South Carolina’s Department of Health and Environmental Control (SCDHEC) is catching flak for requesting $1.5 million in the upcoming state budget for cyber security enhancements.
The money was requested by SCDHEC director Catherine Templeton – who as far as we can tell has done a pretty good job cutting costs at her agency (not that taxpayers are ever going to see a dime of those savings).
Anyway, Templeton’s request has one agency watchdog bashing the agency for having to “buy their way out” of poor data protection.
“This is the true cost of ‘smaller government,'” the watchdog told FITS.
SCDHEC sources tell FITS the cyber security upgrades are intended to protect “nuclear schematics, vital records” and other important health information. They also say the initial estimate of the costs was $10 million.
Last November SCDHEC took down its website for more than a week in the wake of the massive hacking scandal which befell the administration of S.C. Gov. Nikki Haley.
***
10 comments
This article is stupid. Who the f**k writes this crap.
This article is stupid. Who the f**k writes this crap.
DHEC’s inaction and hesitation puts us all at risk. Every week, the various state agencies are probed for network weakness in an attempt to obtain access to private information. In the case of the DOR, this is valuable financial/personal data contained within taxation forms and processes. DOR was breached, but DHEC is just as valuable a target to kids in China who sell information on the secondary market, including private health information when it is available in large quantity. DHEC Taking the site down during the DOR breach was the ultimate firewall for protecting your (and my) private health information, and was a very smart move. So Will, what should you really be covering? the attempted “fix” by DOR. DOR is hiring computer geeks, with six figure salaries, to be the fall guys for the next breach. DOR SHOULD be hiring intel professionals who are not necessarily “network” people or computer guys, but who understand information security from an intelligence/counterintelligence perspective. DHEC knows it needs help in this area, but the question is will they go down the road of counterintelligence or go down the road of bringing on a computer geek instead of a military mindset when it comes to protecting information. Which approach will work? It wont’ take long for us to find out, as attempts to breach agency firewalls are pervasive and continuing non-stop. The fact that DHEC sought funding probably indicates they are following the DOR model and will rely upon computer geeks with zero training in counterintel.
DHEC’s inaction and hesitation puts us all at risk. Every week, the various state agencies are probed for network weakness in an attempt to obtain access to private information. In the case of the DOR, this is valuable financial/personal data contained within taxation forms and processes. DOR was breached, but DHEC is just as valuable a target to kids in China who sell information on the secondary market, including private health information when it is available in large quantity. DHEC Taking the site down during the DOR breach was the ultimate firewall for protecting your (and my) private health information, and was a very smart move. So Will, what should you really be covering? the attempted “fix” by DOR. DOR is hiring computer geeks, with six figure salaries, to be the fall guys for the next breach. DOR SHOULD be hiring intel professionals who are not necessarily “network” people or computer guys, but who understand information security from an intelligence/counterintelligence perspective. DHEC knows it needs help in this area, but the question is will they go down the road of counterintelligence or go down the road of bringing on a computer geek instead of a military mindset when it comes to protecting information. Which approach will work? It wont’ take long for us to find out, as attempts to breach agency firewalls are pervasive and continuing non-stop. The fact that DHEC sought funding probably indicates they are following the DOR model and will rely upon computer geeks with zero training in counterintel.
I can assure you 1.5 million isn’t a lot when it comes to network security, depending on the depth of the security needs. Their request deserves a bit of scrutiny to make sure they aren’t blowing money on something dumb, but otherwise I think the lesson of SCDOR is to pay the up-front cost of good IT personnel and the things they require to do their jobs, or pay for the eventual and inevitable cost of a breach.
I can assure you 1.5 million isn’t a lot when it comes to network security, depending on the depth of the security needs. Their request deserves a bit of scrutiny to make sure they aren’t blowing money on something dumb, but otherwise I think the lesson of SCDOR is to pay the up-front cost of good IT personnel and the things they require to do their jobs, or pay for the eventual and inevitable cost of a breach.
Surely states and/or state agencies have gotten funds from Homeland Security to protect “nuclear schematics, vital records’” and other important health information” against cyber attack.
What have they done with it?
THAT’S a story waiting to be investigated.
Surely states and/or state agencies have gotten funds from Homeland Security to protect “nuclear schematics, vital records’” and other important health information” against cyber attack.
What have they done with it?
THAT’S a story waiting to be investigated.
The money was requested by SCDHEC director Catherine Templeton – who as far as we can tell has done a pretty good job cutting costs at her agency!! copied yea right cutting cost. If you can count the number of employee that have left DHEC since she took over I guess you can say she has cut cost.
The money was requested by SCDHEC director Catherine Templeton – who as far as we can tell has done a pretty good job cutting costs at her agency!! copied yea right cutting cost. If you can count the number of employee that have left DHEC since she took over I guess you can say she has cut cost.