by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January and February 2017
ALTHOUGH CONCERNS ABOUT cybersecurity and cybercrime in government have lately focused on the federal side, much of the risk lives at the state and local level. That’s where the bad guys can find much of the personal information that makes cybercrime so lucra- tive and where disruptive hacks can cause the most havoc. In 2015, the Pell Center for International Relations and Public Policy looked at cybersecurity in eight of the most populous states and concluded that although many of them had made substantial progress, “no state is cyber ready.” More recently, the 2016 Deloitte-NASCIO Cyber- security Study found that awareness of cybersecurity had finally begun to rise to the top of states’ execu- tive branches. But security professionals were still struggling with “stubbornly persistent” issues. Ironically, the study pointed out that the new systems states have been introducing to foster innovations in service delivery have only served to increase cyber risks. Secur- ing sufficient resources in terms of both funding and talent also remained one of the top challenges. The new-technology problem is one that could bedevil organizations for a long time. The legacy sys- tems slated for replacement have their own issues when it comes to cybersecurity, such as old and hard-to- update operating systems, but new technology intro- duces quite a bit of com- plexity into the equation. Ron Ross, a fellow at the National Institute for Stan- dards and Technology, said there are too many bases — the software, firmware and hardware that run all the critical infrastructure and technology we rely on — for cybersecurity profes- sionals to realistically cover right now. Although many of the broad-ranging reports have some element of hope, at the operational level, things don’t look so rosy. Oregon auditors, for instance, recently reviewed 13 state agencies’ plans for informa- tion security and concluded that, overall, “planning ef- forts were often perfunctory, security staffing was gener- ally insufficient, and critical security functions were not always performed.” In particular, the auditors said the Office of the State CIO had “not yet provided state agencies with suffi- cient and appropriate infor- mation technology security standards and oversight.” It also did not have processes in place to en- sure that agencies comply with statewide security standards or regulations imposed by federal requirements. “These weaknesses continued because the state abandoned initial secu- rity plans [and] did not assign security roles and responsibilities or provide sufficient security staff,” the audit report states. Even though the governor and CIO have begun to fix the problems, “the solutions will take time, resources and cooperation from state agencies.” The Oregon governor’s office and state CIO largely agreed with the report and said they were tackling the risks according to perceived priorities. In other words, given limited resources, not everything can be fixed at once. Sound familiar? State governments have been under constant pressure in the past decade or more to modernize their IT systems, improve service delivery to the public and cut costs. Along the way, something was bound to break. The Deloitte-NASCIO report cited the evolving complexity of the threat environment as the main challenge for organizations. States “faced with a myriad of priorities and ongoing resource constraints may be hard-pressed to allo- cate sufficient funding to cybersecurity initiatives, [and] competition for top talent can make it difficult to attract the profession- als needed to effectively combat constantly evolving threats,” the report states. However, researchers said chief information security officers have one thing in their favor: State executives are starting to pay more attention to the issue of cybersecurity. That’s nice. Let’s hope that evolves into actual, better cybersecurity soon. • Are states ill-equipped to manage cybersecurity? BY BRIAN ROBINSON CYBEREYE States have been under constant pressure to modernize IT systems, improve service delivery and cut costs. Something was bound to break. GCN JANUARY/FEBRUARY 2017 • GCN.COM 11 0217gcn_011.indd 11 1/31/17 1:42 PM
October and November 2016