As Maryland knows, cybersecurity is easier than it is – Maryland issues

Governor Larry Hogan is working on national issues more and more often, so he needs to see if Maryland sets an example and leads, and then plunge into the deepest part.

Recently, Opinion piece USA TodayHogan waved that Washington was sleeping in cybersecurity and the United States was vulnerable to attacks following the widely announced Colonial Pipeline ransomware hack.

In that regard, we agree. In particular, I live in the Greater Baltimore area, where cybersecurity attacks frequently shut down critical infrastructure that affects basic daily quality of life.

President Biden recently promoted his “bipartisan leadership” on this topic. He wants to invest $ 65 billion in broadband infrastructure frameworks to provide universal, reliable and affordable coverage for all American families. After the horrific event of January 6th, I stopped holding my breath.

Hogan of CNN’s “State of the Union” said Cyber ​​security is a “big problem.” The governor then wrote an opinion piece WUSA-TV in Washington describes it as a “hurt” prosecution of federal efforts to thwart cyberattacks..

According to Hogan, both parties in parliament must be as responsible as the three presidential governments. USA Today A work that frequently characterizes cybersecurity as a “technical retrofit.” The governor further suggests that security measures should be essential to information technology and related systems.

In fact, the Governor’s own IT department is empowered to ensure that such integration takes place throughout the state government. This was an important belief in Hogan’s innovative shared solution government model during the 2014 campaign.

Still, the Maryland Department of Information Technology is not tracking important information about state government computer projects. According to the May 2020 legislative auditor.. The Legislative Audit Office found that the state’s IT department was unable to effectively monitor $ 1.6 billion in major technology development projects in the state government’s health, education, finance, commerce, transportation, and public security sectors. .. They found important information missing in the department’s status report and cases where the governor received incorrect information.

Response to the general meeting Senate When House A member of Maryland’s Chief Technology Officer and political appointee of Hogan’s second administration gave a surprising explanation with a little notice. Video conferencing NS March 2021.. IT department secretary Michael Leahy said his staff couldn’t keep up with technology.

“We just don’t have [the means] In response to a question from Senator Sarah Elfles of Annapolis, Lee Hee said. Leahy made an excuse for relying on external vendors to monitor the project.

However, auditors are interested not only in managing departmental contractors, but also in direct oversight of actual projects.

The Legislative Audit Office regularly inspects each department of the state government and works with departments and agencies to resolve issues. It’s not happening here. The issue of IT project monitoring has been documented in three separate reports over the years, a situation described by Baltimore city lawmakers as “outliers” for the state government.As before Dr. Keith Haines (D-Baltimore) saidThe unresolved findings are a vicious circle, “money keeps coming and going about who is responsible for what.”

NS Audit report from May 2020 Leahy was given another opportunity to outline corrective actions. Instead, the Chief Cabinet Secretary rejects important recommendations and adopts a narrower interpretation of his legal authority to reduce accountability. Leahy gave lawmakers only a vague guarantee that they would continue to address audit results during the March 2021 committee meeting.

Maryland’s IT department will support local government security efforts under legislation passed this year, in addition to developing the state’s cybersecurity strategy. Maryland’s IT department is also responsible for implementing major state computer development projects, from state police communications systems to election voting devices. Department duties include the development and implementation of information technology policies, procedures, and standards. This radical mission allows IT departments to flag potential security breaches before the system is operational.

Cyber ​​security is a daunting task. Experience in Baltimore in 2019 shows that the city’s basic functions failed in a ransomware attack, costing the city more than $ 18 million.

Former Mayor Bernard C. “Jack” Young quickly realized the importance of thousands of interconnected computers throughout the city government. Many required manual security software updates.

More than a year ago The city’s 911 system has been inoperable due to another cyberattack.. A ransomware invasion closed schools in Baltimore County last fall, requiring one of the largest hospitals to take electronic medical records offline.

What can cybersecurity interesteds learn from their experience in Maryland and Governor Hogan?

Cybersecurity is not as easy as it sounds.

The governor does not need to know which software is installed on every workstation of the Automobile Bureau. Or even the health department or the unemployment office. However, if the attack disrupts a major function of the government, the public wants to know that the governor is responsible, and that responsibility ceases with him.

It is unlikely until his own technician can handle major computer projects and transparently show the correct financial responsibility of the government.

— EJ MCNULTY

The writer is a healthcare policy and technology consultant. She has been a longtime Maryland Republican strategist, advocating government transparency, and was a Republican strategist in the first administration of Governor Larry Hogan. She lives in Baltimore County.She can reach at [email protected]..

Comments are closed.