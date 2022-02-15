Barely recovering from a 2021 security breach, thousands of Washingtonians were notified last week that their personal data has been compromised again. This time, it was a breach of the Department of Licensing’s records system.
With cyberwarfare becoming increasingly commonplace, it is high time to strengthen and expand the methods government agencies use to combat this threat. As we know, any attack on critical infrastructure, digital or not, disrupts not only the affected sector but the many other sectors connected to it. In the DOL’s case, professionals and businesses looking to renew their operating licenses, not to mention the approximately 650,000 people whose information has been compromised.
Back in 2020 State Auditor Pat McCarthy won a second term based on her extensive experience and promises to expand cybersecurity auditing. Then, in 2021, McCarthy’s office announced that one of its IT vendors, Accellion, experienced a major breach, exposing over 1.3 million state residents to potential fraud. The kicker: Though Accellion detected the breach at the end of December 2020, the auditor’s office was notified Jan. 12, 2021, and a public announcement was not made until Feb. 1, 2021.
This ridiculous notification delay prolonged the ordeal of state residents and prompted the crafting and unanimous passing of Senate Bill 5432. Approved in Feb. 2021, this legislation created a state Office of Cybersecurity within the Office of the Chief Information Officer to set security policies and develop centralized protocols for managing the state’s information technology assets.
“Cybersecurity is not a luxury, it’s central to government’s obligation to manage data wisely and effectively,” said Sen. Reuven Carlyle (D-Seattle), the bill’s sponsor. “We need to follow global best practices in terms of data management, oversight and technology. This bill strengthens our approach and is a vital step forward. We know from the State Auditor data breach that this information is highly sensitive and valuable and the state’s obligation to the public is paramount.”
But a year later, after another security breach, we question if forming another department is enough.
Yes, global best practices and protocols have been centralized on a state level but has it made a difference? Even on a national level, cybersecurity does not seem to be a priority.
Last year, budgeting for cybersecurity spending in both public and private sectors increased only slightly and out of the dozens of executive orders signed by President Joe Biden, only two addressed cybersecurity.
As Biden put it in his May 2021 executive order on cybersecurity: “In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.”
With at least two major security breaches publicly announced in Washington, trust is dangerously low.
If we are to adapt to the changing landscape of cyberwarfare, our response needs to be more than establishing new rules and regulations and departments to oversee them.