Governor McAuliffe Signs Executive Directive to Protect Against Cyber ThreatsPosted: Updated:
Commonwealth of Virginia, Office of Governor Terry McAuliffe News Release:
RICHMOND – Governor Terry McAuliffe today signed Executive Directive 5 to strengthen security measures overseeing personal data involved in transactions between citizens and state government agencies and institutions.
The Governor's directive makes Virginia the first state to take executive action to ensure that consumer protection goals established by President Obama are adopted in the Commonwealth.
“As Governor, I play a key role and am responsible for ensuring the security of government systems and critical infrastructure within the Commonwealth,” said Governor McAuliffe. “As co-lead of the National Governors Association's Resource Center on State Cybersecurity, I am keenly aware of the need for best practices and models to help spur states to advance their cybersecurity position and make it more difficult for hackers to gain access to our sensitive data. We must partner with the federal government, the private sector and other states to push innovation and adoption of enhanced electronic payment technologies – by our agencies, our merchants and our citizens – to help reduce credit card fraud. This directive will ensure the highest level of security for transactions conducted between citizens and state agencies.”
Executive Directive 5 instructs the Secretaries of Finance and Technology, along with the State Treasurer and State Comptroller, to embrace advanced electronic payment technologies that meet or exceed federal standards for the Commonwealth's merchant, prepaid debit card and purchase card programs.
It requires the main purchase card program used by state agencies to have advanced chip security features in place by no later than December 2015.
Governor McAuliffe signed the executive directive at the Virginia Security and Consumer Protection Summit, an event supported by Visa Inc. His action re-enforces an executive order signed in February by President Obama at the White House Summit on Cybersecurity and Consumer Protection to promote partnership and innovation.
“The Commonwealth's cyber programs, Executive Directive 5 and today's summit are aligned with the President's cybersecurity trajectory for the nation, and Virginia is positioning itself as a model for other states to follow,” said Karen Jackson, Virginia Secretary of Technology.
“There is nothing more important to Visa's payment network than trust, especially at a time when innovation in the digital world is bringing consumers new ways to pay,” said Ellen Richey, Vice Chairman of Risk and Public Policy, Visa Inc. “Security is a shared responsibility, and it will take collaboration between the public and private sectors to combat cyber threats. Visa is ready to meet this challenge, and we applaud Governor McAuliffe's leadership in promoting advanced payment security technologies for the Commonwealth of Virginia. We are proud to have a large footprint in the Commonwealth and look forward to continuing our partnership to innovate and protect consumers.”
The full Executive Directive as signed by the Governor is below:
Executive Directive 5 (2015)
Securing Consumer Transactions
Importance of the Initiative
Ensuring the safety of citizen data is a critical responsibility of the Commonwealth of Virginia. In the face of ever-increasing cyber security attacks on consumer and business related entities, I am committed to ensuring that transactions conducted between citizens and the Commonwealth meet the highest level of transactional security standards.
In an effort to ensure that consumer transactions with the Commonwealth are embracing emerging electronic payment security technologies to provide the highest levels of security and meet or exceed existing Federal standards, I am directing the Secretaries of Technology and Finance, the State Treasurer, and State Comptroller to:
1. Provide a plan to the Governor's Office by October 1, 2015, detailing the Department of the Treasury's plans to enhance the security features of merchant and prepaid debit card programs to include:
a. User Authentication,
c. Cardholder reporting of unauthorized withdrawals or suspected fraudulent transactions, and
d. Data breach reporting and notification
2. Update the Commonwealth's main purchase card program to include advanced chip authentication security features by no later than December 2015. The Commonwealth has already converted purchase card programs to chip authentication technology for many political subdivisions and authorities.
3. Develop and adopt electronic identity management standards as set forth in legislation passed during the 2015 legislative session (SB 814 and HB1562).