IT security, or cybersecurity, an area identified as a critical need in state government, ensures vital information on the state’s financial and other systems is protected. Cybersecurity also ensures there are robust safeguards for data containing information on state employees and members of the public who may interact with state government in a variety of ways, from paying taxes to applying for camping permits.
When putting together its supplemental budget request for the 2016 legislative session, the Office of Enterprise Technology Services (ETS) placed a high priority on cybersecurity. And the agency saw the most pressing security need to be the addition of skilled security specialists.
What’s a CISO?
In particular, ETS wanted to secure a state chief information security officer (CISO) to establish security standards and to ensure the state stays current with best practices in security. Without a CISO to develop and lead a comprehensive statewide cyber security program, the state could face an increasing risk of successful cyber attacks. The Legislature agreed, and in addition to the CISO, added two new cybersecurity positions.
Each day, the state network experiences millions of potential Internet security threats, and the number continues to grow. Cyber attacks that succeed can result in millions of dollars in damage and expenses. States that experience security breaches are required to not only repair the system damage and restore network safety, but they must also determine if any confidential data, such as personally identifiable information (PII), was exposed, in which case notifications must be issued. Developing a skilled and knowledgeable workforce in-house goes a long way to addressing risk.
Making Network Security Comprehensive and Cost-Effective
Consistent with industry practice, ETS typically does not disclose details of its cybersecurity strategies and tools — for obvious reasons.
But ETS recently shared with THG leadership that the state has established new partnerships with the Department of Homeland Security and the FBI to leverage federal expertise and resources to secure the state government network. ETS is also pursuing the most cost-effective solutions for Hawaii’s cybersecurity needs by providing additional training to state employees. Training employees enables the state to shift a majority of security work previously done by contractors to skilled state personnel.
Cybersecurity is an area where CIO Todd Nacapuy has said the state can do the job even more effectively in-house, without relying unnecessarily on external contractors. Allocating resources in this manner provides a positive return on investment in cybersecurity and all state IT projects, while delivering benefits to system security and workforce development, as well as reducing the cost of operations.