Legacy cybersecurity plans won’t work during pandemic, says Illinois treasurer’s CIO
With many government employees still staying home as the COVID-19 pandemic continues to ravage large parts of the country, it’s more important than ever that IT agencies have a clear picture of who and what’s connecting to the networks they manage, according to Joseph Daniels, the chief information officer for the Illinois State Treasurer’s office.
“If you think of the environment we’re in now since COVID-19, we need to be able to touch every single device that’s out there on the internet,” Daniels told Scoop News Group’s Wyatt Kash. “Everything that’s in our care, it is not inside our walls anymore. If we keep using those legacy IT plans to take care of those endpoints that are outside of our reach, we’re never going to be able to keep up securing our agencies.”
But Daniels also said that it’s crucial for CIOs and chief information security officers to seek the buy-in of their agencies’ workforces when considering security initiatives.
“Everyone wants to have their say, and when you are more inclusive in that discussion, you tend to get better feedback,” he said.
Daniels was also asked about election security, an issue about which his counterparts in the Illinois State Board of Elections are well aware, especially after the state’s voter registration database was the target of a July 2016 hacking attempt by Russian intelligence officers. But Daniels said he has confidence in Illinois’ election officials.
“I have complete faith in the election officials who are charged with overseeing the process,” he said.
Still, Daniels returned to the security challenges posed by the newly remote workforce, and the need keep track of all the users and devices.
“All of our devices and people are touching hundreds of different networks daily,” he said. “If we’re not using the right tools, we’re not going to be able to do anything to fix that area. You’re basically working in the dark.”
This video was recorded as part of CrowdStrike’s 2020 Fal.Con for Public Sector Virtual Cybersecurity Conference, produced by FedScoop & CyberScoop.