Mississippi tallying ‘big wins’ in cybersecurity

Mississippi is on an upward trajectory when it comes to its cybersecurity governance, state Chief Information Officer Craig Orgeron says in a video interview with StateScoop.

“[There have been] a couple of big wins for us in the last few years,” Orgeron says. “We had our enterprise security law was passed a couple years ago, implemented. We’re rolling with our security council, [and it’s] been pretty productive.”

Mississippi Gov. Phil Bryant signed the state’s Insurance Data Security Law, also known as Mississippi’s Cybersecurity Law, into being in April. Orgeron says that’s been a milestone for the evolution of the state’s IT.

He says the state is also making progress on various “boots-on-the-ground” cybersecurity projects.

“We’re looking at enterprise-wide [virtual private networks] now and a secure web gateway before the end of the year. And we had an additional legislative victory thanks to our legislature. We got past a FOIA-exemption for cyber data,” Orgeron says. “This year the governor has signed and I think it’s a good bill for Mississippi government. So all in all, pretty good progress.”

The state may be making progress, but according to Mississippi Auditor Shad White, it’s not enough. In an Oct. 1 report, White’s office released a report showing that of 125 entities to recieve a recent mandatory cybersecurity survey, 54 did not reply, and of those that did, more than half fail to meet at least 75 percent of the state’s cybersecurity requirements.

“Many state entities are operating like state and federal cyber security laws do not apply to them,” the report says.

And the state’s recent cybersecurity law will be progressively more difficult to comply with in the coming years. By July 2020, all entities governed by the law must “establish a comprehensive, written information security program.” And further requirements will follow in 2021.

Orgeron on his top priorities:

“It’s an election year in Mississippi, so we’re very focused on election security. The secretary of state is part of the elections ISAC, sort of a sister agency to the MS-ISAC, so [we’re] pretty focused on that.“

Orgeron on cloud computing:

“This market is changing so rapidly, our expectation is there’s going to be reach outs to other public clouds, maybe Azure, maybe AWS, and really we are going to see ourselves in that broker role.”

Orgeron on how he sees his role changing with emerging technology:

“I think for sure there’s a leadership component. Part of it is ‘translator in chief,’ right? What is blockchain, how does [the internet of things] impact the things we’re doing?”

These videos were produced by StateScoop at the National Association of State Chief Information Officers’ midyear conference in National Harbor, Maryland, in May 2019.