In a move to shore up the state’s information security and privacy, New Mexico Gov. Michelle Lujan Grisham has established a Cybersecurity Planning Committee to guide the state’s cybersecurity initiatives.
“It is more critical than ever to defend New Mexicans against the increasing threats of cyberattacks,” said Gov. Lujan Grisham in a press release. “As hackers grow more sophisticated it is vital for the state to safeguard private information and protect against threats to services and infrastructure.”
The committee is a requirement for New Mexico to receive funding from the Department of Homeland Security’s (DHS) State and Local Cybersecurity Grant Program (SLCGP). The SLCGP was announced in September of this year and, according to DHS, is a “first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country.”
The grant program is intended to help states address cybersecurity risks and threats to information systems owned or operated by SLT governments. Along with the Tribal Cybersecurity Grant Program, the SLCGP will distribute $1 billion over four years to support cyber and information security projects.
Established via an executive order, the committee’s focus will be on planning and developing a “robust cyberinfrastructure to address risks and threats to information systems owned by state and local governments.” The committee is also tasked with advising the governor regarding needed cybersecurity legislation and will support applications to receive Federal funding to address cybersecurity needs and challenges.
According to the executive order, committee members will include the secretaries of the New Mexico Department of Information Technology (DoIT) and the Department of Homeland Security and Emergency Management, the state chief information security officer, as well as cybersecurity professionals from other state agencies, school districts, counties, cities, and tribal communities. The executive order also notes that committee members will be appointed by the governor.
“The Cybersecurity Executive Order will lead us to additional funding and help improve our state’s cyber security posture and control maturity for the schools, local governments, and tribal territories. I am looking forward to collaborating with the task force and I am very excited to bring the best possible cybersecurity posture to the state” said Raja Sambandam, state chief information security officer.
The committee has until Nov. 10, 2022, to develop, implement, or revise an eligible cybersecurity plan under the SLCGP, or develop a justification for extending the deadline of adopting an eligible plan to Sept. 30, 2023. Among other requirements, the plan must:
- Incorporate existing plans to protect against cybersecurity risks and cybersecurity threats;
- Detail how input and feedback from local governments and associations of local governments were incorporated;
- Describe the individual responsibilities of the state and local governments within the state in implementing the cybersecurity plan; and
- Outline the necessary resources and a timeline for implementing the plan.