Idaho policymakers are expected to huddle later this month to find new ways to beef up the state’s defenses against cyberattacks.
It’s the second in a series of meetings meant to chart the course of a new cybersecurity task force, which Gov. Butch Otter created in July to find and patch vulnerabilities in the state’s systems.
“Crime and risk is going up almost logarithmically in this area,” Lt. Gov. Brad Little, the task force’s chairman, told StateScoop. “There’s risk to the state from an expense standpoint, an inconvenience standpoint and a security standpoint.”
The task force includes members from the state’s Bureau of Homeland Security, Department of Administration, Department of Health and Welfare, Tax Commission, and Transportation Department. Representatives from the Idaho State Police, several state colleges and universities, and a number of Idaho businesses are also pitching to help the state review and revise its cybersecurity standards.
“It’s already made my job easier in trying to develop improvements in the way we deal with people interacting in the cyber area,” Chief Information Security Officer Thomas Olmstead said. “We’ve been able to basically open a lot of doors, not only in the state agencies, but also in the local community just because it’s raised the awareness level so high.”
Olmstead said the group’s first meeting on Sept. 16 was largely an “orientation,” where agencies delivered briefings explaining where they stand in cybersecurity preparedness and where they hope to be in the future.
They “wanted to point the task force in the direction of placing the assets effectively and efficiently to address those concerns,” Olmstead said. “The cybersecurity task force agreed that they would look at the major concerns that were raised and try to identify efficient solutions, not only at the state level, but also in partnership with local agencies to do that.”
Now Little is trying to set a date for the group’s next meeting, where he’s hoping to hear from state businesses about their cyber concerns and how the government can help address them.
“Those individual companies and industries that are going forward, we just want to not be an impediment to them doing the right thing, and how can we coordinate?” Little said.
But Little noted that he also wants the state to learn from what some companies have already done to make their systems more secure. Hewlett-Packard, memory device manufacturer Micron Technology and a variety of health care companies have set up shop in the state, and Little hopes the state can benefit from “best practices and the low hanging fruit” they have to offer.
Olmstead said that will be particularly important as the state tries to get the most out of its limited IT resources: Idaho ranks 47th in the nation in IT spending according to Deltek’s “GovWin” database, with a projected total of $82 million for 2015.
“There’s competing requirements for resources to support multiple initiatives, so a lot of what we try to do is collaborate with other information security professionals, not only at the state level, but also in industry to identify best practices and existing solutions that you can leverage and take those limited resources and be effective,” Olmstead said.
Little admitted that the task force’s recommendations could end up persuading the state to change its “purchasing criteria” for IT, especially as Idaho tries to stay ahead of the curve in the rapidly evolving field.
“Every day, the cyber crime community comes up with new and inventive ways to get access to people’s data,” Little said. “What do we do from a preventive standpoint and what do we do offensively from a structural backbone and systems standpoint to where we’re not playing defense, we’re trying to get ahead of them, that’s where we’re going.”