CARSON CITY — The leadership of the National Governors Association, including incoming chairman Gov. Brian Sandoval, repeated a plea to Congress on Friday to create a national committee to address cybersecurity threats.
Outgoing chairman and Virginia Gov. Terry McAuliffe said cybersecurity, which has become a major threat as evidenced by recent actions including during the 2016 presidential campaign, does not have a single point of contact in Congress.
“We have implored the Congress to have a cybersecurity committee,” he said. “One does not exist today in the Congress.”
Cybersecurity concerns are spread over many different committees, and there has been reluctance to give up jurisdiction to allow for the creation of such a committee, McAuliffe said.
“What we saw last fall was only the beginning,” he said. “It is only going to ramp up. It is incumbent on us as governors to do our part to keep our states and our nation safe.”
McAuliffe made cybersecurity a priority during his year as chairman of the association. On Friday, many of the nation’s governors heard an update on the progress during a session in Rhode Island at the group’s summer meeting called “Meet the Threat: States Confront the Cyber Challenge.”
Sandoval, who will take over as chairman of the association on Saturday, successfully pushed for a bill in the 2017 Nevada legislative session that will create a new Office of Cyber Defense Coordination. The office is intended to help Nevada prepare and guard against cyberattacks to state government systems and be a resource to government and private-sector companies.
McAuliffe said Virginia has taken steps to attract and train workers in the cyber defense industry and other states should do the same. The jobs do not require a four-year degree and the starting pay is $88,000, he said.
States are viewed as attractive targets for cyber criminals because of the wealth of data they have, from DMV records to Medicaid data, he said.
Wes Kremer, integrated defense systems president for defense contractor The Raytheon Company, told the governors that training and hiring is important, but attacks will occur and cyber systems need resilience built in at the outset to repel attacks. Critical operations, such as hospitals, cannot afford to shut down during an attack, he said.
“You have to be able to operate through a cyber attack,” Kremer said. “It may be in a degraded mode.”
Since attacks are inevitable, limiting the success of such attacks is crucial, he said.
“I would rather have 100 penetrations for one minute than one penetration for 100 minutes,” Kremer said.
Contact Sean Whaley at firstname.lastname@example.org or 775-461-3820. Follow @seanw801 on Twitter.