Of all the concerns keeping Governors’ Homeland Security Advisors up at night, cybersecurity ranks top of the list.

According to the 2017 online survey of the Governors Homeland Security Advisors Council–GHSAC–Homeland Security Advisors–HSAs–say there is a significant gap between states’ concern over cyber threats and confidence in their ability to respond to those threats. Equally troubling, the survey found that very few states have developed a metric system to evaluate the effectiveness of their cyber strategies or their ability to respond to an attack.

HSAs likely have good reason to worry. Of the 44 respondents, 69 percent of them had already addressed a cybersecurity incident since becoming an HSA, and they’re likely to face more yet. Over the last two decades, it’s become abundantly clear that cybersecurity was never just an abstract threat to credit card companies–it’s a state and Federal issue that could directly affect the lives of millions of Americans. As evidenced by recent attacks, hackers’ paths of destruction are only limited by their imagination, and their imagination seems fairly boundless.

Last year we learned that Russian hackers targeted–and penetrated–U.S. nuclear power plants’ networks as far back as 2016; a Buffalo, N.Y. hospital was taken offline for six weeks last year, when hackers demanded a measly ransom of $44,000 in bitcoin; and in one of the most dramatic displays of cyber force, Russian hackers took down a Ukrainian power grid back in 2015, purportedly as a test run.

The good news, however, is that roughly half of those surveyed said they were largely “satisfied” with their relationships with Federal agencies, including the DHS, FBI, National Guard Bureau, and FEMA.

The survey–meant to gather information about state homeland security concerns and HSA roles–found that of the HSAs respondents, 90 percent held other positions in state government, and nearly all had more than a decade of experience either in law enforcement or emergency management. The survey also found that HSAs typically oversee management and strategy issues rather than tactics.

Read More About