Alaska’s CISO moved to DHS as state dealt with cyberattacks
Alaska’s chief information security officer, Mark Breunig, recently took a new position as a cybersecurity adviser with the U.S. Department of Homeland Security. The move, which happened last month, according to his LinkedIn profile, came against the backdrop of two cyberattacks that affected Alaska’s court system and Department of Health and Social Services, the state’s lead agency responding to the COVID-19 pandemic.
Breunig had been hired as the state CISO in January 2019. The Alaska Department of Administration, which includes the state IT bureau, is now recruiting a successor, according to Alaska Public Media, which first reported his departure.
Mark Breunig (LinkedIn)
The Alaska Court System announced May 5 that it was deactivating nearly all its IT systems, including electronic filing, court calendars, online payments of bail and court fees, virtual hearings and external emails for court employees. More than a month-and-a-half later, many of those services have been restored, though the electronic filing has still not been fully repaired, according to the courts’ website.
Gov. Mike Dunleavy on Monday announced $2.4 million in new funding to support public safety initiatives, including $400,000 to improve the court system’s cybersecurity. Mara Rabinowitz, a special projects coordinator for the Alaska Court System, told StateScoop the funding could be used for many services, including endpoint protection, email security, penetration testing and intrusion prevention.
“We are figuring out how best to spend those funds to address the court’s cybersecurity needs,” Rabinowitz wrote in an email.
Meanwhile, the state Department of Health and Social Services said May 18 its website had been taken down due to an attack detected the night before, and that several processes, including vital records searches, would have to be conducted manually. COVID-19 vaccination appointments and information related to the pandemic are hosted by outside vendors and were not affected, the department said. The department’s main website remains offline, replaced by a page with links to vaccination appointments and phone numbers for other services. It also issued a contract to Mandiant for incident response.
The exact nature of both cyberattacks has not been disclosed, and there’s no indication either incident is connected to Breunig’s leaving state government.
Details of Breunig’s new job with the Department of Homeland Security were not immediately available. But he is not the only state CISO to recently take a job with DHS: the department’s Cybersecurity and Infrastructure Security Agency recently hired South Dakota CISO Jim Edman to serve as a statewide coordinator as part of a new program that’s hiring officials in every state to serve as liaisons between CISA and local organizations.
Breunig’s DHS position is based in Anchorage, according to his LinkedIn page.
Colin Wood contributed reporting.
