RALEIGH: Governor Cooper joined a bipartisan compact to improve state cybersecurity at the National Governors Association’s summer meeting. The compact continues Gov. Cooper’s focus on safeguarding North Carolinians from threats and cyberattacks.
“We must ensure that North Carolina citizens and their personal information are protected from cybersecurity threats,” said Gov. Cooper. “To protect North Carolinians, we must have a 21st century workforce with the necessary skills to protect our businesses and personal data. Our state’s commitment to improve our cybersecurity governance and prepare for events will help keep North Carolina competitive and open for business.”
Gov. Cooper has tasked his secretaries of Information Technology and Public Safety with close coordination on cybersecurity issues for the state. In his budget proposal to the General Assembly, Governor Cooper included funds to establish a disaster recovery site to improve the North Carolina Secretary of State’s security from cyber threats as well as protection against data damage due to natural disasters.
“Cybersecurity is our top priority,” said Secretary and State Chief Information Officer Eric Boyette. “I was excited that Governor Cooper signed on to this important initiative. This compact further emphasizes the importance of maintaining a strong cybersecurity network to defend against potential attacks, and more importantly, to secure the data of the citizens of North Carolina.”
Thirty-seven other states and territories—including Virginia, Maryland, Kentucky, Oklahoma, and Indiana—have also joined the compact.
The compact commits to review and implement key recommendations to protect their residents from cybersecurity threats by:
Building cybersecurity governance, which may include:
- Creating a cybersecurity governance structure, whether through executive order, legislation or ad-hoc formation, and selecting members of the body based on their ability to implement change;
- Developing a statewide cybersecurity strategy that emphasizes protecting the state’s IT networks, defending critical infrastructure, building the cybersecurity workforce and enhancing private partnerships; and
- Conducting a risk assessment to identify cyber vulnerabilities, cyber threats, potential consequences of cyberattacks and resources available to mitigate such threats and consequences.
Preparing and defending the state from cybersecurity events, which may include:
- Creating and exercising cybersecurity disruption response plans that emphasize a whole-of-state approach;
- Organizing a framework for information sharing by introducing state IT, homeland security and emergency management officials to managers of key critical infrastructure operators;
- Incorporating procedures for using the National Guard’s cyber capabilities into cyber response plans and working with the legislative branch to expand the circumstances under which the Guard can be activated, if necessary; and
- Developing a public communications plan for cyber events.
Growing the nation’s cybersecurity workforce, which may include:
- Reclassifying state job descriptions for cybersecurity positions to align with private sector practices;
- Encouraging colleges and universities to seek National Security Agency certification as a Center of Academic Excellence;
- Placing veterans into cybersecurity certification programs or open positions within state agencies; Partnering with community colleges to increase the availability of transferable, two-year cybersecurity degrees; and
- Creating a program to assign qualified college students to state agencies as low cost, skilled cybersecurity interns.