Under attack in the states

Michigan portal helps workers e-learn cybersecurity awareness

Michigan opened a Web portal last month that will give state employees access to computer and Internet security awareness programs.

Dan Lohrmann, Michigan's chief information security officer (CISO), said the portal is part of a larger effort to improve the state's computer network security by educating employees about proper security procedures and practices.

Cybersecurity has emerged as a major concern among state chief information officers, who say their networks are increasingly under attack. It's "definitely the thing that keeps us up at night," said Tom Jarrett, Delaware's CIO and president of the National Association of State CIOs (NASCIO).

Since Lohrmann's CISO position was created three years ago in Michigan's Information Technology Department, state officials have coordinated efforts to reduce their computer systems' vulnerability. Their efforts have included a six-month review of methods to improve security through training and awareness programs.

The state's employees now receive one hour of computer and Internet security training each year. Lohrmann said that although one hour is not much, it raises employees' awareness of cybersecurity risks, he said.

A few years ago, state officials had to fire several student interns because they were using peer-to-peer file-sharing applications.

"We have targeted training plans for different roles," Lohrmann said. "If I'm the systems administrator, I go through different training than if I'm a secretary. Some is mandatory and some is optional," depending on the training plan that a manager sets up for each employee.

Lohrmann said cybersecurity is a constant challenge because new threats continue to emerge. In addition to firewalls and other protective technologies, Michigan officials use special software to block spyware and about 100,000 spam messages daily.

In a state where 50,000 employees have e-mail accounts, 100,000 fewer spam messages isn't much of a reduction, Lohrmann said. But even that amount has made a difference in employees' productivity.

Chris Dixon, NASCIO's issues coordinator, said Michigan is a leader in improving cybersecurity, especially through its security awareness training programs. Michigan has an easier challenge because the state's centralized IT Department can set and enforce cybersecurity policies and practices statewide, he said.

Most states lack such an organization, but each addresses cybersecurity in some way, Dixon said. Many states, however, lack sufficient training and education programs.

"In many states, that [requires] a level of maturity beyond where they probably are right now," Dixon said.

Lohrmann offered a mixed picture of states' cybersecurity readiness. Many states face budget pressures, forcing them to do more with less. And few state officials think holistically about cybersecurity, he said.

Lohrmann remembers when he worked for the National Security Agency, where people would say — and mean — "Security is our middle name."

State government is not quite there yet, he said.

What do you know?

Michigan's Information Technology Department has developed several online multiple-choice and true/false quizzes to raise employees' awareness about cybersecurity. The questions below are taken from an advanced quiz. To take the test, visit Michigan's cybersecurity Web site at www.michigan.gov/cybersecurity. Find the answers on FCW.com Download's DataCall at www.fcw.com/download.

  • What protocol ensures privacy between communicating applications and their users on the Internet?
  • This standard being developed by IBM, Microsoft, Novell and others will allow different manufacturers' biometric software to interact. What is it?
  • What governs the type of traffic that is and is not allowed through a firewall?
  • What is the term for an attempt to determine valid e-mail addresses associated with an e-mail server so they can be added to a spam database?
  • This two-level scheme for authenticating network users functions as part of the Web's Hypertext Transfer Protocol.
  • — Dibya Sarkar

    Featured

    • Telecommunications
      Stock photo ID: 658810513 By asharkyu

      GSA extends EIS deadline to 2023

      Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

    • Workforce
      Shutterstock image ID: 569172169 By Zenzen

      OMB looks to retrain feds to fill cyber needs

      The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

    • Acquisition
      GSA Headquarters (Photo by Rena Schild/Shutterstock)

      GSA to consolidate multiple award schedules

      The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

    Stay Connected

    FCW Update

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.