Lucas Ropek is a staff writer for Government Technology. He has worked as a newspaper reporter and writer in Massachusetts and New York. He received his Bachelor's degree in English from Kenyon College in Ohio. He lives in Northern California.
NASCIO has released its biennial study of state-level cybersecurity and while the pandemic has brought new threats, the report’s author says there has never been a better moment for CISOs to show their importance.
Federal agencies are warning that a recent wave of intrusion attempts by hackers are targeting state and local governments. Some of the attacks appear to have led to unauthorized access to election support systems.
Bracing for a potential swell in foreign interference, the Centennial State has brought on a new team of national security experts to monitor and mitigate potential threats against county election systems.
Unchecked surveillance concerns forced the state's public safety agency to re-evaluate how it uses biometric technology with a focus on a more transparent, audit-ready process, bolstered by implicit bias training.
Outsourcing government IT services to a number of smaller companies, rather than the monolithic contracts of the past, has become common practice, but ensuring all those contractors are secure is an ongoing challenge.
A large campaign launched by a single hacking group has managed to infiltrate multiple agencies within the Washington state government, according to reports. Ransomware does not appear to be involved, officials say.
The adoption of a new statewide threat intelligence platform will enable Oklahoma's IT agency to better share information about bad actors with the other public entities throughout the state.
New investigative tools may help average law enforcement agencies more effectively track criminal activity made profitable through cryptocurrency. This includes ransomware schemes and other popular hacks.
The Texas Department of Information Resources has negotiated a partnership with cybersecurity firm FireEye and will now be able to offer affordable security services to state and local agencies.
A new report from the Brennan Center explores how online disinformation has become a tool of voter suppression and what government and voting rights advocates can do to defend the election process.
As governments seek to harden their security posture in the run-up to the U.S. presidential election, a new partnership has helped launch a security service available to certain state, local and territorial governments.
Of all the cyberattacks that affect state and local governments, ransomware is one of the most ubiquitous and costly. Now security researchers fear it could also become a political weapon in the upcoming election.
As the U.S. rushes to lead in 5G deployment, the nation's top federal risk adviser has released its strategic vision for securing the new infrastructure. That vision focuses heavily on shareholder collaboration.
Jamie Grant, who has worked in health-care IT and has served as a state representative since 2010, will be the new IT lead for the state of Florida, the governor's office announced Thursday.
There is agreement on both sides of the aisle that an expansion of the Cybersecurity and Infrastructure Security Agency (CISA) would benefit state and local efforts. There isn't consensus on just how that should happen.
New vendor research reinforces the notion that COVID-19 is giving hackers an edge. After a brief dip in successful attacks on public entities at the beginning of the pandemic, attacks appear to be increasing and evolving.
Sacks, Indiana's CISO since 2017, quietly left the Office of Information Technology in March. He has been replaced by interim CISO Hemant Jain, who had been serving as the state's director of security operations.
As civil liberty groups have lobbied for police reforms nationwide, an increasingly hostile regulatory landscape is emerging for facial recognition technology. It throws into question whether there is a path forward for its use by state and local governments.
Eric Roche, who has served as the Kansas City, Mo., chief data officer since 2015, has started a new position as the budget officer for the city of Pearland, Texas. He announced the career move Monday via Twitter.
A recent torrent of disinformation seems to have inflamed much of the civil unrest inspired by the police killing of George Floyd. Much of the disinformation was "anti-government" in nature, a new report suggests.
Hackers claim they stole data from the Cooke County Sheriff’s Office and are threatening to publish it online if their demands are not met. Attacks of this kind are trending across the country.
The IT veteran and former New Jersey state CIO said a new private-sector role with a large technology company will have him working alongside state and local government on enterprise projects.
A collaboration between tech companies and several states got off the ground early in the pandemic using emergency contracts. As the programs enter their next phase, partners say they've worked out the kinks.
The mysterious hacktivist group has claimed responsibility for the weekend outage of the city's police department website, saying that it was revenge for the recent killing of Rayshard Brooks.
The city was forced to take its network offline as a means of containing the malware attack after it was discovered Thursday morning. Officials say the incident is being investigated by state and federal authorities.
The group, an alleged "cybermercenary" ring, has allegedly targeted people and organizations on six continents. Many of their targets were engaged in high-profile activism work against large corporations.
Seattle-based firm Democracy Live has contracts with governments across the country, but a new report from computer science researchers claims the platform is vulnerable to hackers who may want to intervene in elections.
"Scattered Canary" is an agile, sophisticated hacker group that recently made off with millions of dollars stolen from the Washington state unemployment system. It has targeted similar systems across the country.
A cyberattack temporarily disabled certain city systems and websites Thursday morning. The cyberattack comes amid protests over the police killing of George Floyd earlier this week.
A proposal from a Utah think-tank suggests that the state create a first-of-its-kind privacy oversight committee and public officer to evaluate the ways the government uses surveillance technology.
The novel coronavirus forced state governments across the U.S. to change their operations at a moment’s notice. For CIO Shawn Riley, the shifting landscape brought logistical challenges and increased attention from hackers.
An unemployment benefits website run by the Arkansas state government suffered a large data breach that left the personal information of thousands of applicants exposed, state officials confirmed.
The attack is the second of its kind to target a state agency in less than a week. On May 8, the state’s court system was targeted by a ransomware attack, which seized control of a portion of the statewide network.
As governments struggle to adapt to the election challenges surrounding COVID-19, a number of states have launched Internet voting pilots. But many experts argue that these programs could easily be co-opted by malicious actors.
City leadership has chosen Shirley Erp as the new chief information security officer. Erp brings a lengthy career in cybersecurity to the Texas city. She begins the position June 1.
During a Washington Post Live discussion May 13, Rhode Island Gov. Gina Raimondo explained her state's plan to use contact tracing as an important aspect of their ambitious plans to reopen.
According to a recent audit by the Oregon Secretary of State's office, the police agency has no comprehensive system for risk assessment and management, and falls short of basic cybersecurity procedures.
The state has chosen Keith Tresh as its new cybersecurity lead within the Information Technology Services agency. Tresh has substantial government experience at the county, state and federal levels.
Cyberattacks against health and government organizations in charge of COVID-19 response efforts originated from state-sponsored hackers, officials say. The attacks have targeted entities in both the U.S. and the U.K.
The National Governors Association has selected seven states to participate in its annual statewide cybersecurity readiness program. Participants will look at a number of different areas for planning development.
Hackers have sought to exploit the novel coronavirus to spread chaos, make money and build political advantage. The trends show a variety of ways bad actors are using this particular global moment to their advantage.
Disinformation of all different stripes is still a persistent problem when it comes to the COVID-19 crisis. Increased reliance on social media and spiking Internet use have helped fuel these campaigns.
The small suburb initially told residents that their personal information had not been compromised in the March incident, but hackers' decision to publish the city's data online shows otherwise.
A cyberattack on New York state's computer network just recently came to light. The incident occurred in late January, just as the state was preparing for battle with the novel coronavirus.
The heat-reading surveillance systems have been sold as a potential "virus spotter," but state and local governments may be hesitant to adopt them over privacy and civil liberty concerns.
Timothy Walsh, a network and security supervisor for Enterprise Technology Services, has been named as the state’s new chief information security officer. Walsh replaces Arlen Fletcher.
As large numbers of state workers migrate to remote work, chief information security officers are adjusting the best they can. Staying vigilant against evolving threats and learning from past experience are key to survival.
After seeing a huge increase in users, the teleconferencing company has weathered an onslaught of criticisms regarding its security features. For remote government workers, the tools remain in question.
After passing a law last year to reorganize its IT agency, the state is looking to do it again. Legislation introduced earlier this year would shift responsibilities for IT leaders, refocusing their mission on modernization.
A recently launched dashboard is showing users where people are obeying stay-at-home orders or not. The tool uses anonymized cellphone location data to identify where people are congregating during stay-home orders.
The city has launched a number of data-enabled digital applications over the past few weeks as a way of keeping residents up to date about the public health crisis occurring throughout the state.
According to a new study, online actors may be pushing false narratives through social media to sow chaos. While it's unclear where the information is coming from exactly, it poses dangers to people looking for information.
Once heralded as the solution to most election woes, our affinity for the paperless voting technology has dimmed. Today, experts consider it one of the biggest liabilities, and favor a return to paper ballots.
Chief Information Security Officer, Texas
Cybercriminals — both political and criminal — are using the global health crisis as an opportunity to target vulnerable organizations and individuals. Telework and general panic are making this mission easier.
While no data was lost or networks disabled, officials say the Sunday cyberattack seems to have been an effort to slow the Health and Human Services Department's response to the ongoing novel coronavirus pandemic.
For the second time in two years, lawmakers in one of America's biggest technology centers have failed to put together a comprehensive consumer privacy law.
The bill, introduced in February, has the potential to create additional protections for sensitive state data, but there are still policy areas that might need fine tuning before the proposal goes further.
Both the city and county of Durham were struck simultaneously late Friday, but pre-existing response plans allowed government officials to save their systems from a more catastrophic result, officials said.
As anxieties about foreign interference in the 2020 presidential election grow, concerns about other vectors of misinformation are evident. Deepfakes, realistic video forgeries, have some of the most damaging potential.
Researchers at RSA 2020 discussed the growing trend of hackers harassing large industrial systems. In doing so, they aren't just shifting their targets — they're also exhibiting more insidious behavior.
Much funding and effort is spent on hardening cyberdefenses, but what about hunting down the people responsible and understanding their methods so as to prevent future attacks? At RSA 2020, experts weighed in.
As part of the massive cybersecurity event, Director Chris Krebs of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency discussed prominent issues related to state and local government.
At this year's RSA cybersecurity conference, one session looked at the ways in which the Bureau is attempting to work together with private industry to track and prosecute hackers who spread the malware.
While cybersecurity experts from around the globe gathered in San Francisco this week, the looming threat of the coronavirus saw some companies pulling out of the event — among them Facebook, IBM and Verizon.
With fears of foreign election interference on the rise, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a strategic road map ahead of the 2020 presidential elections.
Experts are voicing their concern about Georgia's election security practices and whether they will prove effective against myriad threats during the high-profile 2020 presidential race.
The just-introduced bipartisan bill would send the money to state and local governments through the Department of Homeland Security, which would also create a new federal strategy for cybersecurity.
The new CDO has been with the San Francisco city and county government for the better part of a decade, and has been in charge of data operations since his predecessor stepped down over a year ago.
The project to transform California's state website into an iterative platform that is responsive to a diversity of user needs is being conducted at break-neck speed with plenty of help from data analytics and other forms of user research.
While the attack against Tillamook County has not officially been dubbed ransomware and local leaders haven't commented on a posted ransom, the incident has all the trappings of that style of attack.
As states look to legal frameworks to deter the rising tide of cyberattacks against state and local governments, Maryland is seeking to criminalize the possession of the tools that make them possible.
Vendors at the 2020 Consumer Electronics Show tackled an oft-discussed goal for municipal leaders, looking at how communities could use smart city technology to transform aging infrastructure.
Panelists during a recent Consumer Electronics Show discussion worked through the challenges that come with creating a truly inclusive design for smart cities, taking into account issues like poverty and inequality.
The 2020 Consumer Electronics Show in Las Vegas features a host of new exhibits and conversations about how smart city design, transportation, security and equity will evolve in the years to come.
Officials in the Florida city struck by ransomware earlier this month say the professional services firm will help them determine whether any data was compromised during the attack and, if so, what data.
The recent cyberincident appears to have impaired a number of large city systems, but officials say recovery efforts are underway. The ransomware is the third large attack in the state this year alone.
Allen, the chief information security officer for Alabama since 2017, is departing for a position as CISO for the University of Alabama Birmingham's Health System, and it is currently unclear who will replace him.
While officials initially feared that the problems could be the result of a cyberattack, the source of the problems was swiftly discovered to be an internal maintenance issue.
During a last-minute hearing Friday, Louisiana Deputy CIO Neal Underwood revealed that last week's ransomware attack was the largest one to impact the state, but he stopped short of calling the attack catastrophic.
During a last-minute hearing Friday, the Louisiana Deputy CIO Neal Underwood revealed that last week's ransomware attack was the largest one to impact the state, but he stopped short of calling the attack catastrophic.
Lester Godsey brings more than two decades of experience in IT and cybersecurity to the Arizona county. He hopes to translate that experience into new partnerships and, ultimately, results.
Officials revealed to local media Wednesday that a minor security slip that led to the recent cyberincident. The state, while having mostly recovered, will need a few days for all services to be up and running.
The state, which just suffered a large-scale coordinated attack in July, was forced to take a majority of its state servers offline to mitigate the risk of the malware's infection spreading.
A new report from the Brennan Center for Justice argues that there is not enough transparency between election vendors and the governments they work for. The authors argue that more needs to be done to protect the process.
The state’s Cyber Operations Center is seeing the benefits of a $15.4 million funding boost. The investment will allow for the hiring of new staff and the deployment of new cybersecurity tools, officials say.
The new City Council committee discussed the ways in which the ransomware hackers were able to infiltrate Baltimore's IT infrastructure at its first meeting this week.
The Southern California university is helping an assortment of government groups tap into a relatively new data platform that provides innovative opportunities for research, policy and storytelling.
Programs that monitor students' social media and email, which have grown in popularity in recent years, are seen as a means of heading off the next tragic shooting. New legislation would dramatically expand their use.
As a new year approaches, myriad states are looking to adopt their own, distinct privacy laws — a fact that leaves many in the business and technology industries anxious about the road ahead.
The commonwealth's new program, which is backed by state funding, will help communities develop effective cyber-response plans. Local governments, as well as states, often lack such concrete planning.
As school officials across the country worry about how to stop the next mass shooting, biometric technologies and expanded surveillance systems have become attractive alternatives to traditional security procedures.
Months after a ransomware attack cost the city around $18 million, officials approved the purchase of a cyberliability policy to help with any future incidents. The move is one being made by governments across the U.S.
School districts have seen a stark rise in cyberattacks in just the last several years, according to the newly released report. Part of the problem could be traced back to digitally savvy students.
A recent report from the state auditor's office showed widespread noncompliance with routine cybersecurity protections. The gaps could open the state to unnecessary threats as hackers aggressively target government.
CIO Frank Johnson weathered a catastrophic ransomware attack in May, but faced much criticism for how the IT department handled the incident. He took leave in September, and the city now confirms that he’s moved on.
The initiative also seeks to bolster various protections already extant in the California Consumer Privacy Act. The agency would be responsible for enforcement of the new landmark privacy legislation.
Part of the Department of Homeland Security, the Cybersecurity Assessments program offers its services to any public or private organization that requests them, and could be a boon to smaller governments in particular.
A recently released report states that information was lost after only being saved on local servers. The lack of available data hampered the ongoing recovery efforts and raised questions about protocols.
The company is alleged to have violated New York's data breach notification laws by repeatedly failing to take adequate action to safeguard consumers, or to inform them about the true extent of attacks.
As cities draw hard lines over use of the rapidly developing technology, Portland's policy — with a unique focus on both private and public use — could mean a new standard for privacy protection.
Through quick response and an existing cyberthreat response system, the state managed to stave off what could have been a much more disastrous attack that would have affected twice as many communities.
The first publicly available platform of its kind in the U.S., it's aimed at offering small and mid-sized businesses cyberthreat tracking capabilities and trend analysis that otherwise wouldn't be accessible.
The business community's push for changes to the California Consumer Privacy Act were mostly rebutted throughout 2019's legislative session, leaving many in the private sector anxious about the future.
Under the proposed law, police would be barred from equipping their body cameras with facial recognition software for a period of three years. Questions about the accuracy of the technology and privacy are central issues.
The duration of Johnson's leave is not clear, but a city official says deputy IT chief Todd Carter will be stepping in to manage day-to-day operations. Johnson faced criticism for his response to the May cyberattack.
The University of Southern California’s new data project will show how neighborhood crime in Los Angeles intersects with other policy areas like homelessness and housing, education, economic development, and jobs.
Together with federal authorities and other partners, the state government has stepped in to help municipalities ailing from the large, coordinated attack that left town data locked up by malware.
The widespread cyberattack came at the end of last week, plunging the state into response and recovery mode. At least 23 cities and towns are working with state and federal authorities to mitigate the damage.
A 2015 lawsuit alleges the company’s tagging feature violated Illinois biometric privacy laws when applied to residents’ photos without permission. Now, an opinion out of a federal appeals court is moving the case forward.
Believing it was working with a trusted contractor to change banking information, Cabarrus County, N.C., paid scammers $2.5 million. The incident highlights yet another way cyberthieves are targeting government.
New legislation in the state comes amidst a nationwide backlash against facial recognition technology, which has in recent weeks been criticized by privacy advocates at both the city and state levels.
Due to their wealth of data and limited budget for cybersecurity staff and training, schools have drawn the eye of hackers. Experts recommend backing up data and investing in cybersecurity training and preparedness.
Internet vandals targeted two webpages under the Department of Human Services with an anti-government message. Officials say it does not appear that any sensitive information was accessed in the incident.
A problem with “some network infrastructure hardware” has been affecting state agencies since Friday morning. The intermittent connectivity issues are impacting access to state websites and call centers.
The new home security IoT product, which has seen widespread use by law enforcement agencies across the country, allows police to view home surveillance footage to assist with their investigations.
A report published by the Brennan Center warns that states and localities are ill equipped to defend themselves against the sophisticated, well-resourced intelligence agencies of foreign governments.
The attack, which was discovered late last week, is the latest in a string of cyberincidents targeting government agencies of all sizes. State officials say they are working to get systems back to normal.
The malware attacks, which were directed at school systems, affected phones and computers in at least three different communities, and the threat is still active, according to the Governor's Office.
The newly codified group will investigate how automation, artificial intelligence and other emergent technologies could be regulated, while at the same time examining how the technologies could benefit economic growth.
A bevy of legislation has been introduced in recent months that seeks to augment and change California's privacy law, but how much of it will pass remains to be seen.
The new technology, which can scan crowds and uses artificial intelligence to identify hidden weapons, is going to be beta tested in multiple places across the country, including the Virginia State Capitol Complex.
The National Association of State Chief Information Officers has shown support for the new U.S. Senate bill that would increase collaboration between federal and state and local governments on security and defense.
The New York Privacy Act was hailed by many as a bigger, badder version of California’s recent Consumer Privacy Act, but a lack of support and a substantial lobbying effort stopped it in its tracks.
The controversial decision to eliminate the state's chief information security officer has inspired criticism, though state officials have promised a continued commitment to cybersecurity efforts.
Two databases used by the state’s Department of Labor may have been accessed by unauthorized users, potentially exposing the names, Social Security numbers, addresses and personal information of thousands.
Gov. Ron DeSantis’ signature turned the Agency for State Technology into the Division of State Technologies, placing it under the Department of Management Services. Now, leadership is being named.
In an expected turn of events, Gov. Ron DeSantis signed legislation to roll the Agency for State Technology into the Department of Management Services. The new iteration will be called the Division of State Technologies.
The new legislation, known as the SHIELD Act, would broaden the scope of what counts as data, expand the rights of consumers in the event of a breach, and increase penalties for culpable companies.
Florence, Ariz., and India-based Subex are partnering on an Internet of Things initiative to advance end-to-end cybersecurity, while at the same time teaching residents about how they can secure their own technology.
The Office of Security Management was created Tuesday through executive order. State CISO John Evans will lead the new office within the Department of Information Technology and oversee consolidation of cyberdefenses.
The city has been slowly getting its operations and systems back online after a cyberattack in early May, but debate over the administrative response to the attack is still causing controversy.
A new report from a Stanford University research group looks to prescribe defense solutions for state and local governments in the event of potential manipulation attempts by foreign powers.
Axon, known for its body cameras and TASER products, is branching into the emergent technology arena in the hopes it will change the dynamics between officers and those experiencing a mental health crisis.
The program, which has consistently created public-private partnerships to develop tech-oriented solutions to government hurdles, announced some of its latest partnership results this week.
The U.S. Department of Homeland Security has made it a priority to collect and analyze the social media data of thousands of people, but the reasoning behind these efforts is not always straightforward.
An attempt to limit sales of the controversial surveillance technology on the part of civil rights activists did not get far. They fear the technology could be used to unfairly target minorities, people of color and women.
Thaddeus 'Thad' Batt, a 20-year veteran of IT, will serve in the new role, which will operate out of the Governor’s Office of Information Technology (OIT).
The research group will soon release its findings about where the largest connectivity gaps are in the U.S., as well as the state policies and practices being implemented to correct Internet disparities.
For the past three years, the state has stepped up its training, outreach and coordination to protect county election systems, with the Office of the Chief Information Officer playing a key role.
A new bill signed into law by the governor will create an extensive infrastructure for combating bad actors.
Following extensive input from law enforcement and civil liberties groups, lawmakers voted this week to put a moratorium on municipal use of the technology. San Francisco is the first in the country to make such a move.
A bill passed by the Legislature and expected to be signed by Gov. Ron DeSantis will see the state’s predominant IT agency — the Agency for State Technology — folded into the Department of Management Services.
A bevy of bills would create additional consumer protections, but key parts of the legislation have shifted or fallen away since originally introduced. They include restrictions on what data voice assistants can store.
Officials have shut down a majority of the city's servers as a precaution, according to a spokesperson for the mayor's office. Meanwhile, core services like fire, police and emergency medical services remain operational.
Harris, who has worked within the Office of the Chief Technology Officer for many years, and held the position in an interim capacity since August last year, will now serve at its permanent leader.
A bill being considered in the state Legislature would penalize companies that used Internet of Things devices to eavesdrop on consumers without their permission.
According to some, the new AI-powered videos have the power to confuse and mislead voters, potentially compromising election integrity. But there isn't much in the way of legislation at the state level to address them.
The new legislation stemmed from an outcry last year over Verizon's cutback in Internet service to firefighters battling one of the state's largest wildfires. The company apologized, but opposes the bill.
The new legislation allows computer systems in autonomous vehicles to be considered drivers and opens up the opportunity for AVs to take to public roads.
Mayor Bill de Blasio has selected the former Microsoft technology and civic innovation director as the city's next chief technology officer, the city announced April 23.
The bill would have been the second of its kind in the nation, but the gap between the version supported by the tech industry, and the more stringent version favored by privacy groups, proved too big to close.
A proposed ordinance would prohibit any municipal use of the software, a move that civil rights groups support, but is opposed by law enforcement organizations and some industry groups.
The county hopes to reduce the number of lost or missing seniors with the aid of special bracelets worn by individuals that can be tracked by radio technology. Initial results look promising.
A planned reset of the global GPS system last weekend disrupted some city services. But officials say no critical systems were impacted and that the NYCWiN network will be fully restored within a few days.
Ekaterina Fitos, who was named as the state’s first geographic information officer in December 2017 before transferring to another agency, has left state service to join a civil engineering firm.
The Democratic senator wants state and local government to get smarter about how it uses technology, following in the footsteps of relatively recent federal outfits such as the U.S. Digital Service.
A recent influx of funding was meant to fix the state’s struggling Licensing and Registration System. Now, lawmakers are grappling with whether to pull the plug and start from scratch.
Legislation being lobbied for by tech company TransparentBusiness would mandate contractor monitoring to ensure work/time verification. Critics contend it would cause unnecessary security risks to government data.
After Maine elected a new governor in November, longtime IT leader Jim Smith stepped down as CIO. Now the state has a new CIO in Fred Brittain, who spent more than two decades with the University of Maine system.
Ned Lamont has put forward several initiatives that would make the state more digital, smarter and more responsive to residents. The effort could also reduce state costs by 75 percent in certain areas.
The California city and the U.S. Marine Corps will work together on a number of projects designed to enhance security and services for residents.
During the 2019 California Public Sector CIO Academy in Sacramento, technology leaders gathered to discuss the future and how best to transform citizen-facing services.
New legislation would create a working group to assess the technology's potential applications and possibly recommend policies and state investments to help make Florida a leader in blockchain technology.
A new series of bills would create a position for a chief data officer, as well as an associated task force to help develop, manage and implement state data policies.
Steve Emanuel, who formerly served as the CIO for the state of New Jersey, now returns to the public sector to helm operations for the state's largest city. Emanuel has decades of public and private IT experience.
Continually improving information sharing, mapping and content management systems have allowed law enforcement agencies across the country to keep better watch of some of society's most dangerous criminals.
A bill newly passed in the North Dakota state Senate would overhaul the state's cybersecurity strategy, emphasizing unity and greater centralization.
