Governor issues executive order to strengthen state agency cybersecurity
Apr. 5—Gov. Michelle Lujan Grisham issued an executive order Friday designed to bolster cybersecurity measures across state agencies "in the face of evolving cyber threats."
"Cybersecurity is not just a technological issue; it's a matter of public safety and national security," Lujan Grisham said in a statement. "That's why I've taken decisive action to fortify the resilience of our state agencies against potential cyber intrusions."
The three-page order directs the state Department of Information Technology to conduct information technology and security assessments on state agencies to detect security vulnerabilities and beef up defenses if necessary.
The order also mandates state agencies to adopt and implement cybersecurity, information security and privacy policies, standards and procedures. State agencies must certify compliance with standards by Nov. 1 and then annually.
If a state agency is unable to certify compliance, it must request an exemption, along with a plan outlining the steps it is taking to reach compliance and approximately how long each step will take.
"The Department of Information Technology shall review the request for exemption and forward it to the Office of the Governor together with a recommendation to approve or deny the request," along with an explanation, the executive order states. "If the Office of the Governor denies the request for exemption, the agency shall promptly submit an updated plan and timeline for consideration."
Finally, the executive order "strongly" encourages all public bodies in New Mexico to "voluntarily comply" with the rules, standards and other requirements of the Cybersecurity Act or the order and participate in the state government's cybersecurity and information security programs.
The order takes effect immediately and will remain in effect until renewed, modified or rescinded.
The order states a surge in cybersecurity breaches and hacks poses a severe threat to the integrity of sensitive information held by state agencies.
"Recognizing the escalating nature of cyber threats, there is an urgent need to fortify the defenses of New Mexico's state agencies against potential cyber intrusion," the order states. "The protection of citizen data and critical infrastructure requires immediate and comprehensive action to enhance cybersecurity measures."
Follow Daniel J. Chacón on Twitter @danieljchacon.
