Cyber Terrorism: No Longer Fiction
The Sept. 11 terrorist attacks have convinced state government officials to focus more attention on securing their computer networks and protecting them from potential cyberattacks.
While lawmakers are introducing legislation with severe penalties for those who attempt to undermine government computer networks, cybersecurity experts say states need to include information systems security in their budgets.
Larry Kettlewell, chief information security officer for Kansas and a member of the National Association of State Information Executives (NASCIO) security and liability team, says states spend about 4 percent to 6 percent of their budgets on IT systems and spend a fraction of that percentage on securing the IT systems.
Cybersecurity experts point out that a state can make an effort to secure its systems, but an interconnection with an agency or vendor that does not maintain the same level of security would make the systems vulnerable to intrusion.
Kettlewell adds that training is key to securing state computer systems. “When you take into consideration something like Microsoft’s Windows 2000, with servers that are the next technological step up, there are not many states with on-staff technicians who have the training or background to understand these systems from beginning to end,” Kettlewell explains.
William Pelgrin, director of the New York State Cyber Security and Critical Infrastructures Coordinating Initiative, says physical and cybersecurity is one and the same, adding that policing a public waterworks should include monitoring and protecting the computer systems of the facility.
Other cybersecurity experts say cyberattack drills, similar to the exercises state governments conducted to prepare for Y2K, are needed.
Abstracted by the National Law Enforcement and Corrections Technology Center(NLECTC) fromState Legislatures (05/03) Vol. 29, No. 5, P. 22; Boulard, Garry.