State governments just got a wake-up call from the National Association of State Chief Information Officers (NASCIO) to put in place plans for handling cyberattacks right now.
NASCIO issued a “planning guide” to help states deal with a cyber disruption, an event happening frequently these days across the Internet. A major cyberattack can disrupt the business of state government, NASCIO warned.
The key message is that a cyber disruption response strategy and operations need to be addressed now, the report said.
Cyber disruption response planning is essential, the report said: “Ignore at your own peril.”
“The key word is resiliency,” the report added. “Vital systems and services must be built to survive a crisis. States must also continue to develop, mature, and test capabilities for dealing with the aftermath of such events.”
The guidance:
- An urgent call to action for states to develop cyber disruption response plans that include: a governance structure clearly designating who’s in charge in a given event or phase of an event; development of a risk profile for state assets; collaboration among the various agencies that have cyber responsibility; and a communication plan to ensure the right people have the right information as early as possible so they can respond effectively.
- A checklist for states to work with in developing progress toward a cyber disruption response operating discipline.
- A cross-functional process description that can be used as a starting point for states to develop their own unique cross-functional process for orchestrated planning and response at various threat levels.
“This guide is both a practical implementation document and a call to action for states to develop state cyber disruption response plans,” said Darryl Ackley, Cabinet secretary for the New Mexico Department of Information Technology and NASCIO president.
Some states are already moving ahead to tighten the security hatches around their sites.
“Michigan was an early proponent of cyber disruption response planning and collaboration with key state leaders outside of information technology,” said David Behen, chief information officer for the state of Michigan and co-chair of NASCIO’s Cybersecurity Committee
“One of the many things we are emphasizing in our NASCIO guidance is collaboration and integration,” Behen said,
NASCIO has the support of the U.S. Department of Justice, Bureau of Justice Assistance, to focus on cyber disruption response planning guidance to help states develop an approach that brings together various agencies such as homeland security, law enforcement, emergency management, and the National Guard.
“Cybersecurity is a team sport and these partners bring the necessary capabilities for responding to a major cyber event that could have dire consequences,” said Doug Robinson, NASCIO executive director.
“Those working in this area must understand and appreciate the ultimate effects of a cyber disruption are felt by individuals, families and communities whose lives are changed,” the report said. “Returning to normalcy may never happen, or it may happen after much time and effort.”
