Cybersecurity Is a Major Focus in California’s 2015 Strategic Plan Update

The Department of Technology has submitted to the Brown administration its 2015 update to the California’s Statewide Information Technology (IT) Strategic Plan. The document presents California’s strategic vision for technology initiatives.

State CIO Carlos Ramos told TechWirethat this year’s update provides more information and focus on what the department is doing to achieve its strategic goals, and adds emphasis to what’s being done to reduce the risk of project failures. He also said the plan recognizes the state is moving into newer technologies such as cloud computing and mobility that enable collaboration and allow for different ways of purchasing products and services.

In short, the six strategic goals in the plan are:

Responsive, Accessible, and Mobile Government
Leadership and Collaboration
Efficient and Reliable Infrastructure and Services
Secured Information
Capable IT Workforce
Responsive and Effective IT Project Procurement

Ramos said that cybersecurity, work force development and cloud were particular areas of strength in the 2014 strategic plan update. “Coincidentally, they’re also ones we’re going to have even more of a focus on in the coming year,” he said. Ramos spoke in-depth about the state’s cybersecurity efforts.

“I think the state is a leader in the area of cybersecurity in the public sector. We’ve done a lot of partnering with the private sector to enhance our security posture,” Ramos said. “We are learning lessons from other people who have gone through bad situations, whether it’s the private sector, working with the federal government, FBI, or military. We’ve strengthened California’s security posture overall.”

But the threat of cyberattacks and breaches is intensifying, evolving and won’t go away. “It’s an area we have to keep focused on,” Ramos said.

In 2014 California established a public-private cybersecurity task force where government at all levels are connecting to plan out how to improve Californians’ cyber-posture. Ramos expects the group will publish its strategy this year.

California also has partnered with the California Military Department’s Computer Network Defense team, which is available to do security assessments for state departments on a consulting basis. They’re now available as a service through CalTech.

Ramos also said the state will start doing security compliance audits in 2015. The past few years, the Department of Technology has been getting ready for these audits by updating and modernizing policies and providing training to agencies and departments. This will be the first year for the actual compliance audits. Ramos said the audits will help beef up California’s cyber defense.

During the past few months the department’s Information Security Office has hired staff to do the audits, and Ramos said they will hit the ground in 2015.

Ramos said he is encouraged by the state’s level of commitment to security, and he said attitudes have changed since he began his career with the state.

“People talked about it but nobody really did anything about it back in the day. Now it’s top of mind, and it’s not just the techies who are thinking about it. You also have policymakers and people at the very top that run departments [who are] worried about it and thinking about it, and making investments in improving our posture,” Ramos said.

Ramos said California’s IT strategic plan is iterative and meant to be a guidepost for the state. “It’s our job to lay out the strategy, and it’s up to the departments to execute on it, and they are doing that and being successful at it,” he said.

No comments:

Post a Comment