portal to combat the deliberate production and spread of false content. The portal features explanations of disinformation, tips for identifying signs of tampering, as well as links to myth-busting sites.


States Unclear About What Constitutes ‘Reasonable’ Cybersecurity | Route Fifty | April 5, 2022

Recent survey reporting reveals that while most public sector organizations have taken steps toward the proactive prevention cybersecurity incidents, a substantially greater number of these entities lack an incident response plan. Survey results suggest there is some shared confusion around what is considered reasonable cybersecurity without a single federal standard to point to.


Governor Pritzker Proclaims April as Innovation and Technology Month in Illinois | The Southland Journal | April 1, 2022

Governor J.B. Pritzker declared April as Innovation and Technology Month in Illinois to highlight the value of IT as a contributor to the state’s economy, the state’s commitment to cyber and STEM workforce development efforts, and its key role in advancing quantum computing.


NGA Pandemic and Disaster Response Task Force Discussion on Cyber Threat Environment

On April 14, NGA’s Pandemic and Disaster Response Task Force co-chaired by Connecticut Governor Ned Lamont and Tennessee Governor Bill Lee hosted a discussion on “How States/Territories are Protecting their Critical Infrastructure Against the Current Cyber Threat Environment.” Connecticut’s Chief Information Security Officer Jeff Brown and Tennessee’s Chief Information Officer Stephanie Dedmon explained the challenges of staying vigilant for any potential cyberattacks, ensuring that states are auditing the processes they have in place, increasing awareness and providing training, and emphasizing the importance of resiliency planning.