There are many hurdles toward modernizing local-government cybersecurity, but one of the most urgent may be getting local leaders to take cyber hygiene more seriously, including by not recycling short, easy-to-guess passwords, county IT officials said Wednesday.
“I’m pretty sure I have a lot of elected officials using the George Costanza model where ‘Bosco’ is their password for everything,” said Riverside County, California, Chief Technology Officer Daryl Polk, referencing a 1995 episode of “Seinfeld” in which the irritable character played by Jason Alexander reveals his ATM code is the name of a chocolate-syrup brand.
Polk, speaking at a cybersecurity conference in Washington hosted by CompTIA’s Public Technology Institute, said eventually moving beyond passwords is one of many modernization goals. “The password has got to die,” he said, predicting traditional passwords may one day be supplanted by authorization tokens.
Beyond speaking about passwords and making sitcom references, Polk said the past few years have been a constant scramble for government IT, with pandemic-era steps like widespread remote work forcing sudden changes.
“We’re rolling dice we’ve never had to roll before,” Polk said. “The pandemic forced us to take the Bird scooter approach to IT. If you remember when Bird came through and dropped thousands of scooters on streets and said ‘have fun.'”
Polk said the seemingly overnight appearance on city streets of electric scooters available to rent by the minute forced transit planners nationwide to suddenly have to oversee micro-mobility services alongside buses and rail. Accommodating the workforce of Riverside County — the country’s 10th-biggest county, with a population of nearly 2.5 million — to COVID-19 conditions required a similar feat of “reverse engineering,” he said.
What’s more, local governments are unlikely to find any serenity now, Polk told StateScoop after his panel.
“Chaos was the exception [in IT],” he said. “That crept into a lot of spaces. This was a wave that crashed.”
Riverside County CIO Jim Smith said that wave involves moving more of the county’s applications to cloud platforms. About half the county’s systems have been migrated, creating new, dynamic costs at a time when county leaders are asking the IT department to keep its expenses flat. (Some critical systems, like the county’s enterprise resource planning system, remain housed in an on-premises data facility, he said.)
“We have to be able to adapt to dynamic costs,” Smith said. “Every single department is looking to be tech driven.”