December - 20199GOVERNMENT CIO OUTLOOKto serve both the traditional and digital citizen compels the Government to maintain lower service cost. Security is one of the areas that suffer from under investment. To pull ourselves from the threat of sinking under the surface, states must take two fundamental actions. The first action is to continue those incremental improvements that steadily reduce risks. Executives at the highest levels must understand the risks and be briefed on what is being done to improve. The executives must then set the tone for improvement. Security and business teams must measure their performance on critical controls and practice responses for the inevitable breach.The State of Connecticut has begun the conversation about how to improve cybersecurity in a strategic manner. The Connecticut Cybersecurity Strategy, released in July 2017, outlines an approach to reducing the risks facing the state. The Strategy begins the conversation on how to take incremental improvement to the entire state.The second necessary, fundamental action to improve our security environment is to boldly rethink everything we believe to be true about how we operate in the digital age. Examples include:· Passwords as an authentication method should be completely eliminated. They have not provided a reasonable measure of security since the closed networks of the 70's. Perhaps we need a digital identity authority that can be used by both the public and private sector to improve our insight into who may be accessing our systems. · States should reorganize service delivery by focusing on a digital platform that can be used to process all transactions. This digital platform must be citizen focused and secure. Governments would bring these digital services to technology disadvantaged citizens through the use of trusted and expert assisters.· The public sector should lead the effort to bring the element of trust to the internet. Trusted machines, trusted users, trusted Internet Service Providers and trusted networks. There are segments of the internet in which it is acceptable to remain free and anonymous for those who choose to browse and lurk. That is one branch of the internet family tree. However, a fundamentally different and trusted internet is required given the need to protect the identities, health records, financial information and privacy of all digital citizens.Action one is required to continue to stay above water. Even the most accomplished swimmer will tire after treading for extended periods of time. The public sector should heed that warning. Action two is required to bring confidence and control to the digital services upon which our citizens rely. It may still be possible to have an enjoyable "cyber sail", but to get there, we must navigate some choppy water ahead.
< Page 8 | Page 10 >