What Is Government's Responsibility When a Breach Hits?

Alaska’s inaugural CISO Shannon Lawson and CIO Bill Vajda weigh in on what government should do in the event of a cyberincident.

by / October 3, 2017

AUSTIN, Texas — Some of the criticism of Equifax's handling of its recent data breach centered around the time that passed between when the company first became aware of the incident and when the news got out months later. CIOs at the annual NASCIO conference in Austin this week offered their takes on the fallout from the breach. 

"It's something that shakes all organizations to the core, government in particular," said Alaska CIO Bill Vajda. 

But what are the rules when it comes to notifying customers that their data has been exposed?

"Communication is really important when you're talking about breaches or incidents," said Lynne Pizzini, Montana chief information security officer (CISO), in an interview with Government Technology. "I believe organizations really do need to have a very firm plan on how they're going to carry out any type of notification after an incident."

Vajda, joined by Alaska's newly named (and first ever) CISO Shannon Lawson, explained the responsibility of the public sector when a cyberincident takes place.

Noelle Knell Editor

Government Technology editor Noelle Knell has more than 15 years of writing and editing experience, covering public projects, transportation, business and technology. A California native, she has worked in both state and local government, and is a graduate of the University of California, Davis, with majors in political science and American history. She can be reached via email and on Twitter.