SACRAMENTO, Calif. -- The nation needs to do a better job of protecting critical infrastructure from cyber-threats, Mark Weatherford, chief security information officer of California, said Thursday at a security summit at Government Technology's Conference on California's Future in Sacramento.

Weatherford outlined ambitious plans for California in hopes that the state can lead the way in the steep climb to protect critical assets from cyber-terrorists.

Weatherford said 90 percent of all Web applications have at least one vulnerability, and the goal for California is to develop a standard methodology for testing the security of computing platforms. "We need consistency, and we need to build everything on an enterprise model, one platform," he said.

To facilitate that consistency throughout the state, Weatherford said he is working with Microsoft to develop a standardized desktop configuration.

Weatherford outlined the state's announcement this week that as part of Gov. Arnold Schwarzenegger's IT consolidation plan, the Department of Technology Services; Office of Information Security and Privacy Protection; and the Telecommunications Division of the Department of General Services would be absorbed into the Office of the Chief Information Officer.

Weatherford said the state has $7 billion worth of IT projects under way, and he'd like to see a cadre of security engineers involved in those deployments as they occur to avoid problems later. Other goals Weatherford outlined for the state included:

  • an enterprise threat vulnerability management program;
  • an automated incident response reporting system to report breaches;and
  • a security operations center for the whole state.

Read Mark Weatherford's blog, Securing GovSpace.

Jim McKay, Justice and Public Safety Editor  |  Justice and Public Safety Editor