A day after a group of IT officials compared cybersecurity to a Las Vegas buffet, Illinois Chief Information Security Officer Adam Ford offered up possibly a more relatable metaphor for the role of security in government modernization.
Upgrading technology and retiring legacy systems, Ford said Thursday, is like “replacing the air conditioner before it goes out.”
“There comes a day when the air conditioning stops working and the 100-degree heat of July comes, and that’s the day I regret not having been proactive,” Ford said during a virtual summit hosted by CrowdStrike. “Modernization is one of the keys to becoming more secure. The challenges are many. There are a lot of systems states have that have existed for 30, 40 years.”
Ford, who said the air-conditioning system at his home is about 17 years old, called modernization one of government’s biggest stumbling blocks to becoming more secure, especially as longstanding agency practices can no longer keep up with contemporary risks to their operations. Too often, he said, government entities are solely focused on the systems that are tied directly to the services they provide, even if more critical vulnerabilities lie elsewhere.
“Agency priorities sometimes don’t align with hygienic maintenance that’s required to do modern cybersecurity,” he said. “It becomes an issue of working with agency stakeholders to prioritize updating systems that may or may not be mission-critical. Governments are used to performing a function in a set way that was developed 25 years ago. There’s a lot of challenges for those employees to shift.”
But Ford credited his state’s leaders with being proactive about the relationship between security and modernization, and listed a number of upgrades he’s led to protect public services. Among those were an increased focus on identity and access management, including a digital ID program used by about 60 state offices, and a move toward zero-trust architecture. Ford added that those initiatives can translate into an improvement in service delivery, especially as the pandemic accelerated modernization efforts.
“If we’re going to do the effort to modernize, it makes sense to do so in a way that adds value to our residents,” he said. “Adding multi-factor authentication to 60 different interactions helps security and citizen engagement. I think it’s a huge driver, in peer with the COVID response.”
And just as home heating and air systems require regular maintenance, Ford said IT modernization is not a one-off act.
“We’re not just going to modernize now and then we’re good,” he said. “We talk about hygiene. You brush your teeth every day.”