Dec 12, 2012 8:33 PM by Marnee Banks (firstname.lastname@example.org)
The State of Montana says its computer network is secure and taxpayer's private information is safe. However, one former state employee is concerned about the safety of confidential information.
Robin Jackson used to run the Montana Department of Labor's IT division. He now owns a private firm in Helena which helps businesses protect against hackers.
In a presentation at Montana's IT conference he said there are weaknesses to the state's network.
"The State of Montana is a big target, it's probed and tested continually by a bunch of people with different motivations," Jackson says.
It's everything from hobby hackers to sophisticated hackers from Russia and China, Jackson says.
"For the most part, I think the State of Montana's network is secure from casual attempts to try and enter it. But like I said in my presentation, if you have data that people want, they will spend the time and invest the effort to get that data," Jackson explains.
The State's network contains everything from personal tax records, to business filings, & criminal investigation information.
The State's Information Systems Security Officer Lynne Pizzini says the State of Montana has a decentralized security system. Each agency essentially runs its own security with support & some coordination from the Montana Department of Administration.
"From my perspective, the only safe environment is one that's unplugged. But we can't survive that way in this day and age everything needs to be plugged in," Pizzini says. "So we have to put in place those protections to minimize the risk."
Pizzini says just last month the state successfully protected taxpayer data from 900 million hacking attempts. Pizzini says it's hard to know how many successful attempts there are because each agency tracks that data separately.
Jackson says he remembers one troubling incident in particular.
"In 2011 we had a proliferation of Russian crimeware, spyeye. ZEUS was running through the network and wasn't able to be identified readily. A 23% detection rate," Jackson recalls.
He says these incidents need to be reported to law enforcement.
Pizzini couldn't comment about how breaches are handled other than to say if someone's personal information has been compromised the state will contact that person immediately.
"We take security and the protection of data very seriously," Pizzini says. "We want to ensure that data is protected as best as it can. I think we do a really good job of doing that by mitigating our risks."
Jackson says increased funding could help address the problems but it typically isn't a high priority when the Legislature meets. But he says when compared to the risks, it's a worthy investment.