A few blocks north of the Oklahoma state Capitol -- in a secure, heavily fortified portion of a building constructed to withstand the force of an EF5 tornado -- two state cyber security analysts and a network specialist sit around a circular pod of computer screens.
Eyes dart back and forth as they carefully monitor the activities on nearly 30,000 state computers -- looking for trouble.
They can tell you that last August someone from a foreign country tried to infiltrate the state network to obtain sensitive information -- prompting security officials to notify the FBI and Homeland Security.
They also can tell you that employees on the state computer network made more than 2 million page view visits to Facebook over a recent three-month period.
This is Oklahoma's Cyber Command Security Operations Center, the state's last great line of defense against foreign cyber terrorists and domestic hackers who are constantly out to create mischief and steal taxpayers' private data.
When anti-virus software and other computer security programs identify a particularly ominous threat, an alarm sounds and flashing lights go off around the border of a large video screen mounted on the wall. The warning sends workers scrambling until the threat can be identified, isolated and neutralized.
Lesser threats are constantly being identified on computer screens and are handled quietly on a routine basis.
Designers of Star Trek's Starship Enterprise likely would be proud.
Oklahomans should be, too, according to Mark Gower, the command center's chief of security.
Oklahoma employees designed and built the system themselves after being told it would cost $220,000 to $600,000 to create what they wanted, he said.
It is considered the most advanced state computer security system out there and has prompted visits from Homeland Security, the FBI and officials from several states, Gower said. At any given time, "56 percent of the state's (computer) assets are under attack," Gower said.
DetectingThreats
Anti-virus software, firewalls and other security programs automatically defeat thousands of attacks every day. About 130 unique incidents a day rise to the level where they are electronically called to the attention of the state cyber security professionals for scrutiny and possible additional action.
A couple times a month, the detection programs identify threats serious enough that they set off the siren and flashing lights. It happens more often when additional state agencies are added to the centralized cyber security system.
State computers store a lot of sensitive information, like taxpayers' Social Security numbers and income data that cyber criminals would like to hack so they could steal identities and money.
Protecting that information is a huge responsibility as technology and cyber attack methods continue to evolve, Gower said.
For years, each state agency was responsible for operating its own computer system and each agency had its own information technology employees, with varying levels of expertise, who were responsible for keeping data secure and combating cyber attacks.
A massive consolidation effort has been underway for the past couple of years to centralize responsibility for state computer operations under the umbrella of the Office of Management and Enterprise Services.
Much of the discussion by governmental officials focused on consolidation as a way to save money. The centralized cyber security system is cheaper because the same protective measures can be used across all agencies, said Daniel Hanttula, security services manager.
"We actually saved the state $2.1 million over six years at the same time we deployed this system," Hanttula said, adding that about 80 percent of the state's computers were on the system as of June 30.
But improved security is the greatest benefit of the centralized system, Gower said.
Just how vulnerable to attack certain agency computers have been became readily apparent when officials began adding them to the centralized security system, he said. The sirens and warning lights would go off repeatedly when some agencies were added, sending security officials scurrying to fix one problem after another until accumulated security dangers had been addressed.
With the new system, computer programs funnel data from throughout the system into the command center, giving cyber security employees "real time intelligence" about attacks as they are initiated and spread from one computer to another, Gower said. They can then intervene to block the attacks.
Smart Bad Guys
Security threats change on an almost daily basis, Gower said. "The bad guys realize there are controls that prevent them from doing something, so they'll write code or do something that circumvents it," he said.
Gower cited the state's response to a massive security threat that occurred when the NBC website was hacked as an example of how the state's security team responds to a crisis.
Within 15 minutes of the attack, the state received notice from federal authorities that the NBC website had been hacked and was sending zero day malware out through the computer network, he said. That means there was no anti-virus software that could stop the infection from spreading to website visitors, he said.
State security workers immediately implemented a control that blocked state computer users on the system from going to the NBC.com website. They also identified every state computer on the system that had gone to the website during the time it was unsafe and sent out workers to remove the infected code from each computer. Once federal officials determined the NBC site had been fixed and the problem and infection removed from all local computers, the state's block on the NBC website was lifted.
State security officials also were successful in protecting state computers from attack during OpUSA, when groups of foreign hackers banned together to mount cyber attacks on various U.S. government agencies and banks in a protest of American foreign policy, he said.
(c) 2013 The Oklahoman
