Adam Ford, CISO of Illinois

What are the lessons from the pandemic you think will stick?

That state government can be and has to be more adaptable than we ever thought, that’s first and foremost. Our state, and every state, responded over a couple of weeks that really hadn’t been played out or exercised. The nation of disaster recovery or continuity of operations planning around a building falling down or power being out, that was an assumption that was put on its head. We can be more adaptable and more flexible and faster than before.

How do you tackle that from a security perspective?

When you go into cybersecurity and you study for your CISSP, you always talk about life, health and safety being the priority. And we conceptualize that as getting people out of burning buildings and not putting people in dangerous situations. But sending people out to work remotely was in some ways a worst-nightmare scenario in how we provide security. We had to just be adaptive. I don’t know if we were necessarily creative. We were just more adaptable.

What are the cyber issues government leaders should be thinking about most?

Ransomware is the most devastating attack any state or local government can face right now because it’s effectively a robbery and a home fire at the same time. But I think ultimately it goes back to a lot of the basic hygienic stuff. Not that anyone didn’t take it seriously. But we have to know what our environment looks like, what’s in our environment. In many states, in our state and others, historically security wasn’t first. It is now, but some of those systems from 20 years ago have to be modernized and modernized in a way that puts security first. We’re under fire from sophisticated threat actors and have to keep the lights on.