Governor Terry Branstad and Lt. Governor Kim Reynolds.

Governor Terry Branstad and Lt. Governor Kim Reynolds.

Governor Terry Branstad has issued an executive order that calls on state agencies to draft a “cyber security” strategy.

In addition, the governor is asking his Homeland Security agency to update its emergency response plan to “deal with the physical consequences of a cyber attack on critical infrastructure” like the electrical grid, water supplies or transportation networks.

“It’s hard to predict what it could be or where it could come from,” Brasntad says. “But this is something that being prepared and being vigilant and trying to put in place as many safeguards as possible hopefully avoids these kind of things happening in our state.”

Lieutenant Governor Kim Reynolds says a year ago the governor assembled a working group to discuss ways for state government and the private sector in Iowa to “prevent, detect, respond and recover” from a cyber attack.

“Every day we hear about new threats and successful and high-profile attacks and the serious consequences of those attacks,” Reynolds says. “It is a rapidly growing threat and we all know that we must be prepared to respond.”

State officials say there is no “credible threat” they know of today, but they’re mum about whether previous threats have been thwarted. In 2012, a hacker in another country tapped into South Carolina’s computer servers and got access to more than three-and-a-half million Society Security numbers belonging to South Carolina taxpayers. In the past few years there have been data breaches at Iowa State University and the University of Northern Iowa, but the governor’s executive order on cyber security does not apply to the three Regents universities. Branstad’s order only applies to executive branch agencies.

Branstad’s chief information officer will work with administrators from the Iowa National Guard, the Iowa Department of Public Safety, the Iowa Communications Network and the state’s Homeland Security and Emergency Management Department to come up with a cyber security report by July 1.