The state's chief information security officer tells StateScoop about his cybersecurity vision, how emerging tech factors in and the department's next steps with information security.
For Peter Liebert, California's chief information security officer, making cybersecurity a key piece in everything the state does is a huge part of how to strengthen the state's information security posture.
Liebert, in an April video interview with StateScoop, points to the state Department of Technology's Vision 2020 plan. One of the key pillars of which, he says, revolves around cybersecurity.
“One of the three key pillars [of the Vision 2020 plan] is something called secure delivery — and the idea is that everything we do we want to make sure that we deliver it securely and that’s how we focus our efforts,” Liebert says.
In addition to the release of the state's Vision 2020 plan, California also released its Cybersecurity Maturity Metric — a framework designed to make cybersecurity more understandable to senior leadership.
"[The metric is] a zero to four scale," Liebert says. "Zero being you're not mature, four being you're mature."
The scoring system is "easily comprehensible," Liebert says, and has "very complex systems of metrics" under that 0-4 scale that evaluate the actual maturity of the systems.
With an ever-increasing amount of emerging technology on the horizon, Liebert says, taking a security-first approach to both emerging technology and any amount of technology in the state can be an effective way to address changes in the security environment.
"Whenever I look at any of these technologies, I make sure that there's a layer of security really layered throughout it so we don't have inherit risks that are being brought in," Liebert says.
Going forward, Liebert pointed to the state's Vision 2020 plan as a way to break down silos preventing technology advancement, and to the Department of Technology's efforts to create "one California" for citizens to interact with.
"We work as a team, versus individual silos — or islands of excellence," Liebert says. "Unfortunately with those islands of excellence, you also get islands of neglect, and that's what we want to avoid."