Under attack in the states

Michigan portal helps workers e-learn cybersecurity awareness

Michigan opened a Web portal last month that will give state employees access to computer and Internet security awareness programs.

Dan Lohrmann, Michigan's chief information security officer (CISO), said the portal is part of a larger effort to improve the state's computer network security by educating employees about proper security procedures and practices.

Cybersecurity has emerged as a major concern among state chief information officers, who say their networks are increasingly under attack. It's "definitely the thing that keeps us up at night," said Tom Jarrett, Delaware's CIO and president of the National Association of State CIOs (NASCIO).

Since Lohrmann's CISO position was created three years ago in Michigan's Information Technology Department, state officials have coordinated efforts to reduce their computer systems' vulnerability. Their efforts have included a six-month review of methods to improve security through training and awareness programs.

The state's employees now receive one hour of computer and Internet security training each year. Lohrmann said that although one hour is not much, it raises employees' awareness of cybersecurity risks, he said.

A few years ago, state officials had to fire several student interns because they were using peer-to-peer file-sharing applications.

"We have targeted training plans for different roles," Lohrmann said. "If I'm the systems administrator, I go through different training than if I'm a secretary. Some is mandatory and some is optional," depending on the training plan that a manager sets up for each employee.

Lohrmann said cybersecurity is a constant challenge because new threats continue to emerge. In addition to firewalls and other protective technologies, Michigan officials use special software to block spyware and about 100,000 spam messages daily.

In a state where 50,000 employees have e-mail accounts, 100,000 fewer spam messages isn't much of a reduction, Lohrmann said. But even that amount has made a difference in employees' productivity.

Chris Dixon, NASCIO's issues coordinator, said Michigan is a leader in improving cybersecurity, especially through its security awareness training programs. Michigan has an easier challenge because the state's centralized IT Department can set and enforce cybersecurity policies and practices statewide, he said.

Most states lack such an organization, but each addresses cybersecurity in some way, Dixon said. Many states, however, lack sufficient training and education programs.

"In many states, that [requires] a level of maturity beyond where they probably are right now," Dixon said.

Lohrmann offered a mixed picture of states' cybersecurity readiness. Many states face budget pressures, forcing them to do more with less. And few state officials think holistically about cybersecurity, he said.

Lohrmann remembers when he worked for the National Security Agency, where people would say — and mean — "Security is our middle name."

State government is not quite there yet, he said.

What do you know?

Michigan's Information Technology Department has developed several online multiple-choice and true/false quizzes to raise employees' awareness about cybersecurity. The questions below are taken from an advanced quiz. To take the test, visit Michigan's cybersecurity Web site at www.michigan.gov/cybersecurity. Find the answers on FCW.com Download's DataCall at www.fcw.com/download.

  • What protocol ensures privacy between communicating applications and their users on the Internet?
  • This standard being developed by IBM, Microsoft, Novell and others will allow different manufacturers' biometric software to interact. What is it?
  • What governs the type of traffic that is and is not allowed through a firewall?
  • What is the term for an attempt to determine valid e-mail addresses associated with an e-mail server so they can be added to a spam database?
  • This two-level scheme for authenticating network users functions as part of the Web's Hypertext Transfer Protocol.
  • — Dibya Sarkar

    FCW in Print

    In the latest issue: Looking back on three decades of big stories in federal IT.

    Featured

    • FCW @ 30 GPS

      FCW @ 30

      Since 1996, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

    • Shutterstock image.

      A 'minibus' appropriations package could be in the cards

      A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

    • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

      DOD launches new tech hub in Austin

      The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

    • Shutterstock image.

      Merged IT modernization bill punts on funding

      A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

    • General Frost

      Army wants cyber capability everywhere

      The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

    • Rising Star 2013

      Meet the 2016 Rising Stars

      FCW honors 30 early-career leaders in federal IT.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group