The novel coronavirus forced state governments across the U.S. to change their operations at a moment’s notice. For CIO Shawn Riley, the shifting landscape brought logistical challenges and increased attention from hackers.
Palo Alto Network's 2020 JSAC Cybersecurity Summit gave viewers an insider's perspective on some of the challenges state government faces in the age of COVID-19.
North Dakota CIO Shawn Riley, one of the Tuesday panelists, shared the unprecedented operations his team has gone through to secure a rapidly changing government.
"As COVID-19 became a very, very real pandemic for all of us, we all had to think really differently about how government is managed and how it's being delivered on a day-to-day basis," Riley said.
And his job is particularly delicate. North Dakota's recent reorganizations have given the Department of Information Technology an expanded responsibility to protect and deliver security policy to all public entities throughout the state. This means navigating new problems, including securing teleworking environments for people who have never worked from home before, he said.
"In a period of about four days, we moved 250,000 people out of their environments and into either a telework or a teleschool environment," he said. The entire executive branch was moved in about 48 hours, 65 percent of which had never worked remotely before, he added.
"We stood up a new education system for all of K-12 in four days' time; we stood up contact tracing in six days' time for the entire state; contact monitoring for the entire state; a new data system in 24 hours," he continued.
The speed at which these shifts had to be made were "unprecedented," he said. Hackers were very much aware of the opportunities they presented, and as a result the state government saw a precipitous rise in cyberattacks in the weeks after stay-at-home orders went into effect.
"Typically, we get 15 [million] to 20 million attacks a month against our front door," Riley said. "We went from 1,500 incidents that we were dealing with across the entirety of the system, to a little over 7,000 per week once COVID came in," he said.
At the same time, the state rushed to implement a contact tracing program to a sometimes skeptical public. Questions about whether or not this data could be adequately protected were common, Riley said.
"Once you start thinking about security and privacy, instantly you have a huge swath of the nation who looks out and says, 'Wait a minute, what is Big Brother doing to me? What are you really tracking and what can you really get to?'" he said.
The possibility of having this data fall into the hands of foreign actors has been a specific concern among those concerned with COVID-19-related data collection.
"The reality is that contact tracing is exceptionally benign information on the whole," Riley offered. "There are aspects of contact tracing that do check your location and manage locations, but in systems that we've enabled so far, you can't even get to that data yourself unless you have the code from your phone."
"The reality is that this is good information that's helping to save lives," he added.