Government Technology - April 2008 - (Page 31) but there is a revenue recession,” he said. “IT always has had a tough time competing with cops and kids when funding gets tight. Now security is going to have a hard time competing against IT, cops and kids. Absent some sort of high-profile incident, getting legislative and budget focus on security is going to be difficult.” Weakest Link Sometimes even the survey’s good news was bad news. Although 80 percent of respondents said their organizations have formal security policies and 60 percent have hired CISOs, the remaining agencies could be the soft underbelly of increasingly networked government operations. “Public agencies don’t operate alone in an environment,” Taylor said. “If you subscribe to the weakest-link theory, then agencies without security plans and without a point person for security are going to negatively impact that environment.” Plugging security holes isn’t easy. Some states and localities have attempted to build stronger security measures into their enterprise technology services, which can bring all agencies up to a minimum standard, but also drives up prices for critical services. “If you roll that cost into your service rates, then all of a sudden customers start screaming,” Taylor said. “It also becomes a proportion test. Some customers will be paying a disproportionate amount of the cost of security for things they don’t use, just to protect the whole sandbox from a few bad actors.” Collaboration, Pelgrin said, is vital to addressing these security shortcomings. Sharing of data and expertise between agencies raises overall security awareness, and cooperative purchasing arrangements can cut the cost of deploying IT security measures. As evidence, he pointed to a federal government contract for hardware and software encryption products. The blanket purchase agreement — created by the U.S. Department of Homeland Security, Department of PHOTO COURTESY OF GOOGLE EARTH New York State Office of Cyber Security and Critical Infrastructure Coordination uses graphical tools such as Google Earth to increase understanding of cyberattacks. These representations are designed to help CISOs win critical security funding from decision-makers. “NO MATTER HOW GOOD YOU ARE, THE BAD GUYS ARE CHANGING EVERY SINGLE DAY. WE’RE NEVER DONE. WE’RE ABSOLUTELY NEVER DONE.” Will Pelgrin, director, New York State Office of Cyber Security and Critical Infrastructure Coordination According to the survey, respondents currently have little awareness of security problems at the public agencies or thirdparty organizations with which they exchange data. More than half of respondents said they didn’t know if any of their main data trading partners had experienced a security breach or loss of sensitive data. Security Tools Defense, Office of Management and Budget, and General Services Administration — is open to state and local governments, and should provide them with lower prices on tools for protecting sensitive data. New York state CSCIC office worked with the federal agencies to ensure the contract met the needs of state and local agencies, Pelgrin said. The agreement gives even the smallest agencies access to good prices on a collection of expertly chosen security tools. Pelgrin said the agreement may convince agencies that would otherwise sit on their hands to purchase and implement badly needed protection. “There are people who want to buy and that’s great, and they would probably go down this road no matter what,” he said. “But the point that I really wanted to address is how do we get people who really weren’t going to go into this arena right now, but really should?” It’s a Journey … Ultimately the mixed results of this year’s survey may simply reflect the nature of information security. Government Technology readers clearly are making progress on security issues, but the job is never truly finished. And for astute public officials, it seems the more visibility and understanding they have of security issues, the more there is to worry about. “No matter how good you are, the bad guys are changing every single day,” Pelgrin said. “We’re never done. We’re absolutely never done. As long as it’s profitable out there, as long as we are human and make mistakes, somebody is going to try to take advantage of it.” GT Respondents to the Government Technology survey use the following IT security tools. Firewalls Encryption Intrusion-detection systems/A-V/other detection Data backup User security/ID management Intrusion-prevention systems/filters Internet security Have no idea 92% 64% 21% 85% 72% 51% 67% 6% 31 http://www.govtech.com
Table of Contents Feed for the Digital Edition of Government Technology - April 2008 Government Technology - April 2008 Contents Point of View Big Picture The Last Mile On the Scene Four Questions for... Freeze Frame How Safe Is Your Data? Easy Street Gadget Overload Indiana Overhaul First Person: A Better Bill Data Defense Strength in Numbers Public Storage Products Two Cents Spectrum Personal Computing signal:noise Government Technology - April 2008 Government Technology - April 2008 - Government Technology - April 2008 (Page 1) Government Technology - April 2008 - Government Technology - April 2008 (Page 2) Government Technology - April 2008 - Government Technology - April 2008 (Page 3) Government Technology - April 2008 - Contents (Page 4) Government Technology - April 2008 - Contents (Page 5) Government Technology - April 2008 - Contents (Page 6) Government Technology - April 2008 - Contents (Page 7) Government Technology - April 2008 - Point of View (Page 8) Government Technology - April 2008 - Point of View (Page 9) Government Technology - April 2008 - Big Picture (Page 10) Government Technology - April 2008 - Big Picture (Page 11) Government Technology - April 2008 - The Last Mile (Page 12) Government Technology - April 2008 - The Last Mile (Page 13) Government Technology - April 2008 - On the Scene (Page 14) Government Technology - April 2008 - On the Scene (Page 15) Government Technology - April 2008 - Four Questions for... (Page 16) Government Technology - April 2008 - Four Questions for... (Page 17) Government Technology - April 2008 - Freeze Frame (Page 18) Government Technology - April 2008 - Freeze Frame (Page 19) Government Technology - April 2008 - Freeze Frame (Page 20) Government Technology - April 2008 - Freeze Frame (Page 21) Government Technology - April 2008 - Freeze Frame (Page 22) Government Technology - April 2008 - Freeze Frame (Page 23) Government Technology - April 2008 - Freeze Frame (Page 24) Government Technology - April 2008 - Freeze Frame (Page 25) Government Technology - April 2008 - How Safe Is Your Data? (Page 26) Government Technology - April 2008 - How Safe Is Your Data? (Page H1) Government Technology - April 2008 - How Safe Is Your Data? (Page H2) Government Technology - April 2008 - How Safe Is Your Data? (Page 27) Government Technology - April 2008 - How Safe Is Your Data? (Page 28) Government Technology - April 2008 - How Safe Is Your Data? (Page 29) Government Technology - April 2008 - How Safe Is Your Data? (Page 30) Government Technology - April 2008 - How Safe Is Your Data? (Page 31) Government Technology - April 2008 - Easy Street (Page 32) Government Technology - April 2008 - Easy Street (Page 33) Government Technology - April 2008 - Easy Street (Page 34) Government Technology - April 2008 - Easy Street (Page 35) Government Technology - April 2008 - Gadget Overload (Page 36) Government Technology - April 2008 - Gadget Overload (Page 37) Government Technology - April 2008 - Gadget Overload (Page 38) Government Technology - April 2008 - Gadget Overload (Page 39) Government Technology - April 2008 - Indiana Overhaul (Page 40) Government Technology - April 2008 - Indiana Overhaul (Page 41) Government Technology - April 2008 - First Person: A Better Bill (Page 42) Government Technology - April 2008 - First Person: A Better Bill (Page CA1) Government Technology - April 2008 - First Person: A Better Bill (Page CA2) Government Technology - April 2008 - First Person: A Better Bill (Page CA3) Government Technology - April 2008 - First Person: A Better Bill (Page CA4) Government Technology - April 2008 - First Person: A Better Bill (Page CA5) Government Technology - April 2008 - First Person: A Better Bill (Page CA6) Government Technology - April 2008 - First Person: A Better Bill (Page CA7) Government Technology - April 2008 - First Person: A Better Bill (Page CA8) Government Technology - April 2008 - First Person: A Better Bill (Page 43) Government Technology - April 2008 - Data Defense (Page 44) Government Technology - April 2008 - Data Defense (Page 45) Government Technology - April 2008 - Strength in Numbers (Page 46) Government Technology - April 2008 - Strength in Numbers (Page 47) Government Technology - April 2008 - Public Storage (Page 48) Government Technology - April 2008 - Public Storage (Page 49) Government Technology - April 2008 - Public Storage (Page 50) Government Technology - April 2008 - Public Storage (Page 51) Government Technology - April 2008 - Products (Page 52) Government Technology - April 2008 - Two Cents (Page 53) Government Technology - April 2008 - Spectrum (Page 54) Government Technology - April 2008 - Spectrum (Page NW1) Government Technology - April 2008 - Spectrum (Page NW2) Government Technology - April 2008 - Spectrum (Page NW3) Government Technology - April 2008 - Spectrum (Page NW4) Government Technology - April 2008 - Personal Computing (Page 55) Government Technology - April 2008 - signal:noise (Page 56) Government Technology - April 2008 - signal:noise (Page 57) Government Technology - April 2008 - signal:noise (Page 58) Government Technology - April 2008 - signal:noise (Page 59) Government Technology - April 2008 - signal:noise (Page 60)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.