San Francisco's new CISO comes from Kaiser Permanente, Deloitte
January 18, 2018
The recent hire fills a gap in the city's IT security leadership that been left without a full-time replacement since May.
Commentary: A former Texas state chief information officer draws on her public sector experience to guide government leaders through incidents like the recent ransomware attack known as 'WannaCry.'
As the sun rose in time zone after time zone on May 12, 2017, IT professionals across the world awoke to find their networks under attack by a bit of malicious code that came to be known as the WannaCry virus. A particularly troubling piece of ransomware, it froze computer systems and demanded $300 bitcoin payments in return for releasing each trove of locked-out documents.
While WannaCry hit NHS hospitals in Britain the hardest before being knocked down by one intrepid IT expert, the loophole-exploiting code showed the vulnerability of large legacy networks. As the owners of some of the nation’s largest legacy networks, state-level CIOs are under the gun to ensure their systems won’t fall prey to future attacks. A key step is to ensure regular backups to data and system patches are applied to systems to reduce the chances of ransomware infections and limiting their impact. However, there are some analog methods IT leaders can employ in response to their digital challenges as well:
Build bridges between agencies.
While firewalls are a huge part of successful security, similar barriers between agency leaders can prove harmful in the face of cyberattacks. In the same way that more hands make less work on big tasks, connected CIOs and CTOs can alert one another to emerging problems, discuss best practices and offer technology assistance when workflows are peaking under duress. These relationships start with the simple step of getting people to the same table where they can see each other as human beings with similar challenges, complementary interests and a commitment to the same taxpayers. So take simple steps to start those connections, ranging from simply having a friendly lunch with your counterparts to creating a security advisory committee with agency representatives encouraged to provide input. During my tenure as CIO for the state of Texas, we chartered the Statewide Information Security Advisory Committee (SISAC), made up of information security professionals from state and local government. This group not only fostered cross-pollination between members, it also made frequent recommendations to the Texas Department of Information Resources for more effective information security operations.
Align with capable private sector partners.
Anyone who has worked in government at the state or federal level knows that the complexity of problems and the speed of solutions are often inversely proportional. Slowed by the challenges of government appropriations processes and tight budgets, new technologies and techniques struggles to emerge from within government entities. Therefore, CTOs and CIOs should deliberately seek out private sector partners whose freedom to innovate in the private sector can accelerate your responsiveness and abilities.
Aggressively seek accountability.
This one can be especially tough for leaders who live under the microscope of a state legislature, but the insights of third-party evaluators can shine light on problems you might otherwise have trouble getting fixed. During my time as the CIO for Texas, I sought the aid of a well-known consulting firm to audit our systems. Selling that investment to my bosses in the capitol wasn’t easy, but their ability to survey our systems, point out potential failure points and recommend corrective actions sped up our progress toward a secure, scalable IT infrastructure.
At the end of the day, the IT infrastructure that states rely upon to do everything — from track children in the foster care system to maintain inventory numbers on yellow legal pads — will be vulnerable to infiltration. After all, they are called upon to withstand attacks from some of the best hacking minds on the planet, oftentimes working together to pierce the veil of security. However, by making a team effort steeped in accountability, CTOs and CIOs can strengthen their defenses and protect the data that is so vital to taxpaying citizens.