State Governors Dig in On FirstNet Planning, Cybersecurity Strategies

One dimension of the $7 billion public safety broadband network “most of all, I think of interest to you, is local control,” Sam Ginn, chair of the FirstNet board, told governors at a Saturday session. The FirstNet board frequently hears a national network will destroy local control but Ginn said conceptually that’s not correct. “To do this we're going to need your help and your cooperation.” He described the outreach program and wants governors to appoint a state coordinator. The FirstNet board, which included multiple members in attendance at NGA’s meeting, will be making several visits to states to better understand states’ facilities and requirements so they can “feed them into a national architecture,” Ginn added. The system will be constructed to meet the states’ needs and governors will need to inform the board of those, he said. Ginn stressed the board has “the technical expertise to get this done.” The board has “architected the system” and “know[s] what it’s going to look like” now, he said. There’s no reason why FirstNet costs shouldn’t be lower than broadband services public safety groups currently use, Ginn said. “We will have failed if we don’t build this network cheaper than you can build it.”

"This system is transformational,” Ginn said. He emphasized the “massive data capability at the public service working level,” which allows for services that would lower costs and better serve customers. “My prediction to you is that a decade from now, you will have thousands of those applications embedded in your public safety experience and indeed it will transform how you serve your citizens, the cost structure and the service capability.”

"$7 billion seems a little light, which is difficult to say,” Gov. Matt Mead, R-Wyo., told Ginn when asking about what seemed to him “extraordinary” costs. He asked about how governors will be represented on the FirstNet board, with a governor potentially on the board. The next board openings will be in August, replied Heather Hogsett, NGA’s director of the Health and Homeland Security Committee as well as one of FirstNet’s four vice chairs of its public safety advisory committee. She explained her advisory position. “I think it would be great to have a governor on the board,” Mead said. Gov. Martin O'Malley, D-Md., chair of the Health and Homeland Security Committee, called FirstNet “a big win” for the gathered leaders but also spoke of the importance in ensuring NGA’s role. “Heather, we should consider sending off another letter, because this will be an issue in terms of maximizing the value of this and whether this becomes something that is intercepted by the federal government, or whether we actually have it so we can achieve interoperability among our first responders,” O'Malley added.

The gathered governors also discussed the possibility of what O'Malley called a “cyber 9/11,” which requires “a new level of vigilance,” he said. He credited the NGA cybersecurity resource center developed in recent months as a positive step NGA had taken to address cybersecurity concerns. The Department of Homeland Security briefed governors in a closed session Sunday on cyberthreats. Cyberattacks have the potential to disrupt multiple state agencies and multiple levels of government, said Gov. Brian Sandoval, R-Nev., who pointed to a fall National Association of State Chief Information Officers report suggesting states aren’t ready for such attacks.

"The national intelligence estimate ... has concluded -- and we can say this in an open meeting -- that there is a pandemic of foreign espionage going after our companies, our research institutions throughout the country,” said Richard Clarke, a former national security official and author of Cyber War. “It’s a quiet pandemic but it’s a pandemic.” Cybersecurity intrusions have cost the U.S. $300 billion in lost research and development, Clarke said Saturday, costing the U.S. its global competitive edge. Three crucial dimensions of the cyberthreat manifest in crime, espionage and war, he said. Michigan faces “a barrage” of attacks daily, said Dan Lohrmann, Michigan chief security officer, describing in 2012 the removal of 31 million pieces of malware from incoming emails, the halt of over 142 million website attacks and of 24 million network scans. “The threat is real,” he said. “We see it daily in Michigan, as does every other state in the nation.” Two American Legislative Exchange Council task force directors credited efforts of states such as Michigan as well as Virginia in a Friday Wall Street Journal op-ed on the topic (http://on.wsj.com/V1icZR). David Hannigan, chief information security officer of Zappos, briefed governors on how to develop and execute strategies for dealing with attacks he viewed as inevitable and potentially happening without their knowledge. The real reason for the vulnerabilities comes down to people “not doing their jobs,” he said.

"Think of yourself as a company,” Clarke told governors. States need to secure their data against cybercrime, he said. The regulatory role of governors is key when making sure entities protect themselves, as is governors’ role as emergency responders, he added. He also credited their roles as law enforcement agencies and as education leaders, with influence over people’s training at state universities. “You need to begin with a strategy,” he told them. O'Malley committed to examining the states and coming up with best practices and policies going forward.