Updates from the Resource Center for State Cybersecurity team, May 31, 2022
Resource Center Announcements
National Summit on State Cybersecurity – June 22-24 in Columbus, Ohio
There’s still time to register for NGA’s fifth National Summit on State Cybersecurity by the June 6 deadline!
NGA will cover travel expenses for two officials from each state, commonwealth, territory or the District of Columbia. The National Association of State Chief Information Officers (NASCIO) will also award block grants up to $1,500 per state for each state or territory’s chief information officer and/or chief information security officer. Additional personnel are welcome to attend, but they will be responsible for their own travel and lodging costs.
Agenda, hotel and travel information can be found through the registration link. If you are taking advantage of NGA sponsorship, you must register and book your hotel room by June 6.
Please contact the NGA Cybersecurity Team at cyber@nga.org with questions.
Questions, comments or feedback? Want to feature your work in our newsletter?
Contact Casey Dolen, Senior Cybersecurity Policy Analyst, at cdolen@nga.org
Cybersecurity Resources
- Verizon 2022 Data Breach Investigations Report | May 24, 2022
- CISA Cybersecurity Advisory: Weak Security Controls and Practices Routinely Exploited for Initial Access | May 17, 2022
- NIST Special Publication: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations | May 5, 2022
- FBI Public Service Announcement: Business Email Compromise: The $43 Billion Scam | May 4, 2022
State Cyber Watch
Governors meet in Boston on importance of STEM education | Boston Herald – May 19, 2022
The National Governors Association convened seven Governors to hear from a panel of experts on the importance of STEM education for addressing critical national security needs and workforce challenges. Governors also shared updates on their states’ successes in expanding computer science education and discussed strategies and best practices with industry partners and other stakeholders.
Maryland governor signs bill to strengthen cybersecurity | Federal News Network – May 12, 2022
Governor Larry Hogan signed into law measures to strengthen cybersecurity in state and local governments across Maryland, after legislation and big investments were approved earlier this year to protect vital systems against cyberattacks. The state is facing a huge budget surplus this year and was positioned to allocate nearly $200 million toward cybersecurity and another $334 million for IT development projects.
Survey: 93% of Americans Fear Cyberwarfare Against US | Route Fifty – May 11, 2022
A survey conducted in April revealed that 93% of respondents are concerned that a foreign country could wage cyber warfare against the U.S. It also found that 35% of Americans are taking steps to prepare for cyber warfare, including conducting frequent software backups on their computers and mobile devices.
Hackers hit web hosting provider linked to Oregon elections | OPB – May 10, 2022
Ahead of Oregon’s primary elections, the Secretary of State’s office revealed its campaign finance reporting system was affected by a ransomware attack targeted toward its web hosting provider. No sensitive data or elections administration systems were compromised, but the company is working with cybersecurity and digital forensics experts to assist in its response efforts.
Utah Creates a Blockchain and Digital Innovation Task Force | TheStreet – May 9, 2022
Governor Spencer Cox signed a bill this month, creating the Blockchain and Digital Innovation Task Force, which is aimed at regulating blockchain initiatives and forming policy recommendations related to the state’s emerging technology. Each year, the task force will report to the Senate’s Business and Labor Interim Committee and the Legislative Management Committee.
Connecticut becomes fifth state with data privacy law | The Record – May 4, 2022
Connecticut became the fifth state in the country to enact some form of data privacy protections for its citizens when it passed S.B. No. 6, the “Act Concerning Personal Data Privacy and Online Monitoring,” on May 4th. The bill does things like allow residents to opt out of sales, targeted advertising, and profiling, and will require companies to acknowledge opt-out preferences for targeted advertising and sales.
Gov. Newsom Signs Executive Order on Cryptocurrency and Blockchain Technology | California Globe – May 4, 2022
According to Executive Order N-9-22 signed by Governor Gavin Newsom, companies using blockchain technology will gain a transparent and consistent business environment for them in California. Blockchain technology will also be more heavily regulated as part of this effort to support its widespread use.
Governor’s Cybersecurity Task Force releases 18 recommendations | Idaho Press – May 4, 2022
Governor Brad Little’s Cybersecurity Task Force released its final report earlier this month, which provides 18 recommendations to improve Idaho’s cyber resiliency. The recommendations touch on critical infrastructure protection, workforce and education investments, election integrity, and public engagement. Read the full report here.
Virginia Researchers Study Gaps in Cyber Crime Reporting | Government Technology – May 4, 2022
A team of Virginia Tech researchers recently received a grant from Virginia’s Commonwealth Cyber Initiative to research cyber crime victimization among the state’s residents and businesses. They are aiming to identify any gaps in cyber crime reporting how respondents defend themselves before and after being targeted. They hope to design information pamphlets to share with law enforcement and other agencies to inform the public how to make online experiences safer.
Ransomware Attacks on Governments More Frequent, Damaging and Costly | Route Fifty – May 3, 2022
Ransomware attacks have increased 78% between 2020 and 2021, with 68% of organizations hit by ransomware in the last year, according to a recent report. The highest payout rates—hovering around 50%—were seen among the K-12 education, state and local government, and healthcare sectors.
WVU students prepare for cyberspace attacks with Operation Locked Shields | WVU Today – May 3, 2022
A team of West Virginia University students were among 2,000 participants competing in Operation Locked Shields, and international cyber defense exercise run by NATO. Between April 19-21, WVU students represented the U.S. Blue Team and got hands-on experience with defending against a large-scale coordinated cybersecurity attack. Today, WVU is one of 84 academic institutions that works closely with CYBERCOM.
Kentucky Becomes 21st State to Adopt Model Cyber Security Law for Insurers | Insurance Journal May 2, 2022
Governor Andy Beshear recently signed House Bill 474, a data security law requiring insurers and larger agencies to strengthen efforts to prevent cyber attacks and data breaches. Licensees under the law will have until January 1, 2024 to develop a written cybersecurity program, agree to report cyber events within three days, designate someone to be responsible for information security, and more.
NGA Government Relations Updates
Governors Respond to President Biden’s Letter About Cybersecurity
On May 4th, Council of Governors co-chairs Minnesota Governor Tim Walz and Ohio Governor Mike DeWine issued a response to President Biden’s March 18th letter regarding the heightened cybersecurity threat stemming from Russia’s ongoing attack on Ukraine. The letter highlights the steps the states have been taking to implement robust cybersecurity strategies in preparation for a major incident. The letter also asks for more collaboration between states and federal partners, as well as more resources to be provided to states.