Iowa officials forging strategy to improve cybersecurity
Branstad asks state agency leaders for recommendations by July 1
DES MOINES — Calling cybersecurity a top priority, Gov. Terry Branstad on Monday asked leaders of key safety and technology agencies to make recommendations to him by July on ways to beef up Iowa’s efforts to combat cyber security attacks or threats.
Branstad issued an executive order to formalize the process and “direct our state agencies to draft a State of Iowa cybersecurity strategy and update Iowa’s emergency response plan to better deal with the physical consequences of a cyberattack against the state’s critical infrastructure.”
A year ago, Branstad formed a state cyber working group to expand on the work that was being done at the national level. That group — comprised of state agencies and key federal and private partners — looked at ways to prevent, detect, respond to and recover from cyber threats in Iowa, the governor told his weekly news conference.
Branstad said the increased focus on cybersecurity has involved the Office of the Chief Information Officer, Iowa National Guard, the state department of Public Safety, the state Department of Homeland Security and Emergency Management and the Iowa Communications Network, as well as the U.S. Department of Homeland Security, FBI, representatives of private industry, and the Multi-State Information Sharing and Analysis Center.
“Every day we hear about new threats and successful and high profile attacks and the serious consequences of those attacks,” Reynolds said. “It is a rapidly growing threat, and we all know that we must be prepared to respond.”
Mark Schouten, director of Iowa’s Department Homeland Security and Emergency Management, said an attack against Iowa’s electrical, gas or water systems could cause significant damage to property, loss of life or civil unrest.
“Although we are currently aware of no credible cyber threats of this scope against our state, like floods, tornadoes and winter storms, it’s important that we be prepared to respond to a significant cyberattack should one occur,” he said.
Jeff Franklin, the state’s Chief Security Information Officer, said attempts by cyber thieves to access Iowans’ private information retained by state institutions occur on virtually a daily basis. “No person and no organization is immune from this threat,” he added in noting the effort announced Monday is intended to build on existing protections.
Elements of Iowa’s cybersecurity strategy to be drafted by July 1 will include an assessment of the state’s current security infrastructure and activities, identifying awareness and training needs, educating the public, and recommending “cutting-edge” activities in science, technology, engineering and math to make the state’s digital resources more secure, he said.
In addition, Branstad said he is asking his homeland security agency to update its emergency response plan to “deal with the physical consequences of a cyber attack on critical infrastructure” like the electrical grid, water supplies or transportation networks.
“It’s hard to predict what it could be or where it could come from,” Branstad told reporters. “But this is something that being prepared and being vigilant and trying to put in place as many safeguards as possible hopefully avoids these kind of things happening in our state.”