Mahalo for supporting Honolulu Star-Advertiser. Enjoy this free story!
The Abercrombie administration is asking the Legislature for $120 million over the next two years to modernize the state government’s information technology systems, including armoring them against hackers.
State Rep. John Mizuno told the Star-Advertiser that state IT employees have detected probes and attacks on the state’s computer systems — attacks that he said have been traced to China, European countries and elsewhere.
Mizuno’s remarks came as The and The Wall Street Journal reported Thursday that Chinese-based hackers had infiltrated their computer systems.
RX FOR IT SYSTEMS The Abercrombie administration has requested $120 million over the next two fiscal years for information technology improvements in these five areas:
>> Infrastructure: Includes upgrades to the network and consolidation of data centers
>> Shared services: Includes establishing a shared services center, agile software development, geospatial information systems, mobile applications and unified communications environment
>> Open government: Includes upgrades and modernization of the state’s websites, open data and citizen engagement initiatives
>> Governance: Will provide management and oversight of the IT environment including staffing, development of policies, program and project management, and portfolio management
>> Security: Includes monitoring of data during transmission and in storage, cybersecurity management, and identity and access management
|
"Make no mistake, these are very sophisticated enemies we are dealing with," state Chief Information Officer Sanjeev "Sonny" Bhagowalia said in an interview Friday. "They’re ranging from states, to hackers who are doing it for profit, to insiders doing it maliciously or otherwise. It’s a combination of all these things, and that’s why we are really ramping up (our efforts)."
The $120 million funding request was drafted long before Thursday’s news about hacks of the Times and Journal computers. Cyberprobing by hackers of Hawaii’s state government systems is nothing new, Bhagowalia said. No personal or sensitive information has been compromised, he said, but probes continue to occur systemwide, with a few departments targeted more than others. He declined to be more specific.
The administration has requested $60 million in each of the next two fiscal years, those ending in June 2014 and June 2015, for information technology improvements included in a business and technology transformation plan released last October by the state Office of Information Management and Technology.
An eighth of that money would go toward addressing cybersecurity concerns, with $6.5 million in fiscal year 2014 and $8.5 million in fiscal year 2015, Bhagowalia said.
Hawaii’s cybersecurity apparatus is "in the bottom third" among U.S. states, he said.
"We’re there because we’ve got 30 years of underinvestment in technology, and you know you can’t fix that overnight," Bhagowalia said. "We’re just a couple of disasters away or breaches away from some major challenges. I’ve said that that will happen here just because of the state of the security I’ve found here."
This fiscal year Bhagowalia plans to spend $1.5 million to shore up current cybersecurity projects to "fix the little pukas and triage," he said.
Mizuno said, "It’s concerning that (hackers) were able to get through a level; that first layer of protection wasn’t good enough. They (the probes) were nothing major, but provide us with a lot of concern. That’s why we’re coming back and putting more funding into IT infrastructure."
Anthony Giandomenico, director of solutions marketing at Referentia Systems Inc., a Hawaii cybersecurity firm, said, "Probes into the state network from China are really common. The head of cybersecurity for the FBI said there are two types of companies: ones that have been hacked by China and ones that don’t know they’ve been hacked by China."
Giandomenico, whose company does work for the federal government and the energy and health care industries, said states are prime targets because "there’s a lot of sensitive information they (hackers) are looking to get."
Bhagowalia added, "Hawaii’s strategic position between Asia and the mainland U.S., I think, is of some interest. Like they say, we’re the tip of the spear. We’re on the front line."
Bhagowalia said internal threats pose an even larger problem than external threats.
"The inside threat problem is actually even more dangerous than the external one," he said. "The external ones you can kind of track. Insider breaches have happened here before, with the tax system and other cases around the world. So insider breaches can actually be more dangerous."
To further address state cybersecurity, both the state House and Senate are considering two bills, HB 767 and SB 1003, that would give the state CIO the authority to safeguard state data.
"It’s currently all over the place," Bhagowalia said. "We’re asking that it be put in someone’s kuleana and authority, with resources to make it happen."
A hearing on the Senate bill is scheduled for Tuesday at 1:15 p.m.
Other improvements to state IT systems, such as centralizing systems that are currently fragmented, will also improve security, Bhagowalia said.
"I think fewer is better and less complexity is better," he said. "When you can know exactly what you’re in control over, you have what they call the confidentiality, integrity and availability of information."
Gov. Neil Abercrombie said in a statement, "Improving the State of Hawaii’s cyber and information security posture is extremely important and my administration is addressing the issue. Under our first full-time Chief Information Officer, Sanjeev "Sonny" Bhagowalia, the state has developed a comprehensive Business and Information Technology/ Information Resource Management Transformation Plan that includes a security and privacy plan.
"The state has begun to execute the plan, but much more investment must be made in order to fully address the security issues. Sonny’s past experience with federal government security agencies gives the state a unique perspective on protecting our information assets."