Rob Main, North Carolina’s top cybersecurity official, said Thursday that an executive order from Gov. Roy Cooper last week giving formal recognition to a statewide task force will greatly expand its ability to defend against digital threats and shorten recovery times when an incident occurs.
Main, who was named the state’s chief risk officer last October, told StateScoop that Cooper’s order will strengthen the North Carolina Joint Cybersecurity Task Force, an interagency group — first formed in 2017 — that helps local governments mitigate cyberattacks and potentially prevent them from happening in the first place.
“Having the formal recognition is extremely valuable to the task force as there are opportunities to broaden awareness of what capabilities it brings to bear,” Main said.
The task force includes Main’s colleagues inside the North Carolina Department of Information Technology, the state Department of Emergency Management, the National Guard and members of a “strike team” selected from members of a local-government IT association. While Main declined to describe any of the task force’s previous activities in detail, he said that over the past two years he’s encountered local governments that weren’t aware of the group’s existence until after they’d already been attacked.
“Had they been, the road to recovery would’ve been shortened significantly,” Main said. “It’s better to have awareness of the threats and the vulnerabilities in the environment so we can assist and react.”
Along with formalizing the task force, Cooper’s March 16 order also encouraged critical-infrastructure operators to work more closely with the task force when necessary and to disclose cyber incidents if they happen.
Main said the timing on the order had nothing to do with a newly passed federal law that requires critical-infrastructure owners nationwide to report major incidents to the Department of Homeland Security. But it did come as the White House has leaned on states to help defend important assets from cyber threats like Russian-backed hackers. Politico on Wednesday reported that President Joe Biden recently sent all 50 governors letters asking them to “take urgent action to exercise the authority you and your team have to prepare your critical infrastructure to withstand a cyber attack.”
“At the heart of the matter is the safety and security of North Carolinians,” Main told StateScoop. “A critical infrastructure operator providing its services to North Carolinians is an opportunity for the Joint Cyber Security Task Force to come alongside them and help protect the state of North Carolina’s infrastructure that does provide critical services. It’s important for us to partner will all sectors to make sure North Carolinians are protected from a cyber sense.”