A state of pioneering cybersecurity The Commonwealth of Virginia announced the formation of a state-level ISAO in April 2015, making it one of the first US states 5 It was also the earliest state to implement the US NIST to do so. Cybersecurity Framework, which specifically encourages the 6 sharing of cyberthreat information to enhance security. More recently, Virginia established a public-private working group with the Virginia State Police to address the potential for 7 The working group cyberattacks on connected automobiles. comprises stakeholders from federal and state government agencies, academia and private-sector cybersecurity companies. The group aims to help officials understand how to detect and prevent cybersecurity attacks on vehicles and other consumer devices. Virginia has also taken the lead in implementing a threat- intelligence solution from a cybersecurity solutions provider. The commonwealth holds a vast trove of personally identifiable information (PII) of residents, including birth and death records, tax returns and health information. Last year state officials noted an increase in incidents attributed to phishing attacks and employees. To mitigate these risks, Virginia implemented a threat- intelligence solution that enables it to monitor inbound and outbound traffic for suspicious activity and malware. The solution also helps security analysts safely execute and inspect advanced malware, zero-day threats and advanced persistent threat (APT) attacks. This united front against malicious adversaries makes the commonwealth’s motto—Sic Semper Tyrannis (Thus always to tyrants)—more fitting than ever. 5 Virginia.gov, Governor McAuliffe Announces State Action to Protect Against Cybersecurity Threats, April 20, 2015 6 Virginia.gov, Commonwealth of Virginia Cyber Security Commission: Threats and Opportunities, August 2015. 7 Virginia.gov, Governor McAuliffe Announces Initiative to Protect Against Cybersecurity Threats, May 15, 2015 22 Key findings from The Global State of Information Security® Survey 2017 © 2016 PwC