• State Security Scorecard Astounding Improvements Labeled a Team Effort

    October 3rd, 2017 by admin Categories: Blogs Tags: , , , ,

    It cannot be overstated just how grim things looked back in February 2016 after a blistering Legislative Hearing before the Assembly Select Committee on Cybersecurity eventually leading to significant changes in state CISO office leadership. It was apparent at the time that there was not too much progress since State Auditor Elaine Howle blasted the State of California over its poor cybersecurity performance in her August 2015 audit.

    So it was remarkable and very assuring to see the May 2017 security scorecard published by the new State CISO Peter Liebert. The report declared that 97 out of 101 departments had submitted all required filings. Only a scant few were “at risk,” and none were in the red. This is a very promising turn of events, although it’s still not quite clear what spawned such drastic and welcomed change.

    When asked, State CIO Amy Tong said the positive momentum is due to a “major push” from a core group that includes the “governor’s office, partners at the office of emergency services, CHP,  the military departments.” Tong said the California Cybersecurity Integration Center also played a role in bringing everyone together and honing in on the issues holding up progress.

    While teamwork can certainly make the dream work, it would be nice to know the specifics of how so many departments seem to have quickly moved onto the path of complete security compliance.

    Elaine Howle lamented that “poor form design” was a serious issue, causing departments to over-report and overestimate their level of security compliance. Did the CDT update the forms departments used for self-reporting? We’re unaware if the forms were changed, but adjustments would definitely make sense, allowing self-reporting efforts to go more smoothly thanks to improved accuracy.

    Finally, is another audit right around the corner? With so much upheaval after the 2015 report, it seems only natural that the State Auditor’s office would revisit the issue sooner rather than later. While it’s heartening to see 98 percent of departments taking security reporting seriously, it’s all the more important for an updated report to reveal exactly how much improvement has taken place, as well as reveal where additional improvements should be made. With dozens of departments apparently poised to hit cybersecurity compliance years ahead of schedule, a detailed audit would certainly reveal helpful details about how that happened.

    Attempts were made to reach out to the State Auditor’s office about the questions raised in this article. We were unsuccessful in obtaining a reply prior to publication, but hopefully we’ll be able to shed some light on these issues in the near future.

    by Toni Matthews – El, TLTVnews Reporter

    Anonymous Commenting is Welcome. To have your name or website appear with your comment, fill out the form below. All Comments are moderated to prevent spam. Thanks for joining in the discussion!