{"id":202038,"date":"2026-04-03T18:22:00","date_gmt":"2026-04-03T22:22:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/03\/west-virginia-gives-ciso-greater-authority-to-lead-statewide-cyber-program\/"},"modified":"2026-04-03T18:25:10","modified_gmt":"2026-04-03T22:25:10","slug":"west-virginia-gives-ciso-greater-authority-to-lead-statewide-cyber-program","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/03\/west-virginia-gives-ciso-greater-authority-to-lead-statewide-cyber-program\/","title":{"rendered":"West Virginia gives CISO greater authority to lead statewide cyber program"},"content":{"rendered":"<p><a href=\"https:\/\/statescoop.com\/west-virginia-cybersecurity-office-ciso-bill\/\">West Virginia gives CISO greater authority to lead statewide cyber program<\/a><\/p>\n<p><a href=\"https:\/\/statescoop.com\/west-virginia-cybersecurity-office-ciso-bill\/\">https:\/\/statescoop.com\/west-virginia-cybersecurity-office-ciso-bill\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-03 18:22:00<\/a><\/p>\n<p>Source Domain: <a href=\"statescoop.com\">statescoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>West Virginia Gov. Patrick Morrisey on Thursday approved legislation designed to strengthen the state\u2019s cybersecurity and grow the authority of its chief information security officer, a role currently held by longtime state IT staffer Leroy Amos.<\/p>\n<p>The bill directs the state\u2019s Cybersecurity Office, led by Amos, within the state\u2019s Office of Technology, to standardize the state\u2019s approach to cybersecurity. Amos is tasked with developing statewide cybersecurity policies and standards comprising a \u201cframework\u201d that ensures uniform compliance with the industry\u2019s best practices. While discussing the bill in Charleston in recent months, state lawmakers claimed that much of West Virginia\u2019s cybersecurity activities are the product of disparate, ad-hoc efforts, not carefully managed by a central authority keeping an eye on compliance across agencies, though the IT office has partially disputed this criticism.<\/p>\n<p>The bill\u2019s enactment drew approval from the Alliance for Digital Innovation, a Washington nonprofit that advocates for laws and policies \u201cthat contribute to the development of a modern, 21st century digital government,\u201d according to its website. In a letter to the governor urging his signature, Dan Wolf, the Alliance\u2019s director of state programs, noted the legislation\u2019s \u201cthoughtful and forward-looking approach to managing cybersecurity risk\u201d and its accommodation for \u201cthe shared and interdependent nature of cyber risk across agencies.\u201d<\/p>\n<p>Wolf noted that the bill \u201censures that software licensing practices do not restrict the state\u2019s ability to deploy solutions on the infrastructure of its choosing, helping to prevent vendor lock-in and promote flexibility, competition, and cost efficiency,\u201d a nod to one of the bill\u2019s amendments, after concerns arose that new cybersecurity standards, too rigidly administered, might hamper the state\u2019s hardware or software options. \u201cEffective cybersecurity requires centralized governance, clear standards, and sustained oversight,\u201d Wolf wrote, \u201cand this legislation delivers all three.\u201d<\/p>\n<p>The bill \u2014 sponsored by Daniel Linville, the Republican assistant majority whip in the state\u2019s House of Delegates \u2014 was brought to the legislature at the request of the state\u2019s Department of Administration following an audit last year of the state\u2019s IT office. A report, entitled \u201cThe West Virginia Cybersecurity Office Has Not Fulfilled the Legislative Mandate of Developing a Statewide Cybersecurity Program,\u201d informed the state\u2019s legislative leaders that the state\u2019s cybersecurity office had, in fact, not developed a statewide cybersecurity program to its specifications, despite having spent $1.3 million on contracts \u201cto develop a Cyber Risk Program and obtain Governance, Risk, and Compliance (GRC) software.\u201d<\/p>\n<p>\u201cAlthough the Cyber Risk Program was completed and approved, WVOT did not fulfill the statutory requirement to implement a statewide cybersecurity framework. The lack of rollout and reporting represents noncompliance with legislative intent and leaves the State without a coordinated cybersecurity structure,\u201d read the report, drafted by the Performance Evaluation and Research Division of the West Virginia legislative auditor\u2019s office.<\/p>\n<p>In its response to the audit, the Office of Technology responded that the agency \u201calways operated an effective statewide cybersecurity program that included risk assessments and reporting.\u201d But the office, led by state Chief Information Officer Heather Abbott, also admitted that \u201cincidents are occurring\u201d and that the cybersecurity program it was administering \u201cdid not match the documented approach laid-out in statute,\u201d with cybersecurity risk reporting standards as one of the most noticeable omissions.<\/p>\n<p>\t\t\tWritten by Colin Wood<br \/>\n\t\t\tColin Wood is StateScoop&#8217;s editor in chief. Contact him at colin.wood@statescoop.com or cwood.64 on Signal.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>West Virginia gives CISO greater authority to lead statewide cyber program https:\/\/statescoop.com\/west-virginia-cybersecurity-office-ciso-bill\/ Publish Date: 2026-04-03&#8230;<\/p>\n","protected":false},"author":1,"featured_media":202039,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2026\/04\/GettyImages-1558575963.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-202038","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202038"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=202038"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202038\/revisions"}],"predecessor-version":[{"id":202040,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202038\/revisions\/202040"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/202039"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=202038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=202038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=202038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}