South Carolina hardens cyber-security focus
COLUMBIA – Gov. Nikki Haley wants to be judged by how she handled the aftermath of the nation’s largest ever hacking of state computers, not by the hacking.
To read previous coverage of the “Hacked: South Carolina taxpayers at risk” series, go to postandcourier.com/hacked.
That was a key message in a specially called Cabinet meeting Tuesday to showcase her administration’s increase in state cyber-security since last year’s loss of 5.7 million individual taxpayers’ Social Security numbers from Revenue Department computers. The financial data of 700,000 businesses also were stolen.
Haley characterized the hacking as “a debacle,” and said that at the time, her departments were focused on customer service. Now, she said, “We’re all about security.”
To highlight that shift, she devoted the main part of the meeting to a briefing on security upgrades made by Revenue Director Bill Blume, who she appointed to take over the troubled agency after the breach. Haley said she wanted the other departments to model their upgrades on what Blume has done at Revenue.
Blume said he layered security in four major areas: to make the department’s culture security-first, to cut off outside access, to upgrade security technology and to monitor constantly.
The Department of Revenue’s computers were breached last August by a hacker who managed to get a department worker to open an email that was able to steal the worker’s username and password. The next month, the hacker used that information to download the taxpayer and business information.
Cutting off such access is critical, Blume said. It takes both better security training for every worker and better layered computer security devices to head off such an attack. “If you rob a bank and you can’t get in, you can’t get the money,” Blume said.
Haley credited Blume with doing a “stellar job” of making Revenue the state’s leader in security.
Officials with the state’s Division of State Information Technology followed Blume and outlined how the state is going to consolidate and coordinate computer and information security, with a goal of bringing most agencies fully into the new security world by sometime next year. Most of the organizational work has been completed and departments and agencies will be phased in during the coming months, the officials said.
In addition, they said, the data and information the state maintains would be evaluated and categorized into four main classifications: public, internal, confidential and restricted, to provide for more consistency and coordinated control.
Haley said she would be issuing directives to bring all of the agencies in her Cabinet in line with the security measures pioneered by Blume. She said security would be a continually evolving process and cautioned all of her department and agency heads to evaluate their security teams to make sure the best people are in place.
“If you don’t have top of the line key IT and security people, get rid of them,” she said.
Reach Doug Pardue at 937-5558