American State Government Cybersecurity Policies

With the exponential rise in the cybersecurity incidents in state and local governments in the post-Covid 19 era, American state governments have had to adopt cybersecurity policies governing not only state government employees, but also to provide guidelines to local governments. In this paper, we comparatively assess the scope of the cyber-security policies across American state governments. We examined the cybersecurity policies considered by states to date. About one-third of the policies that were considered in the state legislatures were enacted. Almost every state has at least one cybersecurity policy that was newly enforced. We coded these policies in terms of their scope, their mandate requirements, funding, and management. Our initial analysis shows that there is convergence in terms of their scope. The policies have quickly evolved in the context of the Covid-19 pandemic, with initial concerns on broader range of cybersecurity incidents to that of ransomware related policies.