I’ve spent more than two decades working in the tech sector and know that, as important as cybersecurity is in keeping an organization secure and in business, it is easily overlooked. When up against deadlines and budgetary constraints, security can easily be put on the back burner. However, when the organization in question is the Idaho State government, it’s a much larger problem that could compromise our personal information like tax records, DMV, and voter data, to name only a few important examples. More than identity theft is at risk–we also are exposing the state to the monetary theft of our taxpayer money, resources, and funds that would be spent on an emergency response to a cyber attack.
While the stakes are high, it’s very hard to know if security is being neglected. It’s quite easy to tell if a roadway is being underfunded: after a few winters, the road will be full of potholes that create hazardous conditions and require taxpayers to spend tens of thousands of dollars in repairs to their vehicles. Unfortunately, it’s not so obvious when cybersecurity is being underfunded. With recent compromises of Idaho government systems, however, we see clear signs that there are serious “potholes” in Idaho’s cybersecurity program:
- “The first indication that a hacker might have accessed personal data on the online licensing website used by Idaho Fish and Game came late on Monday, Aug. 22.”
- “The Idaho Legislature website was hacked Friday morning by an Italian anti-government group calling themselves AnonPlus.”
- “The websites for the Idaho Legislature and Idaho’s iCourt portal were hacked Friday morning by a hacktivist group called AnonPlus Italia.”
- “The weekend hacking of Idaho state treasurer websites was part of a much broader — and apparently continuing — “mischief” attack that probed websites for security holes to deface pages.”
Lieutenant Governor Brad Little has established the Idaho cybersecurity initiative to protect Idaho’s intellectual properties, state resources, and data systems, but is it working?
Knowing the importance of cybersecurity, I’ve engaged cybersecurity leaders in Idaho who have confirmed that several state websites, including the cybersecurity initiative site itself, have known, easily identifiable, and preventable vulnerabilities. My Chief Security Officer, Jerry Decime, responsibly disclosed these vulnerabilities to State Chief Information Security Officer Lance Wyatt on August 25, but as of today, September 6, they are still not resolved.
When it comes to cybersecurity, there is a very important difference between saying you care about it and actually achieving and maintaining secure online systems. As your Lieutenant Governor, I will ensure the state’s cybersecurity initiative gets the attention and support it needs to keep Idaho government systems and data safe. Let’s make #IdahoStronger and #VoteForTheVet Kristin Collum on Nov. 6th!