Cybersecurity goes beyond securing the perimeter, state experts say

Cybersecurity is aboutmore than just preventing external access tonetworks, state information technology experts said.

Tech executives must find ways toprotect theassets that are inside as well assecure their networks’ ever-changing borders,experts from Florida and Virginia said on the latest episode of StateScoop Radios Priorities podcast.

I think at some point, we have to come to terms with the fact that we have as a community failed to effectively prevent or even reduce the impact of breaches, JackieWynn,the vice president of global public sector strategy for RSA Security, said on Priorities.I think this is a failure that is due to a focus solely just on preventive approaches, and like all castles weve built in history, theyre ultimately always breached.

On the National Association of State Chief Information Officers annual top 10 priority list, cybersecurity has appeared as the top priority every year since 2014. In 2013, it was priority No. 3, while it ranged from priority No. 1 to No. 7 since the creation of the Top 10 list in 2006.

During the discussion, Danielle Alvarez, the chief information security officer for the state of Florida, said it’s hard to prevent breaches, especially with the rise of cloud computing which expands the location ofstate’s data assets from insidephysical internal networks to other data centers and locations all over the world.

The changing perimeter is a significant threat because its no longer within our four walls where weve heavily relied on those perimeter-based technologies, she said. Now, with the perimeter changing and growing out into the cloud, its changing the way we have to look at cybersecurity, its changing the toolset, its changing the training.

On the podcast:

• Danielle Alvarez, chief information security officer, Florida
• Mike Watson, chief information security officer, Virginia Information Technologies Agency
• Jackie Wynn, vice president of global public sector strategy, RSA Security

Things to listen for:

• In Florida, the Agency for State Technology is looking to adopt a risk-based cybersecurity framework for state agencies and develop situational awareness practices for state employees, Alvarez said.
• As Virginia Information Technologies Agencys CISO, Watson oversees the security operation of the states more than 60,000 endpoints, approximately 4,000 servers and 1.5 petabytesof data.
• The silver tsunami an approaching wave of retirees from the public sector workforce presents seriouschallenges to state cybersecurity and information technology operations, Wynn said.
• Without much explanation, phishing attacks on Virginia employee email accounts spike every April, Watson said.
• While neither Virginia nor Florida has experienced a significantransomware attack, Watson and Alvarez said their states are on alert and actively trying to prepare themselves for it.

Priorities is StateScoops monthly podcast that examines the leading strategies, technologies and challenges that state CIOs expect to face this year. This episode of Priorities was sponsored by RSA Security.

In addition to listening to Priorities on StateScoop.com, you can now subscribe to the podcast on iTunes and have episodes delivered directly to your podcasts app on your smartphone when they are released.

Contact the reporter who wrote this story at jake.williams@statescoop.com , and follow him on Twitter @JakeWilliamsDC .