State cybersecurity office bill introduced after breach

A major data breach in Washington state led to the introduction of a bill creating the Office of CyberSecurity by state Sen. Reuven Carlyle, who represents Washington’s 36th Legislative District. 

According to the Office of the Washington State Auditor’s press release, the breach exposed personal information from 1.6 million unemployment claims, such as names, social security numbers, bank information, places of employment and state identification numbers. 

The data breach occurred in December, and the bill was introduced on Feb. 8, according to the bill.

Kayne McGladrey, a global cybersecurity strategist, said the state auditor’s office had been investigating fraudulent unemployment claims. 

The state auditor’s office was notified by their firewall, Accellion, of a security incident the month before, according to the press release

McGladrey said the state had been running on an outdated piece of technology and a hacker discovered Accellion was easily penetrable.

The primary duties of the Office of CyberSecurity are to establish security standards and policies and develop a centralized cybersecurity protocol for managing state IT assets, according to the Senate Bill Report.

Centralizing information, McGladrey said, will allow organizations that lack cybersecurity to adopt the appropriate technologies.

“Cybersecurity is important because it protects valuable data systems from corruption,” said David Hirsch, a network security specialist at Boeing.  

A determined adversary could get into a system and destroy data, or use that data as their own, Hirsch said. 

According to the bill report, the Office of CyberSecurity’s standards would require governmental bodies to adhere to them.

“If the audit identifies any failure to comply with standards or any other material cybersecurity risk, [the office] must require the agency to implement a plan to resolve the failure and monitor compliance,” according to the bill report.

Hirsch said the new cybersecurity office’s mandate to bring all agencies to a minimum level of security is important because many organizations don’t have the budget for cybersecurity staff.

An issue with the bill is the new incident response, Hirsch said, which requires excess time and money within a mandatory 24-hour period to notify the office of a breach.

Most government agencies won’t notice a breach within 24 hours, McGladrey said, and they can even last up to 90 days until someone notices. 

“Hackers can wipe files off hard drives, create industrial accidents and even shut off things in a manufacturing facility,” McGladrey said.

The office would also investigate the breach’s degree of severity and would serve as the state’s point of contact for all major cybersecurity incidents, according to the bill report.

 Although cybersecurity is crucial in state government, breaches can also happen to Bellingham residents, like Western Washington University student Zak Deutschman. 

Deutschman was scammed out of $1,871 when applying to dMining-technology for an internship via Google Jobs, he said. 

Shortly after Deutschman applied, he was contacted by ‘recruiters’ from dMining-technology and was told to send a check to cover his training materials for the internship. He paid the company via PayPal and then asked for the ‘senior recruiter’ to verify that she was part of the company and she couldn’t. Since then, Deutschman has looked into the company staff on their website and has found that a lot of them don’t have any connection to dMining-technology. Deutschman has not been able to retrieve his money after realizing he had been scammed.

“This entire week I have been trying to contact anyone that will listen and no one has been able to help me,” Deutschman said. “This was an extremely intricate scam.”

McGladrey finds an increased need in cybersecurity as the pandemic has forced an increase in online resources.

“Cybersecurity is a way of protecting our friends, family, and communities from financial losses and the loss of their privacy,” McGladrey said.

As of Feb. 18, the bill introducing the state Office of CyberSecurity is on the senate floor, according to the Washington State Legislature.


Posted

in

by