Agencies and individuals at both the state and local level were cited for their abilities to leverage, communicate and collaborate to create strong cyberprograms.
While recent headlines of hacks and data breaches have served as an ominous reminder of the importance of cybersecurity, leaders across the nation have long been dedicated to leveraging government IT security in innovative ways. This year’s Cybersecurity Leadership and Innovation Awards from the Center for Digital Government* celebrate the steadfast commitment of government agencies to protect and secure confidential data despite evolving threats.
The seventh annual awards program recognizes innovations and contributions over the past several years that have improved cybersecurity across different categories, including state, city and county government, education, health care, and leaders in cybersecurity technology services.
This year’s winners have raised the bar in their dedication to collaboration and innovation when it comes to protecting government data.
Arizona’s security program took the top state spot, and demonstrated tremendous collaboration across state and government agencies to effectively standardize 13 controls over 35 agencies in just six months.
Education and Health Care Winners
In addition to the state and local government categories, leaders from the education and health-care sectors were honored as well:
Houston Independent School District was acknowledged for its program that evaluated privacy policies and terms of service agreements for popular applications and developed a rating system to set security standards. Developers then changed their software in response.
Also in the education category, Paul Yoder, information security specialist with El Camino Community College District in Southern California, showed how one person can make a difference. While 75 percent of community colleges have no dedicated cybersecurity staff, Yoder has made cybersecurity a No. 1 priority.
Damian Chung, senior director of cybersecurity and engineering for Dignity Health, took a top spot as a leader and innovator for his work in security for the network of health-care providers.
And Ron Cherry, CISO for Mercy Health Partners, was awarded for growing his organization’s cybersecurity program from two to 10 employees, as well as developing and deploying a fully supported and funded cybersecurity plan.
Similarly, the city and county of Denver, the winner at the county level, focused its cybersecurity efforts on boosting election integrity. It partnered with the Colorado Secretary of State to network traffic information and leveraged tools provided by the Colorado Division of Homeland Security to enhance data protection.
What’s more, Timothy Lee, chief information security officer (CISO) for the city of Los Angeles, took the top leadership spot after he helped to develop and launch a $1.8 million Integrated Security Operations Center (ISOC) across 40 city departments to provide real-time situational awareness to detect and mitigate cybersecurity threats. ISOC’s threat intelligence portal is used to coordinate collaborations among various city departments, like the Los Angeles airport; the FBI; the U.S. Secret Service and the Multi-State Information Sharing and Analysis Center (MS-ISAC).â¯
Other winning innovators, including Chris Burrows of Oakland County, Mich., shined this year in their creative solutions that embrace shared resources. As the county CISO, Burrows created the county’s first IT Risk and Security program to enhance protection across information security, compliance (HIPAA, PCI DSS, CJIS), technology risk management, business continuity and information life cycle management. He also helped to launch a new “CISO as a service” product that supports small and medium-sized government agencies to address cybersecurity challenges despite limited resources. The project is a collaboration between Michigan state and various counties and leverages the expertise of a CISO to provide cybersecurity evaluations and recommendations and to implement best practices without the expense of a full-time employee. The service also uses a cybersecurity evaluation that Burrows helped to develop called “CySAFE,” which scores an entity’s security levels across 36 controls and offers a to-do list to improve the score.
CySAFE was also a contributing factor to Oakland County as a whole winning this year's county government category for its information security program.
While Burrows was able to take significant steps to improve cybersecurity in Oakland County, he views it as a larger team achievement that many departments played a role in. “Change is difficult and I’m proud that people embraced it,” he said. “I’m proud we were able to come up with solutions that will work. We have been able to secure highly sophisticated systems in a short amount of time, and I’m proud that people were open and worked really hard to secure this. It’s a team effort. It was an organizational mindset change.”
Special Award Winners
This year’s awards recognized two entities with a special award for innovation, including:
JEA Bulk Electric System launched an innovative Energy Management System (EMS) shut-off safety capability that allows the energy grid to operate under emergency internal controls while blocking external cyberpenetrations. In this way, any attempts to hack switches or controls will be defended and energy operations will be undisturbed.
The City of El Mirage, Ariz., took an innovative approach when it redesigned the city network to include a Supervisory Control and Data Acquisition (SCADA) network that protects water treatment plant systems and provides a secure public wireless network at city campuses and select public parks.
Leveraging communication and collaboration for positive change is something Russell Walker knows all about. As chief technology officer for the Mississippi Secretary of State, he worked with departments at all levels to implement a new security infrastructure that now offers high-level screening, like data loss prevention, sandboxing, external drive scanning and crypto recovery. Beyond that, he dedicates himself to facilitating communication and training to boost knowledge and understanding of the importance of cybersecurity.
Case in point: Walker is working on creating a dedicated forum for state IT personnel to communicate and help each other achieve better security for their respective networks while avoiding potential pitfalls others have already overcome.
“By having better communication and sharing knowledge and experience, I believe we will have a better chance than if we continue to function in our own little silos,” he said. “So my hope is as time passes, we will have a better and more centralized communication avenue for all state IT professionals to use as a resource for support and information, not only in security-related issues but in all areas as the pain points are very similar throughout state government agencies.”
As Washington D.C.’s first CISO, John MacMichael demonstrated similar leadership in boosting cybersecurity across all departments. Through strategic reorganization and structure, he launched the Security Operations Center with a Governance, Risk and Compliance division and Security Engineering division. Ask him for advice on enhancing cybersecurity in the public sector, and he points to collaboration.
“It is critical to develop an enterprise view of the data and information systems within each agency, MacMichael wrote in an email, "and then work with the Enterprise Data Officer [in D.C., the chief data officer] as well as the agency CIO to ensure that there is a shared understanding of the information to be protected, the risks associated with the data and systems, and the controls and monitoring schema that will be used by the agency and the CISO organization."
*The Center for Digital Government is part of e.Republic, Government Technology’s parent company.