{"id":180048,"date":"2023-02-24T06:00:26","date_gmt":"2023-02-24T14:00:26","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=180048"},"modified":"2023-02-24T11:23:33","modified_gmt":"2023-02-24T19:23:33","slug":"cybersecurity-guidelines-for-new-governors","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2023\/02\/cybersecurity-guidelines-for-new-governors\/","title":{"rendered":"Cybersecurity Guidelines for New Governors"},"content":{"rendered":"<p>Information technology is no longer simply an enabler of government; it is ubiquitous in and crucial to every aspect and function of government. Governors, today you need to be as prepared to respond to IT-related disasters as they are for hurricanes, wildland fires and floods. A poorly managed disaster can tie up a governor\u2019s agenda, potentially for years to come.<\/p>\n<p>In preparation for IT and cybersecurity-related crises, incoming governors need to be familiar with the concerns of their Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs). A great place to start is the National Association of State Chief Information Officers (NASCIO). NASCIO recently published its annual list of the <a href=\"https:\/\/www.nascio.org\/wp-content\/uploads\/2022\/12\/NASCIO_CIOTopTenPriorities_2023.pdf\" rel=\"nofollow,noopener\" >Top 10 Policy and Technology Priorities<\/a> for state CIOs. New governors, it\u2019s strongly encouraged to keep these priorities in mind as you prepare for the upcoming budget cycle.<\/p>\n<h2><a id=\"post-180048-_wlv7ri92vruj\"><\/a>Cybersecurity and Risk Management Remains the #1 Priority<\/h2>\n<p>For the last 10 years, the number one concern of state CIOs has been <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2023\/01\/nascio-top-10-for-2023\/\">cybersecurity and risk management<\/a>. This includes a range of underlying issues, such as governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats and third-party risk. While governors don\u2019t need to understand the bits and bytes of cybersecurity, they should, at a minimum, understand the threats their states face and the negative impacts of a successful attack.<\/p>\n<h4><a id=\"post-180048-_xzcquqmdayty\"><\/a>Immediate Actions to Take<\/h4>\n<p>There are a number of immediate actions that all governors, especially new governors, can take to ensure they understand the threats they face and are as prepared as possible to respond to a successful cyber attack:<\/p>\n<ul>\n<li><strong>Get a Threat Briefing from the IT Security Team: <\/strong>State CIOs and CISOs deal with attacks every day and can provide the governor with critical information about the number and nature of the attacks they\u2019re defending against.<\/li>\n<li><strong>Get an Outsider\u2019s View of Your State\u2019s Networks:<\/strong> A third-party assessment, as well as a review of the state\u2019s <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xpanse\/attack-surface-management\">attack surface<\/a> will help provide independent insight into the security of the state\u2019s networks, as well as the vulnerabilities that attackers can see.<\/li>\n<li><strong>Know Your State\u2019s Cybersecurity Response Plan and Participate in Training Exercises: <\/strong>Just like natural disasters, a successful cyber attack is a question of <em>when <\/em>not <em>if<\/em>. As such, governors need to know how to respond and in short order. The first hours after an attack are crucial.<\/li>\n<\/ul>\n<p>These are just a few foundational actions governors can take. At its heart, governors must understand that cybersecurity is not an end state. Rather, it\u2019s an ongoing core business function of government. Good security goes beyond \u201ccheckbox security\" and establishes holistic, consistent, and dynamic security practices that evolve as threats evolve and gubernatorial leadership is essential.<\/p>\n<p>As states have modernized their technologies, so have the attackers. The result is that governors must remain ever vigilant to ensure continuity of services and the protection of their citizens. Towards that end, in addition to the perspectives their CIOs and CISOs can provide, governors can also benefit from broader initiatives, such as the National Governors Association\u2019s <a href=\"https:\/\/www.nga.org\/statecyber\/\" rel=\"nofollow,noopener\" >Resource Center for State Cybersecurity<\/a> and Palo Alto Networks <a href=\"https:\/\/www.securityroundtable.org\/\" rel=\"nofollow,noopener\" >Security Roundtable<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>NASCIO recently published its annual list of the Top 10 Policy and Technology Priorities for state CIOs. New governors, keep these priorities in mind.<\/p>\n","protected":false},"author":723,"featured_media":180049,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6724,6717,6769],"tags":[120,759,3779],"coauthors":[9278],"class_list":["post-180048","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-points-of-view","category-products-and-services","category-public-sector","tag-cybersecurity","tag-nascio","tag-sled"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2023\/02\/NetSec-Adhoc-Updated-Blog-Image-Resize-1007651732.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/180048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/723"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=180048"}],"version-history":[{"count":2,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/180048\/revisions"}],"predecessor-version":[{"id":180064,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/180048\/revisions\/180064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/180049"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=180048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=180048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=180048"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=180048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}