StateTech Magazine - Technology Solutions That Drive Government https://statetechmagazine.com/rss.xml en Ransomware Protection, Removal and Recovery Best Practices for State and Local Governments https://statetechmagazine.com/article/2019/05/ransomware-protection-removal-and-recovery-best-practices-state-and-local-governments-perfcon <span>Ransomware Protection, Removal and Recovery Best Practices for State and Local Governments </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/23/2019 - 14:19</span> <div><p>Baltimore is still struggling to recover from <strong>a ransomware attack </strong>that first crippled Charm City more than two weeks ago.</p> <p><a href="https://www.npr.org/2019/05/21/725118702/ransomware-cyberattacks-on-baltimore-put-city-services-offline" target="_blank">As NPR reports</a>, “the online aspects of running the city are at an impasse.<strong> Government emails are down, payments to city departments can't be made online and real estate transactions can't be processed</strong>.”</p> <p>Baltimore is the second apparent victim of the so-called RobbinHood ransomware attack, <a href="https://www.securityinfowatch.com/cybersecurity/information-security/anti-virus-and-malware-defense/news/21081286/analysis-of-ransomware-used-in-baltimore-attack-indicates-hackers-needed-unfettered-access-to-city-computers" target="_blank">according to the <em>Baltimore Sun</em></a>, following Greenville, N.C. The effects are wide-ranging, <a href="https://arstechnica.com/information-technology/2019/05/baltimore-ransomware-nightmare-could-last-weeks-more-with-big-consequences/" target="_blank">Ars Technica reports</a>:</p> <blockquote><p>It may be weeks more before the city's services return to something resembling normal — manual workarounds are being put in place to handle some services now, but the city's water billing and other payment systems remain offline, as well as most of the city's email and much of the government's phone systems.</p> </blockquote> <p><strong>The scourge of ransomware</strong>, in which attackers seize control of digital assets and hold them hostage in exchange for payment, continues to haunt state and local governments.</p> <p>Government agencies should follow ransomware protection and recovery best practices to ensure their services are not taken offline the way Baltimore’s have been, experts say. That includes <strong>user education as a first line of defense</strong> to ensure they do not click on malicious links that will introduce ransomware, as well as <strong>robust and redundant backups of applications and data</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <h2 id="toc_0">Why Do Ransomware Attacks Persist as a Threat?</h2> <p>Last year, ransomware attacks targeted state and local governments of all sizes, from <a href="https://statetechmagazine.com/article/2018/03/7-tips-protect-city-governments-cyberattacks">Atlanta</a> to <a href="https://statetechmagazine.com/article/2018/08/alaska-municipality-suffers-devastating-ransomware-attack">Alaska's Matanuska-Susitna Borough</a>, from <a href="https://statetechmagazine.com/article/2018/10/port-san-diego-continues-recover-ransomware-attack">the Port of San Diego</a> to <a href="https://statetechmagazine.com/article/2019/01/how-colorado-mounted-best-defense-against-ransomware">the Colorado Department of Transportation</a>.</p> <p>The attacks have continued to succeed in 2019. In January, <a href="https://www.zdnet.com/article/ransomware-attack-sends-city-of-del-rio-back-to-the-days-of-pen-and-paper/" target="_blank">a ransomware attack on the city of Del Rio, Texas</a>, shut down City Hall servers and forced officials to resort to pen and paper to provide services. The city of Sammamish, Wash., <a href="https://statescoop.com/ransomware-attack-takes-down-city-services-in-sammamish-washington/" target="_blank">had to declare a city emergency</a> after ransomware took hold of its systems, affecting storage drives and internal shared files.</p> <p><strong>“I think it is a sleeping giant,” </strong>Alan Shark, executive director of the <a href="https://www.pti.org/" target="_blank">Public Technology Institute</a>, says about ransomware. “I think people, even some of the people in the security business, have said, ‘It has peaked’ or, ‘It’s not that bad.’ I think it’s our No.1 concern still.”</p> <p>Attackers work by finding vulnerabilities and exploiting them, Shark notes. “They are able to extract such damage because of the inherent weaknesses in local government compared to the private sector,” he says.</p> <p>Shark says some of those weaknesses include <strong>not having enough IT leaders who are adequately trained in cybersecurity</strong>, or having CIOs who are doubling as CISOs and are stretched thin by their responsibilities.</p> <p>Danny Allan, vice president of product strategy at backup solution provide <a href="https://www.cdwg.com/content/cdwg/en/brand/veeam.html" target="_blank">Veeam</a>, says the attacks are continuing because “success begets success.”</p> <p>“As ransomware continues to compromise places like the city of Baltimore and similar places, it becomes an attractive attack vector because it’s working,” he says. “The quantity and quality and scope of the attacks will continue to grow in 2019.” Allan believes the market is only a few years into a 10-year cycle of ransomware growing and then fading as a malware threat.</p> <p>Allan pins state and local governments’ susceptibility to ransomware on a lack of resources. <strong>“They don’t have the resources to apply to locking down the systems,” </strong>he says. “That makes them a more attractive target for the attackers.”'</p> <p><a href="https://statetechmagazine.com/article/2019/03/offsite-data-storage-helps-local-agencies-disaster-recovery" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out how offsite data storage helps local agencies with disaster recovery.</em></a></p> <h2 id="toc_1">Ransomware Protection Best Practices</h2> <p>When it comes to ransomware protection, Allan advises that all security is incremental, and recommends agencies focus on what he dubs “the first line of defense and the last line of defense.”</p> <p><strong>The first line is user education.</strong> Generally, ransomware gains a foothold in an agency because a user does something he or she shouldn’t have done, like opening a suspicious email or clicking on an unknown link. Agencies need to provide continuous user training on security and best practices to all employees to avoid common mistakes like that, Allan says.</p> <p>Shark adds that<strong> training should be given at all levels of an organization</strong> — including for its leaders, who should be seeking security certifications and keeping up with the latest threats.</p> <p>Agencies also need to regularly review their policies and ensure they have a business continuity plan in place and that it is practiced, Shark says. Policy reviews on cyber awareness should not be a once-a-year event, he says. “People who think they are checking off a box because the state requires it are missing the point,” he says. </p> <p><a href="https://statetechmagazine.com/article/2018/05/how-handle-human-side-state-and-local-data-center-automation" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Find out how to handle the human side of state and local data center automation. </em></a></p> <h2 id="toc_2">Ransomware Recovery Depends on Backups</h2> <p>If a ransomware attack gets through all of the layers of an agency’s security — <strong>intrusion detection and prevention and anti-malware software </strong>among them — then <strong>agencies need to be able to recover from the attack</strong>, Allan says. The goal is not only to have a backup of critical data that is easy to use but that can be easily shown to work in demonstrations to mayors and other city or county leaders, Allan says.</p> <p>Shark advises that local governments invest in redundant systems, including housing data backups in offsite remote locations that can kick in like a backup generator in the event of an attack. Shark says it does not matter if this backup is in the cloud or not. The goal is to have data backup “where it can be best maintained and where you have ready access.”</p> <p>Agencies cannot engage in ransomware recovery unless they have backups, Allan notes.</p> <p>“Backup needs to be simple and easy,” he says. <strong>“But if you can’t recover, then all the backups in the world don’t work. The real focus has been on fast recovery.”</strong></p> <p>Ransomware hits home not because an agency’s files or servers have been encrypted and held hostage, Allan says, but because that then renders government services inoperable.</p> <p>To achieve the fastest ransomware recovery possible, state and local governments have to get the most granular recovery possible, Allan says. For example, if an email attachment has been encrypted, an agency would not want to recover the entire email inbox, just the encrypted file.</p> <p>Agencies also need to have monitoring and reporting tools running so that they can be alerted when a ransomware attack is occurring. Those telltale signs include CPU cycles and memory cycles that show anomalous activity. There are specific algorithms that ransomware attacks run, Allan notes, and if they are running in the middle of the day, for example, that might be a sign that an attack is underway.</p> <p><strong>“If you are reacting to ransomware, it’s already too late,” </strong>he says.</p> <p>The best backup and recovery tools are simple, reliable across all systems and flexible across different IT architectures, Allan adds.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 23 May 2019 18:19:43 +0000 phil.goldstein_6191 42456 at https://statetechmagazine.com The Countdown Is On for Counties to Upgrade from Windows 7 https://statetechmagazine.com/article/2019/05/countdown-counties-upgrade-windows-7 <span>The Countdown Is On for Counties to Upgrade from Windows 7</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/22/2019 - 13:54</span> <div><p>With the end-of-support date looming for <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a>’s Windows 7, county governments across the country are facing pressure to <strong>upgrade their operating systems by Jan. 14, 2020</strong>.</p> <p><a href="https://www.microsoft.com/en-us/windowsforbusiness/end-of-windows-7-support" target="_blank">After that date</a>, government agencies will need to pay the software giant for security hotfixes, since Microsoft will no longer issue regular security updates for the platform. Meanwhile, <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft/windows-10.html" target="_blank">Windows 10</a> offers agencies <a href="https://statetechmagazine.com/article/2019/04/how-windows-10-migration-boosts-agencies-cybersecurity">a bevy of new security features</a>. </p> <p>Aware that Microsoft software often functions on a roughly 10-year lifespan, Pennsylvania’s <a href="https://www.crawfordcountypa.net/Pages/Home.aspx" target="_blank">Crawford County</a> began transitioning computers that needed repair or replacement to post-Windows 7 operating systems in 2016, according to Timothy Kelley, director of IT and services for the county.</p> <p>As of 2018, however, a number of machines — 201, approximately a third of Crawford County’s systems — were still running on Windows 7.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2 id="toc_0">Crawford County Works on Its Windows 10 Migration</h2> <p><strong>More than half (56 percent) of the 201 computers </strong>— models such as <a href="https://www.cdwg.com/content/cdwg/en/brand/dell.html" target="_blank">Dell</a>’s Latitude E6530 and E5540 laptops and Optiplex 9010 desktop computers — were compatible with either Windows 10 or Windows 8.1, and could be upgraded accordingly, Kelley says. </p> <p>“We use mostly Dell computers, and Dell provides a list of which models have been tested with the various Microsoft operating systems and are known to work,” he says. “They also recommend that you do not upgrade machines that haven’t been tested.”</p> <p>Because the remaining<strong> 145 computers</strong> that were still running Windows 7 —predominantly Latitude E5520 and E6420 laptops and Optiplex 790 and 990 desktop models — have not been tested for Windows 8.1 or 10 use, the county determined those machines needed to be replaced. </p> <p>Kelley’s department is purchasing <a href="https://www.cdwg.com/search/?key=Latitude%203590%20&amp;searchscope=all&amp;sr=1" target="_blank">Dell Latitude 3590 laptops</a> and <a href="https://www.cdwg.com/search/?key=Dell%20Optiplex%207060%20&amp;searchscope=all&amp;sr=1" target="_blank">Dell Optiplex 7060 desktop computers</a> to substitute for the units that were not compatible with Windows 8.1 or 10. The new computers will be outfitted with Windows 10.</p> <p>The project is being funded by <strong>a $240,000 allocation that Crawford County commissioners established </strong>during the 2019 budget development process after Kelley presented the county’s Windows 7-related update needs.</p> <p>The migration work, which the department began in January, is scheduled to continue through October, providing some wiggle room in November and December to ensure all units are off Windows 7 by the time support officially concludes in early 2020.</p> <p>The county was working on the second replacement cycle this spring and expected to be finished by the end of April. “This would put us on track with completing the task by the end of 2019, barring any other complications,” Kelley says. </p> <p><a href="https://statetechmagazine.com/article/2019/04/how-windows-10-migration-boosts-agencies-cybersecurity" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out how Windows 10 can boost agencies' cybersecurity. </em></a></p> <h2 id="toc_1">Windows 7 End of Life Could Pose Some Challenges</h2> <p>Generally, the <a href="https://www.pti.org/" target="_blank">Public Technology Institute</a> members that Alan Shark, the organization’s executive director, has spoken to say their local government’s Windows migration efforts are in good shape.</p> <p>“Many already had a refresh schedule for PCs and laptops and are taking the date very seriously,” Shark says. <strong>“Most people have thought it through well in advance of the deadline.”</strong></p> <p>Rita Reynolds, the CIO of the <a href="https://www.pacounties.org/Pages/default.aspx" target="_blank">County Commissioners Association of Pennsylvania</a>, warns that issues could arise, however, if in-house developers do not possess the expertise needed to update legacy applications that local governments sometimes use, or if the vendor that created a particular application no longer exists.</p> <p>“There might not be a way to upgrade that application — which could involve financial systems, parcel data, tax data systems,” Reynolds says. “<strong>The Windows 7 operating system change is on everyone’s radar; most counties have a strategy. </strong>A legacy application could throw a monkey wrench into it, though, for a small subset of users.”</p> <p>In addition to performing a comprehensive software audit to try to assess potential application issues, counties may also want to consider offering instruction to help employees become comfortable with the features of the newer version of Windows once it’s installed, according to Shark. </p> <p>“People tend to overlook the human factor sometimes — such as people saying, ‘I don't like touchscreens.’ Windows 10 gives you that option; it’s more graphic than 7,” Shark says. <strong>“You have to allow for training, whether it’s online or in person, because not everybody is a quick adapter.” </strong></p> <p>Acknowledging that customers may be at different points in the upgrade process, Microsoft <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/" target="_blank">announced</a> in September 2018 <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/" target="_blank">a paid option</a> that will allow professional and enterprise customers to receive extended Windows 7 security updates through January 2023. The Windows 7 Extended Security Updates will be sold on a per-device basis, and the price will increase each year, according to Microsoft.</p> <p>The company’s cloud-based Windows Virtual Desktop service, <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/24/microsoft-365-adds-modern-desktop-on-azure/" target="_blank">introduced just a couple of weeks later</a>, will also provide additional security updates for Windows 7 at no cost, to help users support legacy applications as they transition to Windows 10.</p> <p>If local governments choose not to partake in either option, aside from <strong>archiving an application offline or air-gapping a workstation so it’s off the network</strong> and not connected to the outside world — which Reynolds says is possible, but does not recommend — continuing to use Windows 7 past the end of support can mean considerable risk.</p> <p>“Newer operating systems are, of course, going to have more security; the manufacturer is going to continue to patch them,” Reynolds says. “It can be costly, for some, to do an upgrade; but in the long run, it will make the county more secure.”</p> <p>County governments that have not devised a comprehensive strategy to migrate to a newer version of Windows don't necessarily need to panic at this point. They should be able, Reynolds says, to meet the January 2020 deadline — provided they use a calculated approach.</p> <p>“The timeframe is still doable,” she says. “It’s not like the sky is falling. <strong>If it were September, though, I’d be concerned if someone didn't have a game plan in place</strong>.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/erin-brereton"> <div>Erin Brereton</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=Erbrer09&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Erin Brereton has written about technology, business and other topics for more than 50 magazines, newspapers and online publications. </p> </div> </p> </div> </div> </div> </div> Wed, 22 May 2019 17:54:01 +0000 phil.goldstein_6191 42451 at https://statetechmagazine.com How Local Governments Can Overcome IT Hiring Challenges https://statetechmagazine.com/article/2019/05/how-local-governments-can-overcome-it-hiring-challenges <span>How Local Governments Can Overcome IT Hiring Challenges</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 05/21/2019 - 13:24</span> <div><p>While it’s well-known that the federal government often faces hurdles in hiring for IT roles, <a href="https://fedtechmagazine.com/article/2018/11/agencies-should-think-creatively-find-cybersecurity-pros" target="_blank">especially in cybersecurity</a>, the same is true for local governments as well. </p> <p>According to <a href="https://www.pti.org/civicax/inc/blobfetch.aspx?BlobID=23041" target="_blank">an infographic based on survey data from the Public Technology Institute</a> and CompTIA, <strong>salary constraints and a lack of qualified applicants </strong>are the top two barriers to attracting and hiring new IT staff. Also cited were <strong>protracted steps in the hiring process and security or background checks</strong>.</p> <p><a href="https://statescoop.com/salary-constraints-lack-of-qualified-applicants-top-local-government-it-workforce-woes/" target="_blank">As StateScoop reports</a>, the infographic uses survey data PTI gathered in January and February to showcase trends in the local government workforce. The group says the survey was designed to “identify some of the issues affecting the local government IT work environment, for both the IT executive and the IT operation.” </p> <p>These issues will become more pressing as local government IT teams shed retiring workers. About <strong>16 percent</strong> of respondents said that between <strong>10 and 25 percent</strong> of their current IT staff will retire within the next two years, while <strong>78 percent </strong>reported that up to<strong> 10 percent </strong>of their staffs are expected to soon retire.</p> <p>The survey data underscores the depths of the challenges that local governments face, but there are ways that they can overcome them, according to PTI Executive Director Alan Shark. Local government agencies need to <strong>enhance technology training, do a better job of selling the public service aspect of government IT work</strong> and offer more flexibility with job titles and how employees’ work weeks are structured. </p> <p><a href="https://statetechmagazine.com/article/2019/05/nascio-midyear-2019-how-get-more-women-state-government-cybersecurity" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover how to get more women into government cybersecurity roles. </em></a></p> <h2 id="toc_0">Local Governments Must Get Creative to Hire IT Pros</h2> <p>According to the survey, <strong>52 percent </strong>of respondents said it was “somewhat difficult” and <strong>40 percent</strong> said it was “very difficult” to find and hire IT staff with the right mix of skills to “make a good addition to the IT team.” </p> <p>While conducting interviews, the skill sets IT executives identified as most lacking in job applicants were an understanding of what government does (in terms of services and as an organization) and the role of the IT department, as well as emotional intelligence and oral, written and technical skills.</p> <p>Meanwhile,<strong> 54 percent </strong>of survey respondents said that IT department education and training was “limited or nonexistent.”</p> <p>Shark tells <em>StateTech</em> that was unacceptable.<strong> “Employees need to be better trained because there is less history and knowledge in the organization”</strong> as older IT workers leave, he says. Training and onboarding processes need to change to reflect that, he adds. </p> <p>Local governments can also “<strong>do a better job in selling the benefits of the public good” that comes from IT work</strong>, Shark says. In some cases, employees could be helping in life-or-death situations in support of public safety services, he notes. IT workers are also striving to improve resident services, make residents happier and make their communities better places to live. </p> <p>Agencies can also point out that <a href="https://statetechmagazine.com/article/2018/08/wake-countys-innovation-lab-sparks-creative-solutions">they do have the ability to roll out innovative applications</a> and enhancements to customer experience for government services. “They need to do a better job of presenting the public good as it relates to technology innovation,” Shark says.</p> <p>Government agencies also need to<strong> get out of their own way when it comes to civil service classifications of certain jobs and job titles for IT roles</strong>, Shark says. Instead of a bureaucratic-sounding title for an IT staff member, “call them technology adviser, technology support manager. Give them titles that help them build their resume.”</p> <p>Shark says that local governments “have so much to gain by making these little steps.”</p> <p>Additionally, Shark says, city and county councils should make hiring exceptions and increase pay for people who have exceptional skills. “If someone has a special talent that is needed, exceptions can be made,” he says. “There are just too many people in human resources who are not willing to fight that battle.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 21 May 2019 17:24:08 +0000 phil.goldstein_6191 42446 at https://statetechmagazine.com States Will Likely Boost Election Cybersecurity Spending in 2019 https://statetechmagazine.com/article/2019/05/states-will-likely-boost-election-cybersecurity-spending-2019 <span>States Will Likely Boost Election Cybersecurity Spending in 2019</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/16/2019 - 09:23</span> <div><p>Even though state governments and county election boards <a href="https://statetechmagazine.com/article/2019/01/states-deem-midterm-election-security-efforts-success-mostly">were largely successful</a> in warding off cyberattacks during the 2018 elections, the FBI <a href="https://www.nytimes.com/2019/04/26/us/politics/fbi-russian-election-interference.html" target="_blank">warned last month</a> that Russia continues to try to interfere in American elections, with FBI Director Christopher Wray calling it a “significant counterintelligence threat.”</p> <p>With that in mind, state governments are <strong>likely going to continue to bolster their cyber defenses ahead</strong> <strong>of the 2020 election</strong>. Last year, the <a href="https://thehill.com/policy/cybersecurity/420691-the-year-ahead-pressure-mounts-on-election-security-as-2020-approaches" target="_blank">U.S. Election Assistance Commission</a> allocated $380 million to the states through the next election to improve voting security.</p> <p>However, <a href="https://www.eac.gov/assets/1/6/FY2018HAVAGrantsExpenditureReport.pdf" target="_blank">an EAC audit released last month</a> found that states and territories <strong>spent just 8 percent — $31.4 million — of that $380 million</strong> through Sept. 30, 2018. The good news is that more than half of that total, $18.3 million, was spent on cybersecurity improvements. And the EAC report says that, based on the states and territories’ outlines and plans for spending their election security funds<strong>, “the vast majority of states and territories plan to spend their allotted funds within the next two or three years.” </strong></p> <p><a href="https://statetechmagazine.com/article/2018/11/why-securing-elections-requires-little-bit-zero-trust" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover why states should move toward zero trust security models to shore up voting systems.</em></a></p> <h2 id="toc_0">How States Are Bolstering Election Cybersecurity</h2> <p>While the total amount of money states have burned through may seem small, they have been busy <strong>investing in technology, personnel and new defenses, including vulnerability scans and advanced firewalls</strong>. For example, according to the EAC audit, Washington state put in place advanced firewall protection for the state’s centralized election system and installed an advanced threat detection and prevention appliance, though the vendor was not named. </p> <p>The state also “acquired a database storage device on the Voter Registration system that has back-up and recovery capabilities.” </p> <p>Rhode Island implemented a platform for its centralized voter registration system that encrypts all data within it and<strong> invested in another system that monitors for and protects the registration system from ransomware</strong>. The state also purchased a system that “provides real-time analysis of security threats, sends alerts if issues are detected and quarantines devices if there is abnormal activity.”</p> <p>Many of those kinds of efforts are likely going to continue in 2019 and into 2020. </p> <p>“There hasn’t been a lot of money spent, but there is a lot of activity,” Mark Abbott, the commission’s grants director, <a href="https://statescoop.com/state-spending-on-election-security-expected-to-pick-up-in-2019/" target="_blank">told StateScoop</a>.</p> <p>StateScoop reports: </p> <blockquote><p>Many of the local grants will be used to help small counties, which generally lack robust information technology resources, to beef up the information security around their electronic pollbooks, election-night reporting systems and websites that feature information for voters.</p> </blockquote> <p>“Congress should also share in<strong> longer-term funding for things like regular risk assessments and necessary repairs and upgrades for critical infrastructure</strong>, as well as grants for cybersecurity resources that are directed to local election offices, which are frequently under-resourced relative to their state counterparts,” Lawrence Norden, deputy director of the Democracy Program at the Brennan Center for Justice at the New York University School of Law, argued in congressional testimony in May, <a href="https://www.fastcompany.com/90346497/how-to-fight-2020-election-hacking-heres-what-cybersecurity-experts-say" target="_blank">according to <em>Fast Company</em></a>. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <p>The EAC audit makes clear that states’ election cybersecurity work will continue. </p> <p>Illinois plans to use its remaining <strong>$13.3 million</strong> in funding for a cybersecurity information sharing program, hiring a cyber navigator/adviser, “providing cybersecurity resources for local election authorities and<strong> implementing a statewide network to provide centralized monitoring, mitigation and security service</strong>s,” the audit says.</p> <p>Maryland intends to “replace and upgrade voting equipment, perform election audits,<strong> upgrade voter registration system servers and software in off-election years and enhance system monitoring activities, mitigating cyber vulnerabilitie</strong>s, refining an incident management plan and providing training,” according to the audit.</p> <p>Some large states are getting particularly ambitious. New York and Texas are undertaking what Abbott described to StateScoop as a “mammoth exercise” to conduct cybersecurity assessments for all of their counties, many of which are rural and lack lots of cybersecurity resources or personnel.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 16 May 2019 13:23:58 +0000 phil.goldstein_6191 42436 at https://statetechmagazine.com Smart Tech Supports Video for Police in Opelika, Ala. https://statetechmagazine.com/media/video/smart-tech-supports-video-police-opelika-ala <span>Smart Tech Supports Video for Police in Opelika, Ala.</span> <div><p>The police department in Opelika, Ala., depends on video evidence from body cameras and dash cams to investigate crimes and other matters. To support police requirements, Opelika's CIO has configured the city's network to automatically back up that video wirelessly and make it available upon demand.</p> </div> <span><span lang="" about="/dashboard/mickey-mccarter" typeof="schema:Person" property="schema:name" datatype="">Mickey McCarter</span></span> <span>Wed, 05/15/2019 - 10:59</span> <div> <div>Tweet text</div> <div>After collecting #surveillancevideo, @opelikacity police seamlessly transfer it to #hyperconverged storage for later use #StateLocalIT #bodycam #videostorage</div> </div> <div> <div>Video ID</div> <div><p>1668528003</p> </div> </div> <div> <div>video type</div> <div><a href="/taxonomy/term/7391" hreflang="en">Case Study</a></div> </div> <div> <div>CDW Activity ID</div> <div><p>MKT25519 </p> </div> </div> <div> <div>CDW VV2 Strategy</div> <div>Security</div> </div> <div> <div>CDW Segment</div> <div>State &amp; Local</div> </div> <div> <div>Customer Focused</div> <div>True</div> </div> <div> <div>Buying Cycle</div> <div><a href="/taxonomy/term/7446" hreflang="en">Engagement</a></div> </div> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="https://statetechmagazine.com/media/video/smart-tech-supports-video-police-opelika-ala" data-title="After collecting #surveillancevideo, @opelikacity police seamlessly transfer it to #hyperconverged storage for later use #StateLocalIT #bodycam #videostorage" data-via="StateTech" data-button-background="none"> <span> <span>May</span> <span>15</span> <span>2019</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="https://statetechmagazine.com/media/video/smart-tech-supports-video-police-opelika-ala" data-title="After collecting #surveillancevideo, @opelikacity police seamlessly transfer it to #hyperconverged storage for later use #StateLocalIT #bodycam #videostorage" data-via="StateTech" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="https://statetechmagazine.com/media/video/smart-tech-supports-video-police-opelika-ala" data-title="After collecting #surveillancevideo, @opelikacity police seamlessly transfer it to #hyperconverged storage for later use #StateLocalIT #bodycam #videostorage" data-via="StateTech" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href="https://twitter.com/search?f=realtime&amp;q=https%3A%2F%2Fstatetechmagazine.com%2Frss.xml%3Fitok%3DmQbgvt0X%26destination%3D%2F%253Fitok%253DmQbgvt0X%26_exception_statuscode%3D404" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div> <div>Pull Quote</div> <div> <p class="quote"><a href="node/"> Our body cameras work in conjunction with the in-car system dashcam. They are tied together in the vehicle. We built a network that would allow those camera systems to download wirelessly directly into the server. </a></p> <img src="/sites/statetechmagazine.com/files/styles/photo_quote_thumb/public/2019-05/ShaneHealey.jpg?itok=iR8nraIe" width="60" height="60" alt="Capt. Shane Healey" typeof="foaf:Image" /> <p class='speaker'> <span>Capt. Shane Healey</span> Opelika, Ala., Police Department </p> </div> </div> Wed, 15 May 2019 14:59:26 +0000 Mickey McCarter 42431 at https://statetechmagazine.com San Francisco Bans Use of Facial Recognition Tech by City Agencies https://statetechmagazine.com/article/2019/05/san-francisco-bans-use-facial-recognition-tech-city-agencies <span>San Francisco Bans Use of Facial Recognition Tech by City Agencies</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/15/2019 - 10:16</span> <div><p>San Francisco lawmakers on Tuesday voted to <strong>ban the use of facial recognition technology in the police force and other city agencie</strong>s, making it the first city in the United States to outlaw the tool. The San Francisco Board of Supervisors voted 8 to 1 to approve the measure; it must be voted on a second time next week, but that is seen as a formality, <a href="https://www.nytimes.com/2019/05/14/us/facial-recognition-ban-san-francisco.html" target="_blank">according to <em>The New York Times</em></a>.</p> <p>The measure was <a href="https://statetechmagazine.com/article/2019/01/san-francisco-considers-banning-facial-recognition-tech" target="_blank">first raised in January</a>. As <a href="https://www.wired.com/story/san-francisco-bans-use-facial-recognition-tech/" target="_blank"><em>Wired r</em>eports</a>, “San Francisco’s ban <strong>covers government agencies, including the city police and county sheriff’s department, but doesn’t affect the technology that unlocks your iPhone or cameras installed by businesses or individuals</strong>.”</p> <p>Additionally, <a href="https://www.theverge.com/2019/5/14/18623013/san-francisco-facial-recognition-ban-vote-city-agencies" target="_blank">as The Verge notes</a>, the ordinance “would also require city agencies to get board approval for their use of surveillance technology, and set up audits of surveillance tech already in use. Other cities have approved similar transparency measures.”</p> <p>While facial recognition tools have been used by law enforcement to help identify suspects, such as the man involved <a href="https://www.nytimes.com/2019/04/29/us/capital-gazette-shooting-suspect.html?module=inline" target="_blank">in the mass shooting</a> at an Annapolis, Md., newspaper last June, civil liberties groups have said that the technology can be potentially be abused by government authorities and encourage mass surveillance. <a href="https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=906254" target="_blank">Research from the FBI</a> has found that some demographic groups “are more susceptible to errors in the face matching process,” StateScoop notes. <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a> has <a href="https://www.theverge.com/2018/12/7/18129858/microsoft-facial-recognition-ai-now-google" target="_blank">called for new laws</a> to regulate the use of facial recognition technology. </p> <p>Aaron Peskin, the city supervisor who sponsored the bill, told the <em>Times</em> that the ordinance sends a strong message from a city that is defined by its connection to the tech industry. </p> <p>“I think part of San Francisco being the real and perceived headquarters for all things tech also comes with a responsibility for its local legislators,” Peskin said.<strong> “We have an outsize responsibility to regulate the excesses of technology precisely because they are headquartered here.” </strong></p> <p>However, critics of the ban said municipalities should focus on ways to regulate facial recognition while also acknowledging its public safety benefits. “It is ridiculous to deny the value of this technology in securing airports and border installations,” Jonathan Turley, a constitutional law expert at George Washington University, told the <em>Times</em>. <strong>“It is hard to deny that there is a public safety value to this technology.”</strong></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 15 May 2019 14:16:39 +0000 phil.goldstein_6191 42426 at https://statetechmagazine.com Chicago Police Tap More Video Sources to Help Solve Crimes https://statetechmagazine.com/article/2019/05/chicago-police-tap-more-video-sources-help-solve-crimes <span>Chicago Police Tap More Video Sources to Help Solve Crimes</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/15/2019 - 09:12</span> <div><p>The Chicago Police Department now has another technology tool on its utility belt as it goes about fighting crime.</p> <p>Last month, the CPD unveiled <strong>new technology that allows them to pull video from more sources</strong> as they seek evidence in murders and other violent crimes. </p> <p>The <strong>video investigation and analysis software and technology </strong>in the Area Tech Center, housed at Area South detective headquarters on the far South Side of the city, will allow police to more quickly process and analyze video from a disparate array of sources, including private surveillance cameras and seized cellphones. </p> <p><a href="https://www.chicagotribune.com/news/local/breaking/ct-met-chicago-police-new-technology-detectives-20190405-story.html" target="_blank">As the <em>Chicago Tribune</em> notes</a>, the tech center is part of a wider effort to <strong>improve the police department’s clearance rate for homicides </strong>— the rate at which murders get solved. </p> <p>The <em>Tribune</em> reports: </p> <blockquote><p>Since opening in late February, the center has received nearly 200 requests from detectives in need of video and digital evidence processing. One of those requests included video evidence from private and police street surveillance cameras that helped identify a suspect in the March 23 fatal shooting of off-duty Officer John P. Rivera in the River North neighborhood, police said.</p> </blockquote> <p>“One of our challenges in solving crime here in Chicago has been the ability to efficiently identify, collect, download and review all the video resources connected to a crime scene,” CPD Superintendent Eddie Johnson said at the center in April, according to the<em> Tribune</em>. “Unfortunately, this has resulted in lost evidence, lower clearance rates. … This has also impacted our relationships with those who have suffered from violent crime.” </p> <p>The center was funded via a<strong> $10 million</strong> donation from billionaire hedge fund manager Ken Griffin. </p> <p><a href="https://statetechmagazine.com/article/2019/05/how-pattern-recognition-and-machine-learning-helps-public-safety-departments-perfcon" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Find out how pattern recognition and machine learning help public safety departments.</em></a></p> <h2 id="toc_0">CPD Looks to Get More Flexibility in Crime Fighting</h2> <p>The Area Tech Center speeds up the work of video analysis for police. Johnson said it would have taken at least three additional days to process the same videos used to investigate the Rivera shooting without the center, <a href="https://chicago.suntimes.com/news/cpd-police-technology-center-videos-detectives-murders/" target="_blank">according to the <em>Chicago Sun-Times</em>.</a> </p> <p>The center is staffed by 10 officers, four detectives, an analyst and a sergeant all trained in <a href="https://input-ace.com/" target="_blank">iNPUT-ACE’s software</a>, according to the <em>Sun-Times </em>and <a href="https://input-ace.com/chicagos-new-tech-center-adopts-input-ace-as-its-standard-to-help-detectives-solve-cases/" target="_blank">a press release</a>. “Chicago has also adopted <a href="https://www.cellebrite.com/en/home/" target="_blank">Cellebrite</a>’s technology which allows video and metadata from iNPUT-ACE to be<strong> integrated into case timelines with other digital intelligence like cell phone records</strong>,” the release notes.</p> <p>Johnson hopes to deploy similar centers in the city’s Area Central and Area North detective headquarters. </p> <p>The new tech center follows in a similar vein to the city’s Strategic Decision Support Centers. Chicago is using<strong> cloud, artificial intelligence and data analytics technology </strong>from <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a> and tools from Genetec, a Canadian firm, for the centers, which have<strong> spread to 20 of the city’s 22 police districts.</strong></p> <p>The CPD makes use of Genetec’s Citigraf technology, which “features <strong>a powerful correlation and analytics engine</strong> that instantly detects and displays relevant information from disparate systems for inter-agency collaboration,” <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">according to a Genetec statement</a>. Those centers include surveillance cameras, gunshot detection platforms, predictive mapping and data analytics,<a href="https://www.govtech.com/public-safety/Drones-AI-Bodycams-Is-Technology-Making-Us-Safer.html" target="_blank"> <em>Government Technology</em> reports</a>.</p> <p>The tech center focuses more on using software and hardware to analyze surveillance video and cellphone evidence, and is specifically designed for detectives, the <em>Tribune</em> reports. The center is aimed at giving detectives the software resources to view and analyze such video. </p> <p>Sgt. Patrick Kinney, who helps run the tech center, told the <em>Tribune</em> that the center’s officers can help other detectives at homicide scenes by viewing recovered video on laptops. </p> <p><strong>“It saves … hours upon hours for the detectives,”</strong> Kinney said. “It frees them up because we’re the ones doing the processing for them, we’re the ones recovering the video, analyzing the video, and then providing it to them with the investigative leads.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 15 May 2019 13:12:20 +0000 phil.goldstein_6191 42416 at https://statetechmagazine.com Massachusetts Pledges Major Investment in IT Modernization https://statetechmagazine.com/article/2019/05/massachusetts-pledges-major-investment-it-modernization <span>Massachusetts Pledges Major Investment in IT Modernization</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 05/13/2019 - 11:17</span> <div><p>Massachusetts could be getting ready to open its wallet in a major way when it comes to IT modernization.</p> <p>Last month, Massachusetts Gov. Charlie Baker <a href="https://www.mass.gov/news/governor-baker-files-legislation-authorizing-11-billion-to-improve-information-technology" target="_blank">filed legislation</a> authorizing more than<strong> $1.1 billion </strong>in capital funding for public safety and IT investments, including for cybersecurity. More than half of the funding, <strong>$600 million</strong>, would be <strong>put toward the state’s technology infrastructure needs, IT security and improving services for residents</strong>. </p> <p>“It is critically important that the Commonwealth make these capital investments to strengthen defenses against cyber threats and continue modernizing and securing our digital assets,” Baker said in a statement. “This bill will also help us to partner with local agencies and provide additional capital support to better serve the residents of Massachusetts.” </p> <p><a href="https://statetechmagazine.com/article/2019/03/how-states-are-going-smart-state-journey" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Find out how different states are going on a smart state journey. </em></a></p> <h2 id="toc_0">Funding for Digital Services, Cybersecurity to Get a Boost</h2> <p>The state’s Executive Office of Technology Services and Security, which Baker elevated to the cabinet level in 2017, is prioritizing capital IT projects that are reliable over the long term and deliver maximum return on investment, according to Baker’s office.</p> <p>The funding in the proposed bill would increase the state’s cybersecurity, “advance strategic IT initiatives, modernize digital and telecommunications infrastructure and improve the user experience” for a wide range of services.</p> <p>Specifically, the bill calls for <strong>$195 million in funding to improve resident service</strong>s, including in the areas of “healthcare, housing, education, employment assistance, public safety and emergency management, transportation and the environment.”</p> <p>Another <strong>$165 million would be earmarked for “strategic initiatives related to the efficiency of state IT resources,” </strong>including new human resources, financial and background check systems. </p> <p>Baker also wants<strong> $135 million for upgrades to cybersecurity for the state’s digital assets</strong>, including a new Security Operations Center. SOCs are the facilities where agency websites, applications, databases, data centers and servers, networks, desktops and other endpoints are monitored, assessed and defended.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <p>The cybersecurity funding would also cover vulnerability testing of state IT infrastructure and statewide IT systems, as well as improvements to access security for state systems, according to the release.</p> <p>And the bill calls for <strong>$105 million to be spent on the modernization of Massachusetts’ digital and telecommunications infrastructure</strong>.</p> <p>Speaking in Boston alongside <a href="https://www.cdwg.com/content/cdwg/en/brand/dell-emc-interstitial.html" target="_blank">Dell Technologies</a> CEO Michael Dell last month at <a href="https://www.eventbrite.com/e/massforward-a-vision-for-2030-agenda-tickets-57204644632" target="_blank">MassForward: A Vision for 2030</a>, an event put on by Dell, Baker touched on the importance of cybersecurity for the state.</p> <p><strong>“[The goal is to be] really comfortable with our security infrastructure,”</strong> he said, <a href="https://mytechdecisions.com/compliance/baker-dell-massforward-2030/" target="_blank">according to the website My Tech Decisions</a>. “One of the things that happens when you don’t have a center of gravity with respect to how you think about technology is that there’s a lot of people out there doing a lot of their own things. What they buy, what their security protocols are, and all the rest. It creates a really interesting-looking house with a lot of doors and windows.”</p> <p>Massachusetts is focused on setting one set of security standards for how the state purchases and manages technology. Massachusetts CIO Curtis Wood said last week at the <a href="https://statetechmagazine.com/nascio-2019-midyear-conference">NASCIO Midyear 2019 conference</a> in National Harbor, Md., that the state plans to release a comprehensive cybersecurity roadmap sometime this summer. </p> <p>Baker also said that if the state is “doing really big projects, they have to be run centrally, and we need people that know how to run big projects running those. You can’t do those as one-offs at the agency level with a couple people that have four other jobs.” </p> <p>The state also must <strong>think more holistically about applications and look to streamline them where possible</strong>, Baker said. “There are a lot of case management software packages operating in state government, and there probably needs to be more than one, but I bet there needs to be less than 50,” he said. “The opportunities to think more enterprisewide about how to use technology generally is a new idea, and I think, over the long run, will give us much better insights.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 13 May 2019 15:17:33 +0000 phil.goldstein_6191 42411 at https://statetechmagazine.com How North Dakota, West Virginia Will Streamline Cybersecurity https://statetechmagazine.com/article/2019/05/how-north-dakota-west-virginia-will-streamline-cybersecurity <span>How North Dakota, West Virginia Will Streamline Cybersecurity</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/09/2019 - 09:31</span> <div><p>Cybersecurity concerns are <a href="https://statetechmagazine.com/media/video/cybersecurity-threats-keep-state-cisos-night">always top of mind for state CISOs</a>. Over the past few weeks, two state governments have taken steps to put their cybersecurity and IT leaders a little more at ease. </p> <p>In North Dakota, Gov. Doug Burgum on March 30 <a href="https://www.nd.gov/news/burgum-signs-legislation-creating-unified-cybersecurity-approach-north-dakota" target="_blank">signed into law a measure</a> that makes the Roughrider State the first state to<strong> “authorize a central, shared service approach to cybersecurity strategy across all aspects of state government.”</strong> That includes state, local, legislative, judicial, K–12 education and higher education.</p> <p>Meanwhile, in West Virginia, Gov. Jim Justice signed <a href="http://www.wvlegislature.gov/Bill_Text_HTML/2019_SESSIONS/RS/bills/HB2452 SUB ENR.pdf" target="_blank">the Secure WV Act</a> into law in late March. The law creates a new Cybersecurity Office within the Mountain State’s Office of Technology “that will be responsible for conducting a risk assessment across most state agencies,” <a href="https://www.govtech.com/security/WVa-to-Open-Cybersecurity-Office-Launch-Unification-Plan.html" target="_blank">as <em>Government Technology</em> reports</a>. The law also authorizes the state CISO to create a cybersecurity framework, “to assist and provide guidance to agencies in cyber risk strategy and setting forth other duties” and generally to standardize cybersecurity in the state. That includes<strong> ensuring the uniformity and adequacy of the cyber risk assessments</strong>. </p> <p>Taken together, the separate approaches represent efforts by states to streamline their IT governance and cybersecurity operations and make IT security more consistent across state agencies.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2 id="toc_0">North Dakota Takes Unified Approach to Cybersecurity</h2> <p>North Dakota’s cybersecurity efforts <a href="https://statetechmagazine.com/article/2019/01/north-dakota-considers-major-it-and-cybersecurity-unification-effort">had been in the works for months</a>, and <a href="https://www.legis.nd.gov/assembly/66-2019/documents/19-8091-02001m.pdf" target="_blank">Senate Bill 2110</a> aims to make security operations more efficient in a state where officials estimate there are roughly <strong>5 million cyberattack attempts each month </strong>on average.</p> <p>“This important investment in 21st-century critical infrastructure recognizes the increasingly digital world in which we live and the growing nature of cybersecurity threats,” Burgum said in a statement. “A unified approach to cybersecurity strengthens our ability to protect the state network’<strong>s 252,000 </strong>daily users and more than<strong> 400</strong> entities from cyberattacks.” </p> <p>The IT department is also required to advise and consult with the state’s legislative and judicial branches regarding cybersecurity strategy.</p> <p>“The collaborative effort on this legislation clearly reflects a whole-of-government approach by North Dakota’s leaders, enabling the state to effectively address millions of monthly attacks and identify potential gaps in cybersecurity,” state CIO Shawn Riley said in a statement.</p> <p><em><a href="https://statetechmagazine.com/article/2018/10/nascio-2018-deloitte-nascio-report-calls-bold-plays-cybersecurity" target="_blank"><strong>MORE FROM STATETECH: </strong>Find out how state CIOs and CISOs can make “bold plays for change” on cybersecurity</a>.</em></p> <h2 id="toc_1">West Virginia Opens New Cyber Office</h2> <p>Under the Secure WV Act, the CISO, who will be appointed by the state CTO, will be responsible for developing policies, procedures and standards necessary to establish an enterprise cybersecurity program “that recognizes the interdependent relationship and complexity of technology in government operations and the nature of shared risk of cyber threats to the state.” </p> <p>The CISO will also <strong>create a cyber risk management service</strong> aimed at ensuring that state officials at all levels understand their responsibilities for managing their agencies’ cyber risk, according to the legislation.</p> <p>Further, the CISO will <strong>“designate a cyber risk standard for the cybersecurity framework,” </strong>and “establish the cyber risk assessment requirements such as assessment type, scope, frequency and reporting.”</p> <p>Agencies will receive cyber risk guidance for IT projects, including recommendations of security controls and remediation plans.</p> <p>The CISO will help agencies with creating cyber incident response plans and help them manage frameworks for information custody, classification, accountability and protection.</p> <p>West Virginia CTO Joshua Spence said in a statement that the legislation will serve as “a foundational step forward in cybersecurity protection of state information systems and data,” according to Government Technology</p> <p>“By leveraging a risk management approach, the state can ensure cybersecurity resources are applied to that which matters most,” he said.</p> <p>Spence said the state aims to <strong>create a “core cybersecurity standard" </strong>that will allow officials to make an “apples-to-apples comparison of cyber-risk assessments across all agencies within the Executive Branch.” </p> <p>As West Virginia delves into emerging technologies <a href="https://statetechmagazine.com/article/2019/01/blockchain-technology-explained-biggest-use-cases-state-and-local-government-perfcon">like blockchain voting</a>, it wants to make sure those are as secure as possible. “As the state seeks to optimize government services by leveraging technology, it is important the state understand the associated cyber risk to ensure that the appropriate levels of protection are applied,” Spence added.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 09 May 2019 13:31:58 +0000 phil.goldstein_6191 42406 at https://statetechmagazine.com NASCIO Midyear 2019: How to Get More Women into State Government Cybersecurity https://statetechmagazine.com/article/2019/05/nascio-midyear-2019-how-get-more-women-state-government-cybersecurity <span>NASCIO Midyear 2019: How to Get More Women into State Government Cybersecurity </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/08/2019 - 13:11</span> <div><p>All 50 states now have a CISO, but as Maria Thompson notes, only five of them are women. At <strong>10 percent</strong>, that is not far off the average when it comes to women’s representation in government cybersecurity roles, and that low figure is distressing to Thompson, who is the chief risk officer for North Carolina.</p> <p>Along with Laura Bate, a policy analyst at the think tank New America, Thompson extolled <strong>the importance of increasing gender diversity in government cybersecurity</strong> during a panel at <a href="https://statetechmagazine.com/nascio-2019-midyear-conference">the NASCIO 2019 Midyear Conference</a> in National Harbor, Md., on Tuesday.</p> <p><a href="https://twitter.com/statetech" target="_blank"><em><strong>JOIN THE CONVERSATION: </strong>Follow @StateTech on Twitter for continued NASCIO 2019 Midyear Conference coverage. </em></a></p> <p>“You need to be able to see people who look like you and understand there is a possibility to advance in that position and own it,” Thompson said.</p> <p>Bate noted three key reasons for increasing gender diversity in cybersecurity. First, there are a lot of unfilled cyber jobs, and they won’t be filled if government agencies ignore half the population. Of the nearly <strong>314,000</strong> cybersecurity positions open in the U.S., about <strong>17,000</strong> are in the public sector, <a href="https://www.cyberseek.org/heatmap.html" target="_blank">according to CyberSeek</a>, a <a href="https://www.nist.gov/itl/applied-cybersecurity/nice" target="_blank">National Initiative for Cybersecurity Education</a> online tool that collects employment data. </p> <p><strong>“We need more people,” </strong>Bate said. </p> <p>Also, diverse teams simply perform better, Bate said, citing an enormous amount of research to back this up. For example: “In recent years a body of research has revealed another, more nuanced benefit of workplace diversity: <strong>nonhomogenous teams are simply smarter</strong>. Working with people who are different from you may challenge your brain to overcome its stale ways of thinking and sharpen its performance,” <a href="https://hbr.org/2016/11/why-diverse-teams-are-smarter" target="_blank">the <em>Harvard Business Review</em> noted in 2016</a>. </p> <p>Finally, Bate noted, <strong>increasing gender diversity “is the right thing to do” from a social and economic justice viewpoint</strong>. Cybersecurity jobs typically pay quite well, and if “there are systemic reasons certain members of society aren’t getting those opportunities,” hiring more qualified women will help address that, Bate said.</p> <p><a href="https://statetechmagazine.com/article/2019/05/nascio-midyear-2019-how-navigate-role-cio-broker" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Find out how to navigate the new idea of state CIO as a broker. </em></a></p> <h2 id="toc_0">How to Get More Women into the Cyber Pipeline</h2> <p>In March, New America released a report, “<a href="https://www.newamerica.org/cybersecurity-initiative/reports/new-ways-bring-women-and-through-cybersecurity-careers/" target="_blank">New Ways to Bring Women Into and Up Through Cybersecurity Careers</a>,” which was based on the findings of an interdisciplinary group of experts.</p> <p>“Depending on the source of the data, women make up <strong>11 percent, more than 20 percent, or 24 percent </strong>of the cybersecurity workforce,” the report notes. “However, overall participation in the field is just part of a complex problem. Women at nearly every level of cybersecurity are paid less than their male counterparts, and <strong>51 percent </strong>report that they have experienced discrimination, compared with only <strong>15 percent</strong> of men.”</p> <p>The report calls for three executable strategies. One is to empower organizations and coordinators that can change hiring practices at cybersecurity companies and drive up women’s interest in the field. Another is to engage with the private sector business community to get them on board with hiring more women. The third is to use marketing, entertainment and media platforms to change the narrative around women in cybersecurity.</p> <p>Bate noted that the report included the input of a woman who runs a cybersecurity camp for girls in South Dakota. “We asked, ‘How do you tell them this could be an interesting career path, but no one looks like you?’ She said, ‘We don’t talk about that.’” Instead, the camp gets girls interested in technology concepts like networking but putting them in a room with string and asking them to build their own networks. </p> <p>Thompson <a href="https://it.nc.gov/blog/2016/07/21/maria-thompson-leads-new-era-cybersecurity-nc" target="_blank">spent 20 years in the U.S. Marine Corps</a> and retired as a master gunnery sergeant and information assurance chief for the Marines, where she served as the senior enlisted cybersecurity adviser to the CIO and the senior agency information assurance officer. </p> <p><strong>“Every step that I made, I was always 1 in 10” </strong>as a woman, she said. “Unfortunately, it is what it is. But it made me a lot stronger. It made me understand where we are right now.” </p> <p>Thompson said her career in the Marines made her appreciate “why we need to be a little more proactive in getting women into IT.”</p> <p>Both Thompson and Bate said that apprenticeships and internship programs are key, and that K–12 education systems need to <strong>start teaching girls about cybersecurity at a young age</strong>. Girls also need to see that women can rise to leadership roles in cybersecurity organizations, Thompson said. </p> <p><strong>“Leadership at the top is important,” </strong>she said. “If everyone you see looks the opposite of who you are, you will not feel like that is a welcoming organization for you.”</p> <p><em>Read more articles from </em>StateTech<em>’s coverage of the NASCIO 2019 Midyear conference <a href="https://statetechmagazine.com/nascio-2019-midyear-conference">here</a>.</em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 08 May 2019 17:11:33 +0000 phil.goldstein_6191 42401 at https://statetechmagazine.com