As the guardians of state records and filings, Secretaries of State have long prioritized cybersecurity. Cybersecurity is critical for every aspect of the work of Secretaries of State including providing business services, election administration, maintaining state archives and much more.
Secretaries of State have built robust information technology and security teams within their offices. They have implemented innovative programs such as cyber navigator programs and cyber hygiene training programs to support staff and local officials. From identifying, assessing and managing risk to responding and recovering from cyber incidents, NASS members recognize cybersecurity is not a destination but rather requires ongoing efforts.
Secretaries also work with federal, state, local, nonprofit and private sector partners to secure the systems and data they manage, as well as build resilience and recovery plans. Key cybersecurity partners for NASS members include the U.S. Department of Homeland Security, the Federal Bureau of Investigation, the National Guard, governors, state fusion centers, emergency managers, universities, independent researchers and others. The Multi-State Information Sharing and Analysis Center (MS-ISAC) is an important part of the cybersecurity strategy of Secretaries of State. NASS members engage in cyber threat information sharing and utilize cybersecurity services through the MS-ISAC.
In 2018, NASS created a Cybersecurity Committee to share cybersecurity policies and practices across states. As all Secretaries of State have a cybersecurity role, every member of NASS is on the committee. Some issues that have been addressed by the committee include implementing cybersecurity policies, cybersecurity workforce development, cyber threat information sharing, and working with security researchers. The NASS Cybersecurity Resource Guide is a product of the committee. This guide was designed to help Secretaries of State and their staffs navigate available cybersecurity resources and services.
Additionally, NASS serves as a conduit of information for the information technology and cybersecurity leaders within offices of Secretaries of State through meetings and calls.