Inspector General: Statewide computer security lacking

The state needs a comprehensive approach to dealing with cyber-security to prevent another massive breach like the one that resulted in millions of taxpayer records being stolen from the Department of Revenue.

That's one of the findings contained an interim report released Tuesday by state Inspector General Patrick Maley. The 18-page document is the result of interviews Maley's office conducted with computer specialists from 18 state agencies and a number of outside sources.

Maley found that South Carolina's government has a decentralized approach to cyber-security, with no one entity “with the authority, or responsibility, to provide leadership, standards, policies and oversight.” This puts the state at an inherent disadvantage in protecting its systems and data, the report states.

Those interviewed were in almost complete agreement that the state's current approach to cyber-security is inadequate and that a more standardized approach is needed, the report found.

The review also found South Carolina is not alone. A 2012 survey of state chief information officers around the nation determined that only 24 percent were very confident in their ability to protect information from external threats, the report states.

Among other things, the report recommends:

Establishing a statewide security program for protecting information from hackers.

Creating a chief information security officer position to lead the development and implementation of a statewide protection program.

Establishing a steering committee of experts to help with development of a security program.

Hiring an outside consultant to help the state develop a framework for enacting an improved system for dealing with hacking threats.

Maley's report comes in the wake of a massive hack at the state Department of Revenue that resulted in the theft of records of 3.8 million individual taxpayers, 1.9 million dependents, 699,900 businesses, 3.3 million bank accounts and 5,000 credit card accounts that are now expired.

Experts have warned that the information could be used to steal identities, make fraudulent purchases, raid bank accounts and more.

Cybersecurity firm Mandiant has said it thinks the breach stems from an Aug. 13 malicious email sent to multiple Revenue Department employees.

At least one of the employees clicked the link in the email, unknowingly executing malicious software and compromising the database, according to the company.

The two central faults in the attack, Gov. Nikki Haley has said, were that the Revenue Department didn't have dual verification to get into its system, and that Social Security numbers were unencrypted.

Comments { }

Postandcourier.com is pleased to offer readers the enhanced ability to comment on stories. We expect our readers to engage in lively, yet civil discourse. Postandcourier.com does not edit user submitted statements and we cannot promise that readers will not occasionally find offensive or inaccurate comments posted in the comments area. Responsibility for the statements posted lies with the person submitting the comment, not postandcourier.com. If you find a comment that is objectionable, please click "report abuse" and we will review it for possible removal. Please be reminded, however, that in accordance with our Terms of Use and federal law, we are under no obligation to remove any third party comments posted on our website. Read our full Terms and Conditions.