Letter to Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency - Heinrich Leads Request For State Cybersecurity Coordinator To Strengthen New Mexico's Cyber Defense

Letter

Dear Director Easterly,

We write to urge the Cybersecurity and Infrastructure Security Agency (CISA) to hire and establish a cybersecurity state coordinator in New Mexico as expeditiously as possible. New Mexico was subject to two severe cyberattacks in the last month and is one of only eight states without a cybersecurity state coordinator. It is imperative for a state coordinator to begin without delay to enhance CISA' s assistance to our state, local, and Tribal governments in bolstering their cyber defense.

On January 5, 2022, the offices of Bernalillo County were subject to a ransomware attack, forcing the county to sever network connections, close county offices, and take affected systems offline. The attack prevented county employees from accessing local government databases and resulted in the closure of public offices, which temporarily halted the provision of county services including services critical to buying and selling homes, obtaining marriage licenses, and registering to vote.

Less than a week later, on January 12, 2022, Albuquerque Public Schools (APS) experienced a cyberattack that breached the student information system. The attack forced APS to close on January 13 and January 14, keeping over 73,000 students, or 20% of New Mexico's K-12 public school student population, home without the possibility of remote instruction.

As you know, New Mexico is one of the only states in the country without a CISA state cybersecurity coordinator. Congress directed the creation of this position to help state and local agencies prevent and respond to cyber threats, and to provide assistance in securing federal resources to increase state and local cybersecurity. State coordinators play a critical role in improving the cyber infrastructure needed to safeguard state, local and Tribal governments, school districts, hospitals, and other entities from future cyber threats. While we appreciate that CISA Region 6 is engaged in helping mitigate the recent attacks in the state, CISA must prioritize its efforts to fill New Mexico's state cybersecurity coordinator position to enhance coordination with New Mexico entities and strengthen our communities' ability to mitigate future threats.

Thank you for your attention to this issue. We stand ready to assist your efforts and look forward to hearing about CISA's targeted steps to fill New Mexico's state cybersecurity coordinator position as quickly as possible.

Sincerely,