Terry McAuliffe, the outgoing governor of Virginia, considers cybersecurity an essential function of government – so much so that in 2015 Virginia was the first state to adopt the NIST cybersecurity framework, he told the audience at the National Association of State CIOs (NASCIO) at the organization’s Midyear Conference on April 24.

“We were the first state to stand up an [information sharing and analysis organization],” he said. “I have 36,000 cyber jobs open in Virginia, [and] the starting salary is $88,000 … We will, in Virginia, pay for your degree if you get it in cyber” and come work for the state.

“We have, per capita, more veterans, more female veterans, more under 25, than any state in America,” McAuliffe said. This is the basis for Virginia’s program to train veterans in cybersecurity.

Virginia’s economy has thrived, in large part, because of its naval bases and its proximity to Washington, D.C. But this makes the state vulnerable to changes in federal budgets, such as sequestration.

“You need to diversify,” he said. During his tenure, the state has been emphasizing cybersecurity, genome sequencing and big data analytics. “There are 656 cyber companies in Virginia.”

McAuliffe’s commitment to cybersecurity extends beyond his state’s borders.

As chairman of the National Governors Association, “I made cyber the number one issue for all the 50 states,” McAuliffe said. “You all have more government information than the federal government does … The federal government has done a very good job of protecting its information [but] done a very poor job” of providing guidance to the states.

Of all the states, McAuliffe said “probably 15 states are in great shape [on cybersecurity], five that are excellent, 15 that are making great progress, and about 15 in pretty tough shape.” The challenge is, he pointed out, that cybersecurity cannot stop at a state’s borders. If Virginia is doing well at cybersecurity and has Anthem as its primary health insurance provider, a small state out west that doesn’t do well on cybersecurity and also uses Anthem can put Virginia at risk.

“If your state is hacked and a citizen’s voter registration information is stolen,” he warned, “you’re going to pay a price – and you should.”

Interested in learning more about some of the biggest risks to data security for state and local governments? Check out our ransomware series here.

[maxbutton id=”1″ ]