Agnes Kirk, Chief Security Officer, Washington state Department of Information Services
In November 2006, there were half a billion attempts from hackers to breach the Washington state Web site, which Chief Security Officer Agnes Kirk attributes to other countries confusing Washington state with Washington, D.C.
"It is our speculation that ... when we trace back IP addresses, because it is overseas in the Eastern bloc, or China or Africa, we think they don't understand that they're not getting Washington, D.C.," she said. "There's increased activity with this state because of the mis-association."
In December 2006, after researching various IP addresses attempting to breach their systems, Kirk said her department blocked traffic from some of them -- specifically coming in from China.
"We have seen a significant drop in December of the number of attempts," she said. "We're now taking a proactive rather than reactive stance. We're updating our signatures every day. We get a lot of information from other organizations through U.S. CERT [U.S. Computer Emergency Readiness Team] and the Department of Homeland Security. We monitor the NSA [National Security Agency] sites where they have specifically confirmed IP addresses and organizations that we agree have the potential of creating a problem, and that the state would have no legitimate business to do with them. Our whole objective is to let authorized people in, and keep the unauthorized out."
Washington also uses layered security and security gateways, such as Transact Washington, which is public key infrastructure-based, single sign-on, and provides the highest degree of external customer identity proofing and protection for transaction data for law enforcement and health care.
Kirk also directed the planning and development of SecureAccess Washington -- a single sign-on gateway for the public to access one or more secured applications from the Internet using one user ID and password.
"A month ago, we had 65,000 active users in SecureAccess Washington, and we have some major projects looking to take advantage of that -- like the business portal."
The business portal is a long-term goal that aims to streamline how the private sector does business with the state, as well as incorporate it with SecureAccess Washington so businesses would come to one place for all their business needs.
"There's lots of good stuff coming down," she said. "I probably have one of the best jobs in state government because I get the operational side -- to see how it really works, deal with real people and see what the real security issues are. I also get to be involved in strategic planning -- to look at direction, help set policy and bring Washington forward in all of the security areas not operationally related."