Idaho reviews cyber incident response plans

Idaho Chief Information Security Officer Thomas Olmstead believes his state has three clear areas to focus on as it looks to bolster its cyber defenses over the next six months: People, processes and technology.

With the number of cyber threats constantly increasing, Olmstead said his staff and the rest of the Office of the Chief Information Officer will be working over the coming months to nail down their standards in those fundamentally important areas of cybersecurity.

“We want to make sure that the people are trained and aware of the threat vectors that are out there and have the skills to handle potential contacts from threats,” Olmstead told StateScoop during an interview at the National Association of State Chief Information Officers’ annual conference in October.

He also stressed the importance of ensuring that department’s cybersecurity processes and technology are current – that “we have a good handle on how incidents are going to be handled,” he said, and have the technology “controls that will deal with the active threat environment.”

Olmstead said the most recent estimate he received from the state’s industry partners suggests that “there are approximately 400 international cyber gangs out there trying to breach information systems to get everything from social security numbers to health records.” Accordingly, he feels “the sheer volume of threat actors” out in the world means that Idaho can’t afford to lag behind in this area in the near future.

“There’s such a large number of actors out there that are trying to penetrate the network, so we have to take a holistic approach,” Olmstead said.