“Capitalizing on the advantages that Virginia has in the cyber security industry is one of my highest priorities,” said Governor McAuliffe. “This Executive Order will lay the groundwork for my administration’s efforts to make this Commonwealth the world’s leader in cyber security and the enormous economic opportunities that accompany growing that industry. And as the first step in our Cyber Virginia push, the Virginia Cyber Security Commission will be a key asset in plotting the way forward to grow this key industry, keep Virginia’s cyber assets safe and create new, good jobs here in the Commonwealth.”
The text of Executive Order Number 8 is below:
Executive Order No. 8 (2014)
Launching “Cyber Virginia” and the Virginia Cyber Security Commission
Importance of the Initiative
The Commonwealth of Virginia is proud of its distinguished history and exemplary record of exceptional cyber security operations in support of state agencies and operations. As is reflected in the strong presence of state, federal, military, and private cyber security businesses, assets, and activities throughout the Commonwealth, Virginia stands poised to take advantage of its unique resources. The Commonwealth is resolute in its dedication to garnering the expertise of leaders in cyber security in order to mitigate risks and safeguard the highest level of security for government infrastructure networks, foster cyber security education and awareness, incorporate innovative and best practices to protect data statewide, bolster business investment with public-private partnerships, and proactively enhance its national standing as one of the preeminent leaders in the cyber security arena.
Threats to critical systems present a growing and complex challenge. In order to guard against the risks and marshal appropriate resources to meet potential threats, it is important to incorporate optimal policies and develop enhanced standards to protect the Commonwealth’s cyber security infrastructure from unforeseen incidents. While rapidly advancing technologies create substantial security risks, they also present significant opportunities for producing more efficient and protected proprietary networks, strengthening the Commonwealth’s cyber security framework, and advancing vital prospects for economic development.
Virginia’s cyber security businesses are at the forefront to prospectively benefit from federally appropriated funds that are among the few expected to increase in future years. Virginia’s cyber security firms are seeking to export their technologies, goods and services to global markets in the public and private sectors. Further, with military assets, related defense activities and, more generally, the critical need for secure business data, the Commonwealth must cultivate conditions to attract and retain as well as secure a competitive advantage for cyber security companies in the marketplace. Promotion of the cyber security industry will produce a synergy to ensure growth of related cyber operations businesses and facilities, sustain a wide variety of high-skilled jobs for Virginians, and strengthen a culture of excellent cyber hygiene that is critical for the Commonwealth.
Cyber security instruction, training, and programs will be requisite components to prepare those currently seeking new occupational options as well as the next generation for the rapidly developing cyber security workplace. Focusing on cutting edge education and training will be essential for Virginia’s cyber security workforce and economic development as occupations in the cyber security industry are highly in demand and among the fastest growing in the economy. Virginia continues to lead the nation in the concentration of technology workers, fed by a rich network of nationally-recognized information technology and cyber advanced degree programs at our universities.
Composition of the Commission
The Commission will consist of the Secretaries of Technology, Commerce and Trade, Public Safety, Education, Health and Human Resources, and Veterans Affairs and Homeland Security, and eleven (11) citizen members whose background shall include relevant expertise to be appointed by the Governor and serve at his pleasure. The Governor shall designate a Chairman and Vice Chairman from among the appointed members. The Governor may appoint additional persons to the Commission at his discretion.
Establishment of the Virginia Cyber Security Commission
Accordingly, by virtue of the authority vested in me as Governor under Article V of the Constitution of Virginia and under the laws of the Commonwealth, including but not limited to §§ 2.2-134 and 2.2-135 of the Code of Virginia, and subject to my continuing and ultimate authority and responsibility to act in such matters, I hereby establish the Virginia Cyber Security Commission.
Responsibilities of the Commission
The Commission’s responsibilities shall include the following:
1. Identify high risk cyber security issues facing the Commonwealth of Virginia.
2. Provide advice and recommendations related to securing Virginia’s state networks, systems, and data, including interoperability, standardized plans and procedures, and evolving threats and best practices to prevent the unauthorized access, theft, alteration, and destruction of the Commonwealth’s data.
3. Provide suggestions for the addition of cyber security to Virginia’s Emergency Management and Disaster Response capabilities, including testing cyber security incident response scenarios, recovery and restoration plans, and coordination with the federal government – in consultation with the Virginia Information Technologies Agency.
4. Offer suggestions for promoting awareness of cyber hygiene among the Commonwealth’s citizens, businesses and government entities;
5. Present recommendations for cutting edge science, technology, engineering and math (STEM) educational and training programs for all ages, including K-12, community colleges, universities, in order to foster an improved cyber security workforce pipeline and create cyber security professionals with a wide range of expertise.
6. Offer strategies to advance private sector cyber security economic development opportunities, including innovative technologies, research and development, and start-up firms, and maximize public-private partnerships throughout the Commonwealth.
7. Provide suggestions for coordinating the review of and assessing opportunities for cyber security private sector growth as it relates to military facilities and defense activities in Virginia.
Commission Staffing and Funding
Necessary staff support for the Commission’s work during its continued existence shall be furnished by the Office of the Secretary of Technology, and such other agencies and offices as designated by the Governor. An estimated 500 hours of staff time will be required to support the work of the Commission.
Necessary funding to support the Commission and its staff shall be provided from federal funds private funds, and state funds appropriated for the same purposes as the Commission, as authorized by § 2.2-135 of the Code of Virginia, as well as any other private sources of funding that may be identified. Estimated direct costs for this Commission are $5000.00.
Commission members shall serve without compensation and shall receive reimbursement for expenses incurred in the discharge of their official duties.
The Commission shall serve in an advisory role, in accordance with § 2.2-2100 of the Code of Virginia and shall meet upon the call of the chairman at least three times per year. In addition, the Commission shall issue an annual report and any other reports and recommendations as necessary or as requested by the Governor.
Effective Date of the Executive Order
This Executive Order shall be effective upon its signing and shall remain in force and effect until February 25, 2015, unless amended or rescinded by further executive order.
Given under my hand and under the Seal of the Commonwealth of Virginia, this 25th day of February, 2014.
/s/ Terence R. McAuliffe, Governor
s/s Levar M. Stoney, Secretary of the Commonwealth