Texas and New York City took top awards for state and local government, respectively, during this year’s Cybersecurity Leadership and Innovation Awards.
The awards program — hosted by the Center for Digital Government, the research and advisory arm of Government Technology’s parent company, and underwritten by McAfee — recognizes government and education agencies for their efforts in the field of cybersecurity technology services.
The award recipients, which were chosen by an evaluation committee, were recognized during an awards dinner and ceremony at the annual McAfee FOCUS conference on Tuesday, Oct. 23.
This year, five government entities and one individual were awarded for their efforts in cybersecurity. The recipients are as follows:
- State Government: Texas
- City Government: New York City
- Education: Georgia State University
- Special Award: Tampa, Fla.
- Collaboration Award: Seattle
- Leadership Award: Corey Cush, assistant vice president of infrastructure services, New York City Health and Hospitals Corp.
New York City developed an information security cloud through a partnership with McAfee nearly a year and a half ago, and since has realized costs savings of $18 million. According to Dan Srebnick, the city’s chief information security officer, New York City’s security cloud is fully implemented in 43 agencies and is being implemented in five additional agencies. As a result, the city now has direct visibility into 73,000 endpoints.
But cybersecurity in New York City has had its challenges, Srebnick said.
“The world is engaged in a global cyberwar,” Srebnick said. “All of government including state and local are targets, and it’s a very challenging environment.”
But to prevent cybersecurity challenges in the future, Srebnick suggested that other city governments strive to create a “risk-aware culture” in which all levels of management are aware of risk, thus enabling better decision-making.
Texas earned the gold standard for the state government category because of its efforts to develop, in partnership with AT&T, the Security Event and Threat Analysis (SETA) services, a cloud-based platform that provides Texas state agencies with 24/7 security monitoring, security incident alerts, archival of incidents and individualized incident response plans.
“We have really focused on ensuring that their networks and traffic patterns are aligned with all the security procedures and methodologies that are established, and best practices that we set for the state,” said John Hoffman, a spokesman for the Texas Department of Information Resources.
He said moving forward, Texas plans to continue improving cybersecurity within the state by expanding the SETA platform to customers, assessing their needs and expanding the state’s cybersecurity program to meet their challenges.
In the collaboration category, Seattle earned top marks with its Public Regional Information Security Event Management (PRISEM) system, which was developed in 2008 through a public-private partnership of state agencies, local governments, universities, private-sector partners and the U.S. Department of Homeland Security. Six maritime ports will be added to the partnership in the future.
PRISEM is an online, early warning system that aggregates and analyzes real-time and cyberevent information across the Puget Sound metropolitan area.
According to Mike Hamilton, Seattle’s chief information security officer, PRISEM is a centralized system for all the jurisdictions in Seattle to enter their firewall logs and intrusion detection events so that the city can look at the attack surface of the entire region.
Hamilton said Seattle is the only jurisdiction that’s been able to get a platform like PRISEM to function due to general reluctance to share data. Extending cybersecurity efforts through collaboration across multiple jurisdictions can be challenging when the private sector is involved because it may not always be inclined to divulge data to government.
So what can other cities do to better prepare for cybersecurity attacks?
“Local government in general needs to get some religion around the whole cybersecurity issue because most local governments have IT staff of just a few people,” Hamilton said. “And so nobody has allocated resources to do anything around information security.”
For more information on the awards, visit the Center for Digital Government.