App 3-83 (No. 18-17) [Governor's Cybersecurity Advisory Team]

3A V.S.A. § 3-83 (N/A)
Copy with citation
Copy as parenthetical citation

Executive Order No. 3-83

(No. 18-17)

[Governor's Cybersecurity Advisory Team]

WHEREAS, increasingly sophisticated cyber attacks aimed at breaching and damaging essential computer networks, infrastructure, and operations in Vermont represent major security risks and increase the State's vulnerability to adverse economic impacts, life-threatening institutional disruption, critical infrastructure damage, privacy violations and identify theft; and

WHEREAS, the advancing complexity and incidence of these cyber attacks demands heightened levels of coordination, information sharing, preparation and emergency response capabilities among State government and federal agencies, local governments, tribal governments, utilities, private companies, academic institutions, and other entities in order to protect computer networks and critical infrastructure systems from damage or unauthorized access; and

WHEREAS, Vermont State government agencies protect the State's computer networks and investigate criminal attacks on State computer networks and critical infrastructure systems under current State law.

NOW THEREFORE, BE IT RESOLVED, that I, Philip B. Scott, by virtue of the authority vested in me as Governor, do hereby create the Governor's Cybersecurity Advisory Team, as follows:

I. Composition and Appointments

The Cybersecurity Advisory Team shall consist of not more than 10 members to be appointed by the Governor from inside and outside of State government. The State members shall include the State's Chief Information Security Officer, the State Chief Information Officer, the Governor's Homeland Security Advisor or designee, a representative from the Vermont National Guard, the Attorney General or designee, and a representative from Vermont Emergency Management. Non-State members may include leaders from the utilities sector, higher education, health care and business. The Cybersecurity Advisory Team may, in its discretion, establish inter-agency working groups to support its mission, drawing membership from any agency or department of State government. The Cybersecurity Advisory Team may also, in its discretion, consult with private sector professionals and those from other states, the federal government and municipalities for information and advice on issues related to the Team's charge as set forth herein.

The Cybersecurity Advisory Team shall receive administrative and staff support from the Secretary of Digital Services and legal support from the Governor's Counsel and the Department of Public Safety.

II. Cybersecurity Advisory Team Charge and Process

The Cybersecurity Advisory Team will be advisory to the Governor on the State's Cybersecurity posture. The Cybersecurity Advisory Team shall meet at the call of the Chair, but not less frequently than quarterly, beginning October 15, 2017. The focus of the Cybersecurity Advisory Team shall be to:

A. Develop a strategic plan for protecting State of Vermont public sector and private sector information and systems;

B. Formally evaluate statewide Cybersecurity readiness and develop best practices for policies and procedures to strengthen administrative, technical and physical Cybersecurity safeguards as a resource for State government, Vermont businesses and the public;

C. Build strong relationships and lines of communications among the State government, federal government, and the private sector designed to ensure resilience of electronic information systems;

D. Build strong partnerships with local universities and colleges in order to leverage Cybersecurity resources; and

E. Identify and advise on opportunities to:

1. Ensure Vermont promotes, attracts and retains a highly-skilled Cybersecurity workforce;

2. Raise citizen awareness through outreach and public service announcements;

3. Provide technical capabilities, training, and advice to local government and the private sector;

4. Provide expertise to the State Legislature regarding statutory language that could further protect critical assets, infrastructure, services and personally identifiable information;

5. Advise on strategic, operational and budgetary impacts to the State; and

6. Engage State and federal partners in assessing and managing risk.

III. Effective Date

This Executive Order shall take effect upon execution.

Dated October 10, 2017