NGA Names States, Territories for Cybersecurity Program

The National Governors Association will assist workgroups in identifying and protecting critical infrastructure at all levels of participants' governments during workshops, which will be held between July and December.

by / July 2, 2019
Shutterstock/Michael Traitov

The National Governors Association (NGA) announced Monday it will work with seven states and territories to enhance cybersecurity at all levels of the participants’ governments.

Arkansas, Guam, Louisiana, Maryland, Massachusetts, Ohio and Washington state were competitively selected to partner with the Homeland Security and Public Safety division of NGA Solutions: The Center for Best Practices to develop action plans and identify priorities for cybersecurity, according to a press release.

The partnership is a part of the NGA's goal to help states and territories mitigate new threats and prevent attacks comprising both public and private systems.

Ohio Gov. Mike DeWine released a statement today outlining his state’s involvement in the workshops, which will run from July to December. Ohio will establish a workgroup composed of staff from state agencies, local government and K-12 schools, which is charged with brainstorming applicable methods that will increase cybersecurity within existing financial and personnel constraints.

“By assisting local governments in implementing proven cybersecurity controls, we are helping reduce the risk to their systems and their communities,” DeWine said in a separate release.

Participants from the selected states and territories will collaborate with homeland security agencies and National Guard units during the partnership. NGA staff will provide technical support and help government representatives develop strategies to protect their critical infrastructure.

The Ohio Department of Administrative Services (DAS) will be the state’s lead agency during the partnership, according to the release. DAS Director Matt Damschroder said full implementation of six controls outlined by the Center for Internet Security will stop 85 percent of threats.

The controls include inventory and control of hardware; inventory and control of software; continuous vulnerability management; controlled use of administrative privileges; secure configuration for hardware and software on mobile devices, laptops, workstations and servers; and maintenance, monitoring and analysis of audit logs. The Center for Internet Security is not a division of the NGA.

“By implementing preventative measures such as vulnerability management and system configuration, we reduce the need for more expensive fixes after an incident,” Damschroder said in the Ohio release.

The workshops are supported by the NGA’s Resource Center for State Cybersecurity, which is co-chaired by Arkansas Gov. Asa Hutchinson and Louisiana Gov. John Bel Edwards.  

Platforms & Programs