Continue to StateScoop.com

Cybersecurity goes beyond securing the perimeter, state experts say

In the fifth episode of StateScoop Radio’s “Priorities” series, state tech execs say security must be integrated into every aspect of the network.

Jake Williams
Bio
Jake Williams Associate Publisher & Director of Strategic Initiatives

Jake Williams is currently the Associate Publisher & Director of Strategic Initiatives for StateScoop, based in Washington, D.C., where h...

Cybersecurity is about more than just preventing external access to networks, state information technology experts said. 

Tech executives must find ways to protect the assets that are inside as well as secure their networks' ever-changing borders, experts from Florida and Virginia said on the latest episode of StateScoop Radio’s “Priorities” podcast.

“I think at some point, we have to come to terms with the fact that we have as a community failed to effectively prevent or even reduce the impact of breaches,” Jackie Wynn, the vice president of global public sector strategy for RSA Security, said on Priorities. “I think this is a failure that is due to a focus solely just on preventive approaches, and like all castles we’ve built in history, they’re ultimately always breached.”

On the National Association of State Chief Information Officers’ annual top 10 priority list, cybersecurity has appeared as the top priority every year since 2014. In 2013, it was priority No. 3, while it ranged from priority No. 1 to No. 7 since the creation of the Top 10 list in 2006.

During the discussion, Danielle Alvarez, the chief information security officer for the state of Florida, said it's hard to prevent breaches, especially with the rise of cloud computing — which expands the location of state's data assets from inside physical internal networks to other data centers and locations all over the world.

“The changing perimeter is a significant threat because it’s no longer within our four walls where we’ve heavily relied on those perimeter-based technologies,” she said. “Now, with the perimeter changing and growing out into the cloud, it’s changing the way we have to look at cybersecurity, it’s changing the toolset, it’s changing the training.”

On the podcast:

  • Danielle Alvarez, chief information security officer, Florida
  • Mike Watson, chief information security officer, Virginia Information Technologies Agency
  • Jackie Wynn, vice president of global public sector strategy, RSA Security

Things to listen for:

  • In Florida, the Agency for State Technology is looking to adopt a risk-based cybersecurity framework for state agencies and develop situational awareness practices for state employees, Alvarez said.
  • As Virginia Information Technologies Agency’s CISO, Watson oversees the security operation of the state’s more than 60,000 endpoints, approximately 4,000 servers and 1.5 petabytes of data.
  • The silver tsunami — an approaching wave of retirees from the public sector workforce — presents serious challenges to state cybersecurity and information technology operations, Wynn said.
  • Without much explanation, phishing attacks on Virginia employee email accounts spike every April, Watson said.
  • While neither Virginia nor Florida has experienced a significant ransomware attack, Watson and Alvarez said their states are on alert and actively trying to prepare themselves for it.

Priorities is StateScoop’s monthly podcast that examines the leading strategies, technologies and challenges that state CIOs expect to face this year. This episode of Priorities was sponsored by RSA Security.

In addition to listening to Priorities on StateScoop.com, you can now subscribe to the podcast on iTunes and have episodes delivered directly to your podcasts app on your smartphone when they are released.

Contact the reporter who wrote this story at jake.williams@statescoop.com, and follow him on Twitter @JakeWilliamsDC.

Join the Conversation

Related Articles