State attorneys general work in various ways to help enhance the security of public and private systems.

For instance, state attorneys general enforce data breach notification and consumer protection laws to address businesses that fail to take adequate measures to protect consumers’ personal information and privacy. Data breach laws require organizations to take measures to protect consumer’s personally identifying data. State attorneys general not only enforce these laws but issue guidance to small businesses to protect against cyberattacks.

Attorneys general also participate in a whole-of-state approach to protecting state networks. Efforts include ensuring state agencies protect consumer data, participating in statewide cybersecurity taskforces, and redeploying resources to increase state cybersecurity capacity.

Learn more about how attorneys general combat ransomware and data breaches, or visit the NAGTRI Center for Consumer Protection.

NAAG Webinar

On the Cyber Frontlines: The Role of the National Guard in Defending States and Local Governments (Sept. 2020)

Cybersecurity Resources

Every organization – from the smallest business to the largest attorney general office – needs to implement security controls to protect their networks and systems from evolving cyber threats. With an ever-growing shortage of cybersecurity professionals, implementing these critical controls and staying abreast of the changing threatscape can seem overwhelming.

Learn more about simplified paths to control implementation, information sharing, and workforce development in the resources below.

Implementing Security Controls

  • The Center for Internet Security’s Controls is a series of eighteen security controls to implement that protect enterprise networks and their Benchmarks is a collection of configuration guidelines for more than twenty-five vendor products.
  • The Cybersecurity and Infrastructure’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
  • The Global Cyber Alliance’s Cybersecurity Toolkit for Small Business is a set of free tools organized to enable small organizations to implement cybersecurity controls to protect against cyber threats.
  • The National Institute of Standards and Technology Cybersecurity Framework is a risk management framework that integrates industry standards and best practices to secure enterprise networks.

Information Sharing

  • The Multi-State Information Sharing & Analysis Center is an information sharing resource for state, local, and territorial governments. The MS-ISAC’s 24-hour Security Operations Center monitors, analyzes, and responds to cyber incidents targeting SLTT government entities.

Workforce Development

  • The Federal Virtual Training Environment provides FREE online cybersecurity training to federal, state, local, tribal, and territorial government employees, federal contractors, US military veterans and the public. Managed by the Department of Homeland Security, FedVTE contains more than 800 hours of training on topics such as ethical hacking and surveillance, risk management, and malware analysis.

Recent attorney general efforts related to cybersecurity 

Colorado Attorney General’s Office  

Michigan Attorney General’s Office  

Ohio Attorney General’s Office