StateTech Magazine - Technology Solutions That Drive Government https://statetechmagazine.com/rss.xml en Pennsylvania Seeks to Transform Digital Services https://statetechmagazine.com/article/2019/08/pennsylvania-seeks-transform-digital-services <span>Pennsylvania Seeks to Transform Digital Services</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 08/15/2019 - 08:17</span> <div><p>Pennsylvania is embarking on a long-term program to<strong> transform the state’s digital offerings</strong> and improve services for residents. </p> <p>In late July, Gov. Tom Wolf signed <a href="https://www.governor.pa.gov/newsroom/executive-order-2019-04-establishing-a-citizen-first-government-and-promoting-customer-service-transformation/" target="_blank">an executive order</a> to transform state digital services and make it easier for residents to communicate and interact with state agencies. The so-called <strong>Customer Service Transformation</strong> consists of multiple long-term projects that will be accomplished over several years. </p> <p>Pennsylvania aims to create <strong>a single-sign system for residents to access all state services</strong>. Another project is the establishment of <strong>a single phone number for residents to call to get access to services</strong>. A third element is developing more robust ways to collect public feedback.</p> <p>“We’ll use new ideas, secure technologies, and feedback to improve the overall experience of Pennsylvanians — our customers — across state agencies,” <a href="https://www.governor.pa.gov/newsroom/governor-wolf-announces-new-plan-to-transform-state-government-customer-service-experience/" target="_blank">Wolf said in a statement</a>. “With each improvement, we will always respect each person’s privacy and ensure their data in strictly protected.”</p> <p>Pennsylvania CIO John MacMillan <a href="https://statescoop.com/pennsylvania-centralizes-digital-services-chief-data-officer/" target="_blank">tells StateScoop</a> that with these initiatives, Pennsylvania is “trying to do the greatest good for the greatest number over the long run.”</p> <p>“We’re always talking about this balance between supply and demand and this and that,” MacMillan says. Wolf’s office is <strong>focused on the long-term benefits of such technology investments</strong>, not just cost savings, MacMillan tells StateScoop. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" tabindex="-1" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2 id="toc_0">Pennsylvania Aims to Streamline Interactions with Citizens</h2> <p>One challenge the new initiative aims to tackle is that many residents do not know which department provides the service they’re reaching out about. The goal is to create a single online destination to access state services and make it secure using single sign-on technology that uses <strong>“consistent, modern, and secure authentication standards,</strong>” in the words of the executive order. That will help “simplify user account management and eliminate multiple login credentials.” </p> <p>The new system, called <strong>Keystone Login</strong>, is already offered by the state’s Department of Community and Economic Development, the Department of General Services, the Office of Administration, and the Pennsylvania Commission on Crime and Delinquency. </p> <p>“Keystone Login is more than a username and password that can be used for multiple services; it is a suite of modern identity verification tools that can provide additional levels of security based on the type of service being accessed,” Secretary of Administration Michael Newsome said in the statement. “Keystone Login will provide <strong>added convenience to our customers and allow us to strengthen our overall security</strong>.”</p> <p>The order also calls for the state to establish capabilities to connect residents to existing records systems “using a consent-based approach” that will enable users to view and update their data “across agencies and program areas in a seamless fashion using a common technology identity.” </p> <p>Similarly, the state plans to establish a single phone number to connect people to services, though existing phone numbers will continue to be usable The new central phone number is <strong>expected to be announced in the next few months</strong> and will be made available to agency services in phases, according to the statement. </p> <p>The initiative will also offer new ways for the public to provide feedback about the services they receive, according to Wolf’s office. That data will be used to<strong> identify how the state can improve and innovate</strong>, and the data will be published online.</p> <p>“We need to do more to listen to our customers and create mechanisms for transparency and accountability,” Colby Clabaugh, executive director of the Office of Performance Through Excellence, said in the statement. “We plan to build on the information currently being collected by agencies by expanding to more services, increasing the consistency of how we gather feedback and finding new ways to connect the data to achieve better outcomes.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 15 Aug 2019 12:17:51 +0000 phil.goldstein_6191 42741 at https://statetechmagazine.com Best Practices for IT Supply Chain Security in the Public Sector https://statetechmagazine.com/article/2019/08/best-practices-it-supply-chain-security-public-sector <span>Best Practices for IT Supply Chain Security in the Public Sector </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 08/14/2019 - 10:38</span> <div><p><a href="https://fedtechmagazine.com/article/2018/03/dhs-targets-cybersecurity-risks-it-supply-chains" target="_blank">IT supply chain security</a> has been a topic of conversation <a href="https://fedtechmagazine.com/article/2019/04/demand-supply-chain-safety-leads-research-new-best-practices" target="_blank">for a while now</a>, especially in regard to the federal government. </p> <p>In May, President Donald Trump signed <a href="https://www.whitehouse.gov/presidential-actions/executive-order-securing-information-communications-technology-services-supply-chain/" target="_blank">an executive order</a> “giving the federal government the power to block U.S. companies from buying foreign-made telecommunications equipment deemed a national security risk,” <a href="https://www.theverge.com/2019/5/15/18216988/white-house-huawei-china-equipment-ban-trump-executive-order" target="_blank">reported The Verge</a>. </p> <p>While the order does not name or target a single company, it was widely seen as a move to block China-based Huawei, which some U.S. lawmakers deemed a security threat (something the company has long denied). </p> <p>Although <a href="https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/06/04/the-cybersecurity-202-trump-s-ban-on-u-s-companies-supplying-huawei-will-not-make-the-country-safer-experts-say/5cf5c40ba7a0a46b92a3ff86/?utm_term=.71193b63faff" target="_blank">some experts say</a> the order won’t actually improve U.S. cybersecurity, the order <strong>underscored the importance of IT supply chain security and made it front-page news</strong>. </p> <p>Just as state and local governments <a href="https://statetechmagazine.com/article/2018/09/why-your-state-should-join-21-use-nist-cybersecurity-framework">can and should look to the federal government for guidance on cybersecurity best practices in general</a>, they can also turn to the feds for resources on <strong>IT supply chain best practices</strong>. The National Institute of Standards and Technology’s <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf" target="_blank">cybersecurity framework</a> was <a href="https://www.nist.gov/news-events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework" target="_blank">updated last year</a> to include an entire section on supply chain risk management. </p> <p>NIST’s framework offers state and local agencies some clear best practices on managing and mitigating IT supply chain risks, <a href="https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management" target="_blank">which can include</a> “the insertion of counterfeits, unauthorized production, <strong>tampering, theft, insertion of malicious software and hardware</strong>, as well as poor manufacturing and development practices in the cyber supply chain,” NIST notes. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2 id="toc_0">How to Set Up a Cyber Supply Chain Risk Management Process</h2> <p>Supply chains are wide-ranging — and in today’s world, global. “The factors that allow for low-cost, interoperability, rapid innovation, a variety of product features, and other benefits, also increase the risk of a compromise to the cyber supply chain, which may result in risks to the end user,” according to NIST. </p> <p>It starts at the sourcing of products and services, the NIST framework explains, “and extend from the design, development, manufacturing, processing, handling, and delivery of products and services to the end user.” Given how complex and interconnected supply chains are, <strong>it’s critical for public sector agencies to ensure their supply chains are secure</strong>. </p> <p>As the framework notes, cyber <strong>supply chain risk management, or SCRM</strong>, involves technology suppliers and buyers, as well as nontechnology suppliers and buyers. Tech suppliers include those that provide include traditional IT, industrial control systems, cyber-physical systems and Internet of Things devices. </p> <p>Cyber SCRM may involve many different activities, ranging from <strong>determining cybersecurity requirements for suppliers to creating such requirement contracts</strong>, communicating to suppliers how those cybersecurity requirements will be verified and making sure those requirements are validated. </p> <p>If agencies go down this route, they should identify, prioritize and assess their suppliers and third-party partners of information systems, components and services by using a cyber supply chain risk assessment process. Essentially, agencies need to figure out which suppliers pose the largest risks. </p> <p>After that, NIST recommends agencies structure their contracts with suppliers and third-party partners to include “appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.”</p> <p>Agencies should also routinely assess suppliers via<strong> “audits, test results, or other forms of evaluations” </strong>to ensure they are holding up their end of the bargain on their contracts. </p> <p>As with all cybersecurity risks, agencies should move on from the idea that their supply chains will be breached. They should do all they can to mitigate those risks and remember security does not start or end once they receive technology products.</p> <p><em>This article is part of </em>StateTech<em>'s <a href="https://statetechmagazine.com/citizen">CITizen blog series</a>. Please join the discussion on Twitter by using the <a href="https://twitter.com/hashtag/statelocalIT?f=tweets">#StateLocalIT</a> hashtag.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://statetechmagazine.com/citizen" target="_blank"><img alt="CITizen_blog_cropped_0.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/CITizen_blog_cropped_0.jpg" /></a></em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11321" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Cucuel.jpg?itok=VYnsq7d5" width="58" height="58" alt="Kevin Cucuel" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11321"> <div>Kevin Cucuel</div> </a> </div> <div class="author-bio"> <p> <div><p>Kevin Cucuel is a Business Development Manager for State and Local Government at CDW-G. With a passion for technology and customer service, Kevin focuses on aligning CDW's strengths to our customer's needs, helping them meet their business objectives.</p> </div> </p> </div> </div> </div> </div> Wed, 14 Aug 2019 14:38:06 +0000 phil.goldstein_6191 42736 at https://statetechmagazine.com How to Defeat the Latest State and Local Government Cybercrime Trends https://statetechmagazine.com/article/2019/08/how-defeat-latest-state-and-local-government-cybercrime-trends <span>How to Defeat the Latest State and Local Government Cybercrime Trends</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 08/13/2019 - 11:41</span> <div><p>The data-rich environments of state and local government networks make them ideal targets for attack. To illegally acquire that highly valuable data on individuals, financial transactions and critical infrastructure, cybercriminals are creating increasingly complex attacks. </p> <p>To successfully combat these threats, CIOs need <strong>timely intel on the latest threats</strong>, combined with <strong>advanced tools and trained teams </strong>that are up to the task of<strong> preventing, detecting and responding to such attacks</strong>.</p> <p>Below are insights from Fortinet’s “<a href="https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-report-q1-2019.pdf" target="_blank">Q1 2019 Global Threat Landscape Report</a>” that provide an analysis of some of the more popular and malicious trends that CIOs in the state and local arena need to understand if they are to properly protect their networks.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <h2 id="toc_0">Key Cybersecurity Trends Affecting State and Local Agencies</h2> <ul><li><strong>Ransomware is still very much alive. </strong>Ransomware may not be as prevalent as in the recent past, as it has been replaced with more targeted attacks, but it is not out of the picture. Instead, multiple attacks from the first quarter of the year demonstrate it is now being <strong>customized for high-value targets to give the attacker privileged access to the network</strong>. </li> <li><strong>Attackers are keeping to the work week.</strong> After comparing web filtering volume for two cyber kill chain phases during weekdays and weekends, it became clear that precompromise activity is <strong>roughly three times more likely to occur during the work week</strong>, while post-compromise traffic shows less differentiation. This is primarily because exploitation activity often requires someone to take an action, such as clicking on a phishing email. In contrast, command and control activity does not have this requirement and can occur any time. </li> <li><strong>Let’s all share … infrastructure. </strong>The majority of threats leverage community-use infrastructure more than unique or dedicated infrastructure. <strong>Nearly 60 percent</strong> of threats shared at least one domain, indicating the majority of botnets leverage established infrastructure from the same set of public providers. IcedID a Trojan targeting the banking industry, is an example of this <strong>“why buy or build when you can borrow?”</strong> behavior. In addition, when threats share infrastructure, they tend to do so within the same stage in the kill chain; however, it is unusual for a single threat to leverage a domain for exploitation and then later leverage it again for its command and control traffic. Understanding which threats share infrastructure, and at what points in the attack chain this happens, enables organizations to look for specific traffic headed to or coming from a known destination, as well as to predict potential evolutionary points for malware or botnets in the future.</li> </ul></div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/12126" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Anthony%20Giandomenico%20%281%29.jpg?itok=AYw62fA1" width="58" height="58" alt="Anthony Giandomenico" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/12126"> <div>Anthony Giandomenico</div> </a> </div> <div class="author-bio"> <p> <div><p>Anthony Giandomenico, a senior security strategist/researcher and CTI lead at Fortinet, is an experienced information security executive, evangelist, entrepreneur and mentor with over 20 years of experience. In his current position at Fortinet, he is focused on delivering knowledge, tools and methodologies to properly demonstrate advanced threat concept and defense strategy using a practical approach to security.</p> </div> </p> </div> </div> </div> </div> Tue, 13 Aug 2019 15:41:53 +0000 phil.goldstein_6191 42731 at https://statetechmagazine.com What Is a Vulnerability Scanner and How Can It Help Boost Election Security? https://statetechmagazine.com/article/2019/08/what-vulnerability-scanner-and-how-can-it-help-boost-election-security-perfcon <span>What Is a Vulnerability Scanner and How Can It Help Boost Election Security?</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 08/12/2019 - 12:44</span> <div><p>With 2020 political campaigns in full swing, the conversion of<strong> election security</strong> has again come to the fore. </p> <p>How can state and county election officials help secure their voting systems ahead of the 2020 elections? <strong>Vulnerability scanning </strong>is a good place to start. Such scans are a Software as a Service function that helps <strong>discover weaknesses and allow for both authenticated and unauthenticated scans</strong>. </p> <p>In June, perennial swing state Florida <a href="https://www.orlandoweekly.com/Blogs/archives/2019/06/17/florida-will-provide-51-million-for-election-cybersecurity-ahead-of-2020-election" target="_blank">announced</a> a $5.1 million investment into election cybersecurity following disclosures in May that two counties in the state fell victim to <a href="https://www.nytimes.com/2019/05/14/us/florida-election-hacking-desantis.html" target="_blank">a spear phishing attack by Russian hackers in 2016</a>. </p> <p>How dangerous is the election security threat landscape? It’s complicated and it covers everything from <strong>outdated voting machines that may be vulnerable to hacking to the networks used to process and transfer voting totals</strong> and voter registration rolls.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <h2 id="toc_0">Why Are Vulnerability Assessments Important?</h2> <p>Vulnerability scans and assessments of election infrastructure are critical, because “from a cyber perspective, every part of the election process that involves some type of electronic device or software is vulnerable to exploitation or disruption,” as <a href="https://www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook" target="_blank">a 2018 Belfer Center for Science and International Affairs report notes</a>. </p> <p><strong>Outdated voting machines</strong> are just one threat vector. There are multiple levels of the election system that must be secured (and where vulnerabilities must be assessed) by officials at all levels of government, the Belfer report notes. </p> <p>Those include <strong>voter registration databases, electronic poll books, vote capture devices, vote tally systems and election night reporting systems</strong>. Another level consists of “intermediary government functions that connect to multiple election system components: other state and county-level systems, and election officials’ internal communication channels.” </p> <p>The third level is made up of “external functions that touch the entirety of the elections process: vendors, and traditional and social media at the local and national level.”</p> <p><a href="https://statetechmagazine.com/article/2019/07/managed-security-services-help-public-sector-tackle-cyberthreats" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out how managed security services help state and local agencies boost cybersecurity. </em></a></p> <h2 id="toc_1">Election Security Threats in 2020</h2> <p>In testimony <a target="_blank">on June 25 before two subcommittees</a> of the House Committee on Science, Space, and Technology, Neal Kelley, registrar of voters for Orange County, Calif., discussed a 2018 National Academies of Sciences, Engineering, and Medicine report, “<a href="https://www.nap.edu/catalog/25120/securing-the-vote-protecting-american-democracy" target="_blank">Securing the Vote: Protecting American Democracy</a>.”</p> <p>The report recommends that states and counties not use the internet, or any network connected to the internet, for a voter casting a ballot or the return or marked ballots. </p> <p>“There is no known technology that guarantees the secrecy, verifiability, and security of a marked ballot transmitted over the Internet,” Kelley said. “No matter how well constructed or prepared,<strong> it is impossible to anticipate and prevent all possible attacks through the Internet </strong>and we know that there are actors who look for vulnerabilities with the deliberate intention to compromise America’s elections.”</p> <p>Voter registration databases are also vulnerable to cyberattacks, whether they stand alone or are connected to other applications, according to Kelley. Currently, election administrators are not required to <strong>report any detected compromises or vulnerabilities in voter registration systems</strong>, he noted. </p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 12 Aug 2019 16:44:23 +0000 phil.goldstein_6191 42726 at https://statetechmagazine.com Managing the Hybrid Cloud in the Public Sector https://statetechmagazine.com/resources/white-paper/managing-hybrid-cloud-public-sector <span>Managing the Hybrid Cloud in the Public Sector </span> <div><p>Across industries, many organizations have found that they’re able to achieve benefits such as cost savings, enhanced agility and improved business continuity by <strong>integrating their private clouds with public cloud resources</strong> in a hybrid model. <strong>A hybrid approach can provide a best-of-both-worlds experience</strong>, allowing organizations to place workloads where they are best suited, or to take advantage of additional capacity in the public cloud during periods of peak resource demand.</p> <p>However, the hybrid cloud is not without its challenges. The model has evolved substantially since its debut less than a decade ago, with organizations increasingly incorporating resources from their private clouds and several public cloud providers in a multicloud approach. While this evolution gives organizations more freedom and flexibility,<strong> it can also introduce management hurdles around cost, performance, visibility and security</strong>.</p> <p>By incorporating cloud management best practices and tools, organizations can ensure that their hybrid clouds will adapt with a changing IT landscape and continue to provide business value well into the future.</p> </div> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 08/08/2019 - 08:21</span> <img src="/sites/statetechmagazine.com/files/document_images/HybridCloud-whitepaper.jpg" width="800" height="533" alt="hybrid cloud " typeof="foaf:Image" /> <div> <div>Document File</div> <div><span class="file file--mime-application-pdf file--application-pdf"><a href="https://statetechmagazine.com/sites/statetechmagazine.com/files/document_files/mkt31471-upftf-hybrid-cloud-white-paper%20%281%29.pdf" type="application/pdf; length=220997">mkt31471-upftf-hybrid-cloud-white-paper (1).pdf</a></span> </div> </div> Thu, 08 Aug 2019 12:21:57 +0000 phil.goldstein_6191 42721 at https://statetechmagazine.com Agencies Can Turn to Federal Grants to Fund Cybersecurity Efforts https://statetechmagazine.com/article/2019/08/agencies-can-turn-federal-grants-fund-cybersecurity-efforts <span>Agencies Can Turn to Federal Grants to Fund Cybersecurity Efforts</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 08/07/2019 - 08:18</span> <div><p>At a June hearing of the U.S. House Committee on Homeland Security, Atlanta Mayor Keisha Lance Bottoms made a push for <strong>increased federal cybersecurity funding for states and cities</strong>, <a href="https://statescoop.com/house-panel-floats-new-cybersecurity-grants-for-state-and-local-governments/" target="_blank">StateScoop reports</a>.</p> <p>Bottoms recalled the <a href="https://statescoop.com/one-year-after-atlantas-ransomware-attack-the-city-says-its-transforming-its-technology/" target="_blank">March 2018 ransomware attack</a> that disabled Atlanta IT systems ranging from court scheduling to utility bill payments. </p> <p>“It’s important for federal funding to trickle down to our cities like Atlanta and smaller cities to allow us to be able to<strong> buy insurance and build stronger systems</strong>,” Bottoms testified. “When we experienced our cyberattack, it was clear we were not prepared. We had not made the necessary investments. We were putting patches on gaping holes.”</p> <p>When assessing options for cybersecurity funding, state and local governments <strong>often discover they lack the funding to achieve their vision</strong>. Then, they may turn to federal funding sources to pay for cybersecurity upgrades. A few of these funding services <strong>tackle cybersecurity challenges directly</strong> while others may<strong> bolster cybersecurity by establishing or strengthening broadband or other citizen services</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <h2 id="toc_0">Emergency Programs Provide Direct Federal Money for Cybersecurity</h2> <p>Perhaps the most prominent example of federal cybersecurity grants in recent months is hundreds of millions of dollars made available by the U.S. Election Assistance Commission.</p> <p>In April, the EAC reported U.S. states and territories “spent <strong>8 percent</strong> of the<strong> $380 million</strong> Congress approved by the time the elections rolled around,” <a href="https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/04/05/the-cybersecurity-202-states-spent-just-a-fraction-of-380-million-in-election-security-money-before-midterms/5ca697b81b326b0f7f38f32b/" target="_blank">the <em>Washington Post</em> reports</a>. </p> <p>The $31 million states spent by September 2018 was mostly targeted at low-hanging fruit, such as<strong> staff training on cybersecurity best practices, new digital protections for staff who access election systems and more regular updates to software</strong>, according to the report. States have through Sept. 30, 2023, to request funds, <a href="https://www.eac.gov/2018-hava-election-security-funds/" target="_blank">according to EAC guidance</a>.</p> <p>The Homeland Security Grant Program, <a href="https://www.fema.gov/homeland-security-grant-program" target="_blank">administered by the Federal Emergency Management Agency</a>, provides states and urban areas with funding to prepare for and respond to catastrophes, including cyberattacks.</p> <p>Only <strong>4 percent</strong> of funds distributed by the Homeland Security Grant Program goes toward augmenting cybersecurity, Frank J. Cilluffo, the director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, <a href="http://cchs.auburn.edu/_files/the-impacts-of-state-owned-enterprises-on-public-transit-and-freight-rail-sectors.pdf" target="_blank">told the House Homeland Security Committee in June</a>. </p> <p>Cilluffo recommended a requirement that <strong>states match funds to qualify for federal grants</strong>. Such a requirement would motivate states to increase cybersecurity spending in their IT budgets. State cybersecurity spending averages only one percent to two percent of total IT budgets annually, <a href="https://www.nascio.org/Newsroom/ArtMID/484/ArticleID/729/2018-Deloitte-NASCIO-Cybersecurity-Study-Top-Challenges-Persist-Since-2010-Calls-for-Bold-Changes" target="_blank">according to the National Association of State Chief Information Officers</a>. </p> <p><em><a href="https://statetechmagazine.com/article/2019/07/managed-security-services-help-public-sector-tackle-cyberthreats" target="_blank"><strong>MORE FROM STATETECH: </strong>Find out how managed security services help state and local agencies boost cybersecurity.</a> </em></p> <h2 id="toc_1">Nonemergency Programs Can Indirectly Boost Cybersecurity</h2> <p>Outside of federal spending directed toward combatting cybersecurity emergencies, other agencies offer state and local communities options for grant funding that could strengthen cyberdefenses.</p> <p>The National Science Foundation awards about <strong>$1 billion</strong> in <a href="https://www.nsf.gov/funding/pgm_list.jsp?org=cise" target="_blank">computer science research annually</a>. Research tends to focus on specific areas such as transportation and personal mobility, water management, emergency management and public safety, energy and smart grids, among others. </p> <p>While NSF primarily funds research at universities, its grant programs focus on doing so in partnership with communities, explained Meghan Houghton, NSF Senior Advisor for Strategic Engagements, at the <a href="https://pages.nist.gov/GCTC/event/gctc-expo-2019/" target="_blank">Smart and Secure Cities and Communities Expo</a> in Washington, D.C., on July 11.</p> <p>Communities typically use NSF funds for projects in<strong> emerging technologies such as data analytics, privacy, artificial intelligence, human-computer interactions </strong>and others — all of which may have cybersecurity components. “Our program is focused on an iterative cycle to conduct research with a community to have significant community impact,” Houghton said.</p> <p>Broadband grant funding is available from the federal government <a href="http://usda.gov/broadband" target="_blank">under the U.S. Department of Agriculture</a>. USDA invests in rural telecommunications infrastructure, and it offers more than <strong>$700 million per year</strong> for modern broadband connectivity in rural communities, said Ryeon Corsi, USDA Management and Program Analyst for the<a href="https://www.rd.usda.gov/programs-services/all-programs/telecom-programs" target="_blank"> Rural Utilities Service Telecommunications Program</a>, at the Smart and Secure Cities and Communities Expo. USDA planned to increase its funding with at least $600 million for expanding rural broadband infrastructure in unserved rural areas and tribal lands.</p> <p>Jeanne Milliken Bonds, senior manager of community development for the Federal Reserve Bank of Richmond, explained that local governments can seek loans from banks under the Community Reinvestment Act, a federal law passed in 1977.</p> <p>While officials may think of CRA loans as sources of funding for affordable housing and small businesses, updated guidance in 2016 <strong>added broadband (as well as services associated with broadband) as an essential infrastructure eligible</strong> for CRA loans.</p> <p>As Bond explains, CRA loans favor business plans with <a href="https://www.richmondfed.org/-/media/richmondfedorg/press_room/rfaag/2018/bonds_ndia_20180419.pdf" target="_blank">measurable milestones, mission statements and programming support</a>. A community should be able to articulate how funds will be used. </p> <p>With clearly specified objectives, a strong supporting plan and a detailed proposed budget, state and local governments can turn to the federal grants option that best fits their needs to seek additional funding for cybersecurity.</p> <p><em>This article is part of </em>StateTech<em>'s <a href="https://statetechmagazine.com/citizen">CITizen blog series</a>. Please join the discussion on Twitter by using the <a href="https://twitter.com/hashtag/statelocalIT?f=tweets">#StateLocalIT</a> hashtag.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://statetechmagazine.com/citizen" target="_blank"><img alt="CITizen_blog_cropped_0.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/CITizen_blog_cropped_0.jpg" /></a></em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11321" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Cucuel.jpg?itok=VYnsq7d5" width="58" height="58" alt="Kevin Cucuel" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11321"> <div>Kevin Cucuel</div> </a> </div> <div class="author-bio"> <p> <div><p>Kevin Cucuel is a Business Development Manager for State and Local Government at CDW-G. With a passion for technology and customer service, Kevin focuses on aligning CDW's strengths to our customer's needs, helping them meet their business objectives.</p> </div> </p> </div> </div> </div> </div> Wed, 07 Aug 2019 12:18:11 +0000 phil.goldstein_6191 42716 at https://statetechmagazine.com How a Secure Cloud Architecture Can Help Smart Cities https://statetechmagazine.com/article/2019/08/how-secure-cloud-architecture-can-help-smart-cities <span>How a Secure Cloud Architecture Can Help Smart Cities</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 08/06/2019 - 09:05</span> <div><p>As cities deploy Internet of Things sensors and IP-connected surveillance cameras to help with everything from easing traffic congestion to improving air quality and public safety, they are also <a href="https://statetechmagazine.com/article/2018/11/cities-are-getting-smarter-and-more-vulnerable-cyberattacks">increasingly vulnerable</a> to <a href="https://statetechmagazine.com/article/2019/01/botnet-attacks-how-city-governments-can-defend-against-ddos-attacks-fueled-iot-botnets-perfcon" target="_blank">cyberattacks</a>. </p> <p>To help smooth adoption of smart city technologies while maintaining security, the Smart City and Community Challenge cloud privacy security rights inclusive architecture (SC3-cpSriA) action cluster last month <a href="https://gctc.opencommons.org/images/f/ff/CommunityCloudPrivacy.pdf" target="_blank">released a blueprint for smart cities</a>.</p> <p>Specifically, the blueprint <strong>outlines how cities can create a secure, hybrid cloud architecture</strong>, including multicloud, intercloud and federated cloud (to edge) service designs. It is aimed at supporting <strong>“security, confidentiality, access control, least privileges and safeguarding”</strong> personally identifiable information across the IoT and beyond. </p> <p>“You know about the Baltimore ransomware attacks, you know about the Atlanta one, you know about the two Florida cities that just paid off in bitcoin their ransomware attackers,” Lee McKnight, a professor at Syracuse University who oversees the SC3-cpSriA action cluster’s work on secure cloud architecture, <a href="https://gcn.com/articles/2019/07/11/smart-city-secure-cloud-architecture.aspx" target="_blank">tells <em>GCN</em></a>. </p> <p>“All that is a result of essentially a combination of legacy systems from cities with limited budgets. The cities can’t afford the IT staff or numbers of a Google or an IBM or Amazon or Microsoft for securing cloud services," he says. <strong>"They’re always going to be more vulnerable because of their limited expertise and awareness.”</strong></p> <p><a href="https://statetechmagazine.com/article/2017/12/intelligent-transportation-systems-save-cents-main-street" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Find out how intelligent transportation systems save cities money.</em></a></p> <h2 id="toc_0">Secure Cloud Architecture Can Support Smart City Use Cases</h2> <p>The blueprint notes that the idea behind a secure cloud architecture for open public data obviously means ensuring that sensitive personal, corporate and public service data can be understood and handled with safety. </p> <p>By reading the blueprint, city IT leaders can learn about how to deploy “mechanisms to<strong> better coordinate cloud services, including cloud backups for disaster recovery</strong>, and reduce costs by use of common templates and models,” the plan notes. That will help extend the deployment of innovative cloud services and “cyberphysical” systems in smart cities. </p> <p>The secure cloud architecture is designed to automate processes and reduce risks across smart city systems. </p> <p>“It <strong>minimizes the risk and treats all those legacy systems as honeypots</strong>,” McKnight tells <em>GCN</em>. “You don’t care if they’re attacked because you’ve got everything backed up to the cloud. <strong>Nothing worse than a day’s loss of data </strong>can ever happen because we’ve designed this properly.” </p> <p>The SC3-cpSriA action cluster tested the secure cloud architecture on a network of city-owned LED smart streetlights in <a href="https://statetechmagazine.com/article/2019/06/syracuse-reaches-future-smart-city-plan">Syracuse, N.Y.,</a> according to <em>GCN</em>. It is also looking to expand to other use cases, including<strong> catch basin monitoring and water metering projects</strong>.</p> <p>According to the blueprint, those working on smart city projects in those three categories “may consider if and how security, privacy, data protection and rights-inclusive cloud architecture guidelines may be followed.” Further, the action cluster says the “ethics for facial recognition, machine learning and artificial intelligence systems and cloud services in future smart cities with privacy, security and rights-inclusive architecture will also be reviewed.”</p> <p>The blueprint advocates for a three-level data classification model that ranks data risk classification when building a hybrid cloud architecture. </p> <ul><li><strong>Red indicates sensitive data including PII</strong>; this is the most controlled and restricted.</li> <li><strong>Yellow indicates information of medium sensitivity</strong> whose access may be controlled, but which by law can be shared more widely; this data still has controls and monitoring.</li> <li><strong>Green indicates low-sensitivity data </strong>that can be shared openly; this covers smart city civic and open data.</li> </ul><p>“Based on the data type, officials can determine the legal and regulatory requirements they will draw around their data, what security they require for it, and how data storage and collection could impact residents’ privacy and security,” <a href="https://www.meritalk.com/articles/blueprint-for-hybrid-cloud-adoption-in-smart-cities/" target="_blank">MeriTalk reports</a>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 06 Aug 2019 13:05:06 +0000 phil.goldstein_6191 42711 at https://statetechmagazine.com 5 Unexpected Bumps on the Road to 5G https://statetechmagazine.com/article/2019/08/5-unexpected-bumps-road-5g <span>5 Unexpected Bumps on the Road to 5G</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 08/05/2019 - 11:10</span> <div><p>5G is seeing its <a href="https://www.cnet.com/news/verizon-turns-on-5g-in-atlanta-detroit-indianapolis-and-washington-dc/" target="_blank">first limited runs</a> in <a href="https://www.cnet.com/news/at-t-turns-on-5g-network-in-las-vegas-expands-to-20-cities/" target="_blank">cities</a> around <a href="https://www.sdxcentral.com/articles/news/o2-uk-joins-5g-race-reveals-launch-date/2019/07/" target="_blank">the world</a>. And when new network tech gets out of the lab and into the field, real-world testing reveals some of the surprises that have been hiding under the surface. </p> <p>There are<strong> at least five 5G hurdles</strong> that commonly crop up in work with operators, device makers, network equipment manufacturers and city planners. </p> <p>New mobile tech always brings new challenges. The key is understanding what needs to happen next <strong>to keep the journey to mobile’s next-generation network on track for cities</strong> and the surrounding regions that depend on them. </p> <p><a href="https://statetechmagazine.com/article/2019/03/benefits-5g-network-slicing-public-safety-perfcon" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out how 5G network slicing technology can benefit public safety. </em></a></p> <h2 id="toc_0">1. New 5G Signals Make Weather Forecasting Foggy</h2> <p>5G will largely run on <strong>20- to 60-gigahertz frequencies</strong>, which are being auctioned off right now. This concerns the weather community because water vapor is measured using radio microwaves that need to operate at the 23.8GHz frequency. </p> <p>Too many cells in one area could generate too much noise, which <strong>could cause 5G to interfere with the frequency</strong>. The dialogues and controversies continue between the weather community and regulators such as the Federal Communications Commission in the U.S. on what an appropriate resolution looks like. </p> <p>It may very well come down to the FCC <strong>enforcing lower power limits from millimeter wave transmitters, which interact with the radio microwaves</strong>. That could spell trouble for operators who want to generate a longer range of coverage with their transmitters. Even if the FCC enforces new rules and a logical buffer between 23 and 24 adjacent bands proves to be enough, the bigger concern could be 24GHz itself. The entire span is already filled with traffic, and the nearest open neighboring frequency — amateur radio — could be the scariest one of all. The bottom line is that this problem will require <strong>a surgical solution that cities and surrounding communities need to test extensively in advance of widespread deployments</strong>.</p> <h2 id="toc_1">2. City Planners Say No to Overweight Antennas</h2> <p>Operators have been working with cities to re-evaluate early 5G antenna form factors. In one particular incident in Canada where initial 5G testing was taking place, operators were looking to reinforce a larger antenna configuration (64 transmit antennas and 64 receive antennas) to support 5G. But they soon found out that<strong> bigger would not be the answer as building roofs started to buckle</strong>, causing city planners to ask all parties to go back to the drawing board. </p> <p>These unnecessary, extra costs and delays can potentially cripple a city’s progress toward 5G. Antenna manufacturers are now tasked with <strong>designing smaller antennas</strong> that can deliver the same capabilities and benefits found in their larger siblings — no small feat this early in 5G’s lifecycle. </p> <p><a href="https://statetechmagazine.com/article/2018/10/how-5g-wireless-networks-will-impact-smart-cities" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover how 5G networks will impact smart cities. </em></a></p> <h2 id="toc_2">3. 5G Field Testing May Lag Where You Least Expect It</h2> <p>Making 5G’s ambitious use cases a reality will require navigating back-end complexity through extensive testing that includes real-world field scenarios. What’s played out in the city of Palo Alto, Calif., is perhaps surprising given its strong technology DNA, but other cities around the country could find themselves in similar situations. </p> <p>Palo Alto’s City Council and architectural review board have received countless <a href="https://www.stanforddaily.com/2019/04/16/city-council-passes-resolution-on-wireless-antenna-with-modifications-following-community-pushback/" target="_blank">complaints from residents</a> about the designated placements of new cell sites, forcing government officials to <a href="https://www.paloaltoonline.com/news/2019/04/12/with-pressure-rising-city-eyes-overhaul-of-cell-antenna-rules" target="_blank">decelerate the permit approval process</a>. With fewer cell sites up and running, tech companies that want to test innovative 5G use cases on their own turf are running into roadblocks. On the other hand, <strong>cities with more relaxed policies have an opportunity to become 5G testing hotbeds</strong>. </p> <h2 id="toc_3">4. One Antenna Size Does Not Fit All for Next-Gen Smartphones</h2> <p>As older mobile network tech is phased out, the spectrum must be “refarmed” to make room for the new. Of course, this doesn’t happen at the flip of a switch, and <strong>timetables around the country will vary</strong>. While this creates headaches for the whole ecosystem, device makers are feeling the most pain as they cram more and more antennas into handsets in an attempt to offer coverage for all networks in all regions. </p> <p>They are coming to terms with the fact that they’ll need to reconfigure the number of antennas placed in each device based on that device’s final destination. This is hardly an ideal solution for an industry already grappling with enough supply chain logistics challenges. </p> <h2 id="toc_4">5. Most Services Are Not Ready to Deliver 5G Performance</h2> <p>There was a time when app developers were pushing mobile networks way past their limits. You may recall that when Netflix started streaming video to handsets in 2010, networks all but buckled. But as 5G remains poised to <a href="https://statetechmagazine.com/article/2019/03/benefits-5g-network-slicing-public-safety-perfcon">offer immersive video, virtual reality and more</a>, very few apps are ready to deliver superior performance. In my recent testing, I am finding that <strong>most popular consumer apps are optimized for 4G LTE and not much more</strong>. </p> <p>Though 5G deployments and handsets are limited, it’s surprising not to see more developers wanting to be early stars capitalizing on unprecedented performance capabilities. </p> <p>Given the hype and soaring expectations around 5G, everyone in the value chain will want to test early and often to make sure they <strong>get as much right as possible out of the gate</strong>. Some of these early hiccups are par for the course, and now is the time to work out the kinks. Yes, 5G will necessitate more over-the-air (OTA) testing than originally anticipated, but OTA is critical for the evaluation of end-user devices and user behaviors. </p> <p>The more the mobile industry knows now, the fewer surprises there will be down the road for cities around the country, making for a smoother and faster 5G journey.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/12116" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Stephen%20Douglas.jpg?itok=WX5fT7wQ" width="58" height="58" alt="Steve Douglas, head of 5G strategy at Spirent" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/12116"> <div>Steve Douglas</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=s_n_douglas&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Steve Douglas is head of 5G strategy at Spirent, helping to guide IoT device testing strategies for operators, device makers, network equipment manufacturers and large enterprise customers.</p> </div> </p> </div> </div> </div> </div> Mon, 05 Aug 2019 15:10:53 +0000 phil.goldstein_6191 42706 at https://statetechmagazine.com Maryland Moves to Formalize Cybersecurity Defenses https://statetechmagazine.com/article/2019/08/maryland-moves-formalize-cybersecurity-defenses <span>Maryland Moves to Formalize Cybersecurity Defenses </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 08/01/2019 - 09:50</span> <div><p>Maryland has taken steps to beef up its cybersecurity defenses and raise the profile and importance of IT security in state government. The shift is happening following Maryland’s recent disclosure of a data breach at the state Department of Labor.</p> <p>In June, Maryland Gov. Larry Hogan <a href="https://governor.maryland.gov/wp-content/uploads/2019/06/Maryland-Cyber-Defense-Initiative-EO-01.01.2019.07.pdf" target="_blank">signed an executive order</a> that created two new government entities to <strong>manage cybersecurity defenses and policies</strong> for the state. It also <strong>f</strong><strong>ormalized the role of the state CISO</strong>. </p> <p>Just weeks later, <a href="https://www.dllr.state.md.us/whatsnews/datahotline.shtml" target="_blank">the state Department of Labor announced</a> that two database systems it manages were potentially available to unauthorized users, potentially exposing the personally identifiable information of about <strong>78,000 users</strong>. The disclosure <strong>underscores the importance of cybersecurity protections for the state</strong>. </p> <p><em><a href="https://statetechmagazine.com/article/2019/07/managed-security-services-help-public-sector-tackle-cyberthreats" target="_blank"><strong>MORE FROM STATETECH: </strong>Find out how managed security services help state and local agencies boost cybersecurity.</a> </em></p> <h2 id="toc_0">Maryland Reinforces Critical Need for Cybersecurity Protections</h2> <p>Under the order, the state Department of Information Technology will house an Office of Security Management, which will be responsible for directing, coordinating and implementing cybersecurity policy for the state’s executive agencies. </p> <p>The new office, which is being led by Maryland CISO John Evans, will develop standards for <strong>categorizing information and information systems collected or maintained on behalf of state agencies</strong>, as well as<strong> guidelines for data governance</strong>. It will also implement security requirements (such as management, operational and technical controls) for data. The office will manage security awareness training for all relevant government employees. And it will also develop a <strong>digital identity standard and specification for the government</strong>. </p> <p>“The order aims to<strong> bring Maryland into line with the cybersecurity framework</strong> published by the National Institute of Standards and Technology, which is considered the gold standard for enterprise cybersecurity architecture,” <a href="https://statescoop.com/maryland-larry-hogan-cybersecurity-order-ciso/" target="_blank">StateScoop reports</a>. </p> <p>In addition to codifying the role of CISO, the order also establishes the <strong>Maryland Cybersecurity Coordinating Council</strong>, which will advise the CISO’s office on the strategy and implementation of cybersecurity initiatives and how the state can best identify IT security risks and respond to and recover from cyberattacks. </p> <p>The council will be chaired by the state CISO and include the state’s secretaries of budget, general services, human services, public safety, health and transportation, as well as the heads of the Maryland Emergency Management Agency, Maryland National Guard and state police.</p> <p>Just a few weeks after the executive order was signed, the state Department of Labor announced the results of an investigation undertaken earlier this year by the Department of Information Technology about the data breach. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity_IR_howstrong_700x220.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Cybersecurity_IR_howstrong_700x220.jpg" /></a></p> <p>It determined that files stored on the Literacy Works Information System and a legacy unemployment insurance service database<strong> “were subject to possible unauthorized access” through the internet</strong>, <a href="https://www.dllr.state.md.us/whatsnews/datahotline.shtml" target="_blank">according to a press release</a>. </p> <p>“Upon notification of the possibility of unauthorized access, Maryland DoIT implemented countermeasures and initiated an investigation,” the release notes. “Working with the Department of Labor, Maryland DoIT also notified law enforcement and retained an independent expert to investigate how the information was accessed.” </p> <p>The Department of Labor says it has completed a full review of its protocols and security measures to prevent future breaches. So far, the investigation has <strong>not found any evidence that any personally identifiable information was downloaded or extracted</strong> from the department’s servers.</p> <p>Meanwhile, the National Governors Association <a href="https://www.nga.org/news/press-releases/nga-to-assist-7-states-on-cybersecurity-strategies/" target="_blank">announced in July</a> that Maryland is one of seven states it is working with “to develop action plans to advance and refine key priorities in cybersecurity.”</p> <p><a href="https://statescoop.com/cybersecurity-strategy-state-government-national-governors-association-2019/" target="_blank">According to StateScoop</a>, “Maryland and Arkansas will look to develop methods to help their local governments, which are often much more <a href="https://statescoop.com/ransomware-solution-outsource-all-it-local-government/" target="_blank">strained for IT resources and talent</a>, build better defenses.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein" hreflang="en"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 01 Aug 2019 13:50:19 +0000 phil.goldstein_6191 42701 at https://statetechmagazine.com Delivering the Modern Meeting Experience for State and Local Agencies https://statetechmagazine.com/resources/white-paper/delivering-modern-meeting-experience-state-and-local-agencies <span>Delivering the Modern Meeting Experience for State and Local Agencies </span> <div><p>The evolution of technology and meeting spaces offers a higher level of workplace collaboration.<strong> Video solutions are now essential for supporting remote workers, connecting far-flung employees and making meetings more productive.</strong></p> <p>The workplace has evolved considerably over the past decade. Meeting spaces need to keep up.</p> <p>Today, more and more employees are working remotely, giving rise to a pressing need to <strong>create more meaningful and deeper connections between colleagues via collaboration tools</strong>. At the same time, video solutions finally made significant inroads with the consumer market, resulting in a workforce that not only accepts video solutions, but has even come to expect them.</p> <p>To enable effective video collaboration, organizations must make strategic investments in a range of technologies — including<strong> video displays, software platforms, advanced cameras and audio solutions</strong> — and then connect these tools in ways that both ensure compatibility and lead to tangible business benefits. Above all, video solutions need to provide end users with a simplified, seamless experience that helps to boost their productivity and easily connect with colleagues and clients.</p> </div> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 07/31/2019 - 10:13</span> <img src="/sites/statetechmagazine.com/files/document_images/DigitalMeeting-SL.jpg" width="800" height="533" alt="Modern meeting using video collaboration tech" typeof="foaf:Image" /> <div> <div>Document File</div> <div><span class="file file--mime-application-pdf file--application-pdf"><a href="https://statetechmagazine.com/sites/statetechmagazine.com/files/document_files/mkt33552-modern-meetingexperience-wp.pdf" type="application/pdf; length=214428">mkt33552-modern-meetingexperience-wp.pdf</a></span> </div> </div> Wed, 31 Jul 2019 14:13:22 +0000 phil.goldstein_6191 42696 at https://statetechmagazine.com