How Will Governors Address Cybersecurity and Infrastructure in 2017?

The National Governors Association (NGA) 2017 Midyear meeting was held last weekend in Washington, D.C., and the top priorities included cybersecurity and innovative infrastructure strategies in the states. Here are top highlights and several next steps.

by Dan Lohrmann / March 4, 2017
National Governors Association Chairman, Virginia Gov. Terry McAuliffe, center, waits for the arrival of President Donald Trump to a meeting of the NGA, Monday, Feb. 27, 2017, at the White House in Washington. Minnesota Gov. Mark Dayton is at right. (AP Photo/Evan Vucci)

Last July, Virginia Gov. Terry McAuliffe, the 2016-17 chair of the National Governors Association (NGA), announced a new initiative called Meet the Threat: States Confront the Cyber Challenge. That focus on cybersecurity, as well as innovative advances in technology and infrastructure, were evident at the NGA Midyear Meeting in Washington, D.C., last weekend.

What does the NGA cyberinitiative do, according to the NGA? “Meet the Threat places states at the center of finding solutions to the increasingly sophisticated cyber threats facing the nation. The initiative’s primary goal is for states to develop strategies for strengthening cybersecurity practices as they relate to state IT networks, health care, education, public safety, energy, transportation, critical infrastructure, economic development and the workforce. …”

According to TheHill.com: “Cybersecurity is critical to each and every governor,” said McAuliffe, who noted that Virginia was targeted by 86 million cyberattacks last year. “We have a wealth of information that every single day people are trying to get in and get our information through cyber threats and cyber criminals.”

McAuliffe was flanked by Arkansas Gov. Asa Hutchinson (R) and Oregon Gov. Kate Brown (D), who serve as chair and vice chair of the association’s homeland security and public safety committee, respectively.

The governors heard testimony from a panel including John Carlin, former assistant attorney general for the Justice Department’s national security division; Vinton Cerf, vice president and chief Internet evangelist for Google; and Mary Galligan, managing director at Deloitte & Touche LLP.

Government Technology magazine reported that better coordination and establishing protocols were a few key takeaways from the NGA cybersecurity session:

“In Arkansas, Gov. Asa Hutchinson said several efforts are underway to secure the infrastructure and systems that the government and citizens rely on. In addition to a third-party cybersecurity risk assessment, the governor said staff are also working to consolidate data centers and enterprise architecture under one consolidated agency, the Department of Information Services.

After dealing with various cyberattacks launched against state assets, one of which was a denial of service attack that downed the state’s website, Hutchinson said the potential for the loss of constituent data is a constant concern. …”

As Internet pioneer and panelist Vinton Cerf asserted, the main problem with cybersecurity to this point has been in the software, and software patches are not always provided when issues are discovered. “The root of all of this problem: It’s the software, stupid,” he said. “We don’t know how to write software that doesn’t have bugs. We’ve been trying for 70 years, since computers have been available.” 

However, a few of my skeptical state government friends contacted me to note that these NGA Midyear meetings on cybersecurity are not new. No doubt, similar sessions with cyberwarnings and action items go back to a similar meeting in February 2013, a September 2013 state cyber roadmap from NGA, several cyberframework activities in 2014, and this NGA Midyear briefing in 2015.

Nevertheless, this NGA State of States Address (seen below on C-SPAN) does seem to place a renewed strong new push for cybersecurity and infrastructure actions. This focus is in line with the National Association of State CIOs (NASCIO) top priority of cybersecurity for 2017.    

Innovation and Infrastructure Focus

National media coverage of the 2017 NGA Midyear focused more on other areas besides cybersecurity, such as this Forbes article Chao Warns Governors: Paying for Big Transport Plans to Be Hard.

“The White House is working on plans for improving U.S. transportation and other key structures, but agreeing on how to pay for expensive new projects won’t be easy, Transportation Secretary Elaine Chao told the nation’s governors.

There’s a number of ways to fund critical upgrades and no consensus across the political spectrum, so there needs to be national agreement on getting a plan approved, Chao said in her first public appearance since taking office on Jan. 31.

‘Everybody wants a better transportation system, but very few people want to pay for it, so that’s a big conundrum,’ Chao said Sunday at the National Governors Association’s winter meeting in Washington.”

Another major focus area at the NGA Midyear meeting was infrastructure innovation. VOA News highlighted the US Governors Annual Meeting Focus on $1 Trillion Infrastructure Plan. Here’s an excerpt:

“U.S. President Donald Trump's $1 trillion proposal to fix the nation's crumbling infrastructure is expected to be the primary focus of the country's governors as they gather in Washington for three days of meetings.

Health-care reform, education, childhood hunger and cybersecurity will also dominate policy discussions at the annual winter gathering of the National Governors Association, according to the NGA.

California Gov. Jerry Brown on Friday announced a $437 million plan for flood control and emergency response following a scare over the near-failure of a dam spillway that forced about 200,000 people to evacuate. …”

C-SPAN provided live coverage of the session focused on transportation infrastructure with Transportation Secretary Elaine Chao.

To read more about the NGA plans on innovative infrastructure, see this link to the State Resource Center on Innovative Infrastructure Strategies.

Other Key NGA Midyear Sessions and Plans

Other key sessions at the 2017 NGA Midyear include a fascinating health-care panel and this address by President Trump and other administration leaders to the assembled governors at the White House.

Trump started his address by mentioning the large number of former governors who are cabinet members and other leaders in his new administration — starting with Vice President Pence. The president commented that state governments need to become “laboratories of democracy once again.” He also promised to “speed things up” and a “true partnership of collaboration and cooperation. …”

Final Thoughts

This year’s NGA Midyear meetings provided a fascinating snapshot at the road ahead for states on a wide variety of controversial and difficult technology and infrastructure issues. The new interactions with the Trump administration were an under-reported aspect of the NGA gathering, and it is certainly noteworthy that President Trump has tapped so many former governors to serve on his top team.

I also applaud the efforts of Gov. McAuliffe on cybersecurity. Still, it is hard for me to be optimistic regarding significant state government cyberdefense progress in 2017 — given the continued uneven application of cyber best practices across states. Virginia is certainly a leader in what they are doing, and their actions are definitely worth noting.

Cybersecurity is now the top priority for technology leaders in cities, counties and states, and innovative approaches to security can be enablers (or the downfall) for virtually every government IT project at all levels of government as well as many education initiatives from P-20. As we move forward in 2017. the Chief Information Officers (CIOs) from the 50 states will again be attending the NASCIO Midyear Meeting in April, along with Washington DC Fly-in to discuss cybersecurity and infrastructure with their federal counterparts and various legislative leaders and committees.    

In conclusion, this quote from McAuliffe in an article in CivSource offers a good road map of the needed state focus on cybersecurity in 2017:

“This isn’t just another initiative,” McAuliffe said. “We have created real deliverables. At the end of the year, I want governors to have gone through the checklist and be able to say they have a real plan for cybersecurity.” McAuliffe added that he was hopeful that Department of Homeland Security Secretary Designee Gen. John F. Kelly would listen to the concerns voiced by members of the NGA, when it comes to cybersecurity and other issues.