Hoping to better address the cause and concerns of cyber attacks on a state level, last week the National Governors Association (NGA) announced the creation of the Resource Center for State Cybersecurity, an initiative set into motion by Governor Martin O’Malley (D-Md.) and Governor Rick Snyder (R-Mich.)
Along with the center, a new council dubbed the National Policy Council on State Cybersecurity is also set to be formed. The collective will feature approximately 25 individuals from private industry and federal agencies, according to a report published in next month’s National Defense Magazine.
The article claims that after the formation of the council, the next step for the association is to identify members and draft a policy framework before implementing its recommended courses of actions, according to O’Malley.
While it’s been argued cybersecurity should largely be seen through a national scope, the new center plans to analyze if and how state policy can positively affect cybersecurity in state-owned infrastructure. The center will work with state law enforcement, banking systems, water systems, electrical grids and energy companies once it hits the ground running.
The new center will work in tandem with the NGA Center for Best Practices — a research and development firm that works with state governors on policy — to facilitate between the state-owned entities.
“The overall goal of the resource center is to help governors create the most robust policy environment possible to protect our infrastructure, our government and our citizens from cyberthreats and data breaches,” O’Malley said in a press release last week.
National Defense Magazine talked to the NGA’s Division Director of the Homeland Security & Public Safety Division Thomas MacLellan about the association. He claims that when it comes down to it, “there’s a lot more governors could be doing.”
The formation of the center isn’t without its detractors though.
Michael Hayden, a former National Security Agency director and former CIA director, stresses in the article that when it comes to cybersecurity, one universal standard is necessary and that “we can’t live with 50 different standards.”
“We feel as if national standards are going to be difficult because this is a non-geographic domain we’re working in, so why would we let 50 different states create different rules?” Hayden said.
Talks revolving around national cybersecurity reform stalled earlier this year after Republicans blocked the Cyber Security Act of 2012 in the Senate. Congress went on recess later that month before discussing the pivotal bill. Despite a last ditch letter by Joe Lieberman (D-Conn.) to President Barack Obama to use his executive authority last month, and even a recent cyberattack on the U.S. government, further cybersecurity discussion has been mostly shelved in the weeks leading up to November’s presidential election.
United States Secretary of Defense Leon Panetta sounded the alarm again on Thursday however, warning that if a bill wasn’t passed, the country could have a “cyber-Pearl Harbor” on its hands. During a speech in New York, Panetta referenced the malware Shamoon and its implication in a recent attack that undid systems at Saudi Aramco, a Middle Eastern oil and gas company.