states-agenciesJust a few short years ago, the State of Virginia networks had been plagued with enormous amounts of malware. What began as 200 attacks per quarter increased to 250 and then topped off at 350 by the second quarter of 2013. Drastic measures were in order.

Today, Virginia is in a much better position, due to the fast action of state IT leaders. Malware attacks are at an all-time low of 50 per quarter as a result. In a recent interview with StateTech’s Calvin Hennick, Virginia Chief Information Security Officer Michael Watson and other state CIOs describe the strategies each state takes to combat today’s security threats:

Virginia: Reduces the number of users with local administrative rights by 60,000 and push out approximately 35,000 Java patches. The IT department arrived at the solution after running detected viruses through virtual sandboxes. Malware initially made its way onto desktops due to vulnerable Java software, but was much easier to execute when machines had local administrative rights.

Iowa: Uses Tripwire IP360 to continuously scan its system for everything from faulty Windows patches to machines that are protected only by default passwords. As a result, the state has cut its vulnerabilities in half in the past year, says CISO Jeff Franklin.

California: Has called in the National Guard’s cybersecurity network defense team to assist with risk assessment for its IT operations — for free at first, and now at a reduced rate. “We are starting to see some really positive results,” says Michele Robinson, the state’s CISO.

Massachusetts: CISO Kevin Burns says his state has worked with both the U.S. Department of Homeland Security and the Multi-State Information Sharing and Analysis Center to check for cybersecurity vulnerabilities. The quality of these technicians is amazing,” Burns says of the MS-ISAC group. “It’s a plethora of services that are free.”

Funding: According to the 2014 Deloitte-NASCIO Cybersecurity Study, CISOs draw on these funding sources to pay for projects not covered by their state cybersecurity budgets:

49% – U.S. Department of Homeland Security

33% – Business/program stakeholders

33% – Other state funding

18% – State emergency management

18% – Other federal funding

16% – Affordable Care Act

For more information on state security strategies and cybersecurity funding, see the full StateTech article.


IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.


Agencies Strategize and Band Together for Cybersecurity

Leave a Reply