On cybersecurity, Virginia governor says states can’t wait for a federal strategy

Gov. Terry McAuliffe encouraged an audience of state technology leaders from around the nation to make cybersecurity a priority by adopting a new standard for basic security.

With the sophistication and severity of digital attacks increasing daily, Virginia Gov. Terry McAuliffe told state chief information officers Monday they should not wait for federal cybersecurity standards to bolster their own defenses.

McAuliffe made the call to action at the National Association of State Chief Information Officers’ midyear conference as he accepted the organization’s 2017 Technology Champion award. The governor, who was also presented a GoldenGov State Executive of the Year award by StateScoop, urged state leaders to fortify their databases and systems with a new set of 10 basic protocols drafted by the National Governors Association. 

“The federal government has done a very good job of beginning to deal with their cybersecurity issue they have dealt with, but in fairness, they have done a very poor job of outlining a national strategy of how we take care of the states,” McAuliffe said. “We don’t even have a committee in Congress that deals with cybersecurity because nobody will give up their jurisdiction [on the issue], so it is spread over all different types of committees, which has made Congress very ineffectual.”

In an attempt to fill the void left by federal legislators, the NGA is near the end of a 50-state collaboration to establish the nation’s first baseline for cybersecurity measures. These protocols are to be finalized on June 14 and 15 when state representatives meet in Leesburg, Virginia, to review them. 


In an interview with StateScoop, McAuliffe said that in the meantime the NGA is reaching to the states for feedback.

“We have the standards and we’re all set. We have the 10 basic protocols that we want all 50 states to meet. The National Governors Association Cyber Resource Center is working with all the states right now to make sure they are at the basic threshold level,” McAuliffe said. “If there are a couple states missing on issues, we’ll dive in and help them. The good news is that we’re going to have all 50 states up to a level of cybersecurity that we’ve never seen before.”

The NGA’s push for a consensus stems from the vulnerability and connectivity of information systems. McAuliffe said the association has found that even when a state has invested heavily to protect itself and implement security strategies, if another state has not and uses a the same type of system, it can give hackers enough information to compromise the security systems across states.

“As I say, we are only as strong as our weakest link,” McAuliffe said. 

In Virginia, the state has invested heavily in cybersecurity by implementing the National Institute of Standards and Technology (NIST) security framework, creating a scholarship program for youth interested in cybersecurity careers, coordinating the launch of a state Cyber Command Center with the U.S. Air Force, and standing up an Information Sharing and Analysis Organization to disseminate intelligence on the latest threats and educate state leadership. 


McAuliffe said that these activities have spurred further growth of IT sector, with more than 500 companies tied to digital security.

Dangling this economic development and job growth as two possible incentives for investment, McAuliffe called out the industry’s unfilled labor needs and high wages. In Virginia, this amounts to 36,000 unfilled positions that have an average starting pay of about $88,000 — a wage nearly double the average American’s income at $44,510, according to the U.S. Census’ Current Population Survey. 

Latest Podcasts