How state governments are stepping up on cybersecurity
- By John Parmley
In my last article, I wrote about local government challenges in securing IT and networks. Like all organizations, states are being pounded by denial-of-service attacks, brute-force attacks and zero-day exploits from lone hackers or small armies marshaled by hostile governments.
The threat is only increasing. California was rocked by an election hacking incident in June, and it's a good bet that cybercriminals are conspiring to undermine the congressional midterm elections coming up across the U.S.
United we stand: Teaming up to battle cybercrime
Multiple attempts to penetrate the networks of election officials in at least 21 states leading up to the 2016 election inspired voters to demand that state officials act.
Last month the Election Assistance Commission distributed $380 million in grants to state governments, over one-third of which will go towards cybersecurity. New York, Illinois and Wisconsin have opted to invest the entirety of their funding in cybersecurity.
Other states have focused on the issue proactively by creating agencies and programs to secure government assets. California Secretary of State Alex Padilla announced earlier this year that the state is creating the Office of Election Cybersecurity, and New Jersey is adding an election specialist to the New Jersey Cybersecurity & Communications Integration Cell established in 2015. The Illinois State Board of Elections is partnering with the Department of Information Technology to spend $6.9 million on firewalls, intrusion detectors and security monitoring at every county election office. It has also launched a program called “Cyber Navigator” that aims to train state and local employees on security practices.
Looking across the various state-level initiatives, independent case studies emerge that highlight best practices and methods. Arizona implemented a cooperative approach by coordinating efforts with the Arizona Threat Response Alliance, a nonprofit partnership of businesses and universities. Washington state's chief information security officer works directly with the state CIO, emergency management and the national guard, as well as other state agencies, enhancing preparation in the event of an emergency resulting from a cyberattack.
Indiana guards against sensitive data loss and cyber attacks
Amidst these challenges, states have made strides in securing IT and information assets beyond election infrastructure. The Indiana Office of Technology, which provides hardware, network and infrastructure support to more than 100 agencies and 30,000 employees, recently implemented a software-defined access solution to securely store and share information across more than 90 state agencies.
SDA gives access to users on a case-by-case basis, for only the intended, specific applications or data. It protects information both in transit and at rest while enforcing advanced authentication policies for the entire network. It consolidates data access and exchange solutions to reduce points of failure while improving cost and labor efficiency,
IOT has deployed SDA for multiple use cases, such as person-to-person file transfers, secure vault encrypted storage and connectors to data loss protection and anti-virus scanners. SDA unifies security for all IOT agencies, which is more robust and less costly than having each one protect their data independently.
As we continue to watch cyberattacks increase in size and frequency, eyes will remain on the methods used by state offices and agencies to adapt to the increasing threat. The laboratory of American democracy that is state government will provide the strategies and solutions most efficient to battle this country’s cyber threats.