You can take steps to protect the information, the best you can. You can make the effort to get to the information so hard that only a professional, or a nation state or large scale actors can try. You can lock your door; put a dead bolt, three locks, and an alarm system on it. But a professional thief is going to get in your house. It comes down to encryption technologies or biometric technologies and the security of the data inside. The Commonwealth of Virginia uses the list-based model as we have financial data, sensitive healthcare data, the state police’s criminal justice data, and tax data. At the end of the day, technology can help in making sure you know what protections you are taking, how you audit them, and how do you know that the ‘locks’ are good.
Prime Security Concerns
The cost of developing a tool to actually cause a problem is much cheaper now. One can just go to the dark web and pay someone in bitcoins and just download the software, you don’t have to be technically savvy to do it. You can buy this weapon for $10 without having to develop it yourself. The possibility of leveraging somebody else’s tools increases the impact of those tools while reducing its cost. Instead of password getting hacked, you can have weaponized ransomware. This is what keeps me up at night. We make sure that we have highest standards and governance in every approach.
The Commonwealth of Virginia uses the NIST Cybersecurity Framework, trying to be at the forefront of cybersecurity arena. As we spend taxpayers’ funds, we are also working in a cost effective manner using tailored approaches.
Trends in Security Landscape
We are going to find difficulty in having absolute privacy. Our phone has seven different applications that need to know where you are, and you get ads based on your location. You can either back out of the technology or give up some security and privacy through acknowledgeable understanding. The governor used cybersecurity as a vehicle to grow Virginia’s economy, encouraging individuals to go into the field and diversify Virginia’s economy moving forward. In Virginia, we have taken significant steps for veterans and people in community colleges, to get trained and certified as cybersecurity professionals— availing thousands of jobs openings.
Being a CIO is not for the faint-hearted as you need to have a sense of a purpose and urgency. Time and technology wait for none, especially in the cyber area. The Stone Age didn’t end because they ran out of rocks, but because something better came along. There are a thousand ways to say no, find a way to get the yes. Delegate power to your staff, train them and liberate them—as micromanaging doesn’t work in the IT field. You’ll be amazed at what you can get done if you don’t care who gets the credit.
CIOs Role with Changing Security Landscape
Fundamentally, the CIO has become more of an influencer—a communicator between executive and employees, and an identifier of trends and governance. The reason being, with the advent of cloud technologies, platform infrastructure, and Software-as-a- Service, we see a lower barrier for being able to pick and choose what we want. And at the end of the day, the CIO is accountable for the choices and the directions of the organization. Especially in the public sector, the CIO’s accountability, authority, and responsibility triangle are very strong, compelling CIOs to keep an eye on the technological changes. Sometimes technology changes faster than the CIOs are willing to, but they have to be adaptable, by focusing less on the technology and more on the business operations. The CIO, who works with his team, empowers the individuals, and takes ownership of the issue will survive. Basically, if you don’t trust your staff and try to be more of an autocratic individual, you’re going to miss a lot of opportunities.