What will we do about cyber threats?

Information security is of paramount importance — but how secure are we?

Robert S. Mueller became the sixth director of the Federal Bureau of Investigation (FBI) just one week before the attacks of September 11. After dealing with that horrific tragedy and then serving the country another 12 years, he commented as he was leaving that there are no higher threats to the country than cyber threats. While he was speaking about cyber breaches in both the public and private sectors, government is uniquely attractive to many hackers.

Image by Purple Slog licensed under CC BY 2.0.

Image by Purple Slog licensed under CC BY 2.0.

Today, public entities in the United States are susceptible to cyber threats on a daily basis. Protecting sensitive data at a time when public funding is reduced and regulations are changing is more challenging than ever. Add to that dynamic the fact that the world is pushing all data to a digital home and the challenge gets even greater.

Hackers now fall into the category of an Advanced Persistent Threat (APT). Almost weekly, there are newspaper reports about hackers breaching firewalls to enter massive databases with sensitive information. While most news reports involve private-sector firms, public databases are also being compromised on a regular basis. Companies, public entities and average citizens are all vulnerable. That creates an incredibly high demand for cybersecurity solutions.

All states respond differently. Most have an information technology (IT) strategic plan that acknowledges the problem.  But, in far too many cases, there is inadequate funding for what is needed. Still, government requires online medical histories, personal data and business data on an annual basis.

A few government cyber breaches are now legendary. In South Carolina, the Department of Revenue had a data breach that compromised sensitive information related to 6.4 million individuals and businesses.  It was one of the largest breaches in history, and it ended up costing the state more than $25 million.

Another horror story involved the state of Utah where cyber criminals hacked a database that held the personal information of more than 750,000 Medicaid recipients. Numerous public officials saw their careers crash, and it was extremely costly to the state as well.

Cyber threats to public entities are continual and hackers grow more experienced and sophisticated each week. The cost that follows a breach is extremely high, and taxpayers end up carrying the cost. Keeping data totally protected is extremely difficult.

As states begin to implement plans for 2016, most chief information officers (CIOs) will make sure that cyber threats and security challenges are addressed. A few may receive adequate funding but most will not. Technology staffing is a critically important aspect of security protection, and it is hard for cities, counties, public hospitals and state agencies to compete with the private sector for talent. The problem is serious and one that every citizen should recognize.

What do public-sector CIOs really need?  This would be a good start:

  • More funding from government;
  • Skilled technicians – which are always in short supply because private-sector salaries are higher;
  • Cyber security solutions that are affordable to public entities:
  • Trusted private-sector partners willing to share time and talent with CIOs throughout the country; and
  • Legislators, budget writers and taxpayers who understand the dilemma and will encourage more funding for government cyber security.

To keep up with all the latest news in public sector technology, subscribe to SPI’s newsletters.