State Governments under Daily Assault from Increasingly Sophisticated Cyber Attacks

Sunday, October 05, 2014
(AP graphic)

Those who run state computer systems have found themselves in a battle with hackers over protecting information-rich data on their citizens and in some cases the good guys are losing the fight, according to a new report (pdf).


It’s not only a question of personal information getting into the public domain. Computer system breaches also affect the public’s trust in government and cost taxpayers millions, according to the report by the National Association of State Chief Information Officers and the consulting firm Deloitte & Touche.


State computer systems contain a lot of information, including names, addresses, driver’s license numbers, birth certificates, Social Security numbers, credit card numbers, and banking information. Health records in particular are valuable to criminals, so much so that they’ll pay $10 for someone’s health record, compared to $1 for credit card information, Michael Cockrill, chief information officer for the state of Washington, told Jeffrey Stinson of Pew Charitable Trusts.


“You can get pretty much everything on someone out of state computers,” said Srini Subramanian, a state cybersecurity specialist with Deloitte who co-authored the report. “It makes them a very attractive target to cybercriminals.”


The state of California suffered a breach in 2013 and had to pay $5 million to fix the problem. More than 23,000 people’s information was compromised. The state of Montana told 1.3 million people earlier this year that their health information was compromised. The state provided credit monitoring services to the affected people.


Others are attacking state computer systems to protest government or to find information being withheld from the public. Hackers attacked systems in Missouri after the Michael Brown shooting in Ferguson to attempt to find the name of the officer who shot the teen.


Protecting the systems all comes down to money. “About three-quarters of the [chief information security officers] cite the lack of sufficient funding as a major barrier to addressing cybersecurity challenges in their states,” the report said. A small fraction—1% to 2% in many cases—of state’s IT budget goes toward security.


Another problem is attracting qualified individuals to work for cash-strapped state governments, especially in areas such as Washington State where IT professionals are in short supply. “We’ve been hiring people from Eastern Europe to provide security,” Cockrill said. “We’re a training ground for the private sector. They come, they get trained and get paid twice as much or more in the private sector.” Besides the lower pay, information security officers say lack of a clear career path and drawn-out state hiring processes can hurt recruitment.

-Steve Straehley   


To Learn More:

Cyberattacks on State Databases Escalate (by Jeffrey Stinson, Pew)

State Governments At Risk: Time To Move Forward (by Srini Subramanian, Delotte and Touche, and Doug Robinson, National Association of State Chief Information Officers) (pdf)

National Guard Turns to Defending Nation from Cyberattacks (by Danny Biederman and Noel Brinkerhoff, AllGov)


Leave a comment