The updates are part of a broader effort to coordinate IT across state government. Kansas’ executive, legislative and judicial branches remain independent, but are expected to identify common IT solutions and pursue shared cybersecurity goals. In February, working with Gartner, the state launched its IT Integration, Assessment, Roadmap, and Planning Project to evaluate current systems and plan for greater alignment across the three branches.
“It is a requirement for the executive branch to put together a broader IT consolidation within the executive branch, and we have brought in a third party,” Kansas Chief Information Technology Officer (CITO) Jeff Maxon said. “The intent is to ensure branches are identifying common solutions.”
And in several instances this year, leaders have taken steps to keep court sites secure and improve online access. On March 1, the Kansas District Court Public Access Portal migrated to a .gov domain name. On March 19, the branch launched a new portal to modernize and smooth the admissions process for prospective Kansas attorneys, followed on March 24 by its debut of the Kansas Appellate Courts Public Access Portal. On April 1, officials launched Kansas Civil Filings, which enables online filings. It gives access to documents filed to start a civil case, and to view ongoing case files.
The projects showcase the branch’s enhanced online capabilities and have intersected with work required to recover from the Oct. 12, 2023, Russia-based ransomware attack on the state’s judicial system, which necessitated that the office go offline and required months of recovery, according to the Kansas judicial branch’s 2024 Annual Report.
What was needed, the state said in the report, was nothing less than “rebuilding the network and putting more security controls in place.”
By Jan. 2, courts, in all but three of 105, were running on the Kansas eCourt case management system and online court payments were restored via the Kansas District Court Public Access Portal — itself back online, though some information remained to be updated. Online electronic filing in district courts, and case initiation through electronic filing came back online that month, too, with some exceptions.
The Office of Judicial Administration ultimately notified around 150,000 people in May 2024 that personal information was believed to have been “exfiltrated from Office of Judicial Administration directories.” It offered recommended steps to watch and safeguard their personal information — plus free credit monitoring and identity restoration services as needed. The intervening time was necessary because records had to be reviewed one at a time — and were in different formats, some of which had to be hand-reviewed.
Courts, the report said, had been underway on a modernization, and an initiative to deploy the Kansas eCourt case management system was nearly done — centralizing case data on one platform for courts across the state and offering “efficiencies through task distribution called workshare.”
“Bringing interconnected systems back online took coordination and planning, as well as completing tasks in a specific order,” the report said. “The process took time, but it ensured a stronger foundation for the systems used to deliver services from courts.” It also improved partnerships within the court system, and with county and state government.
In February 2024, the office hired its inaugural Chief Information Security Officer Evan Burt, who had indicated, the report said, “he was inspired to apply for the position after working with the courts in an advisory capacity following the cyber attack.”
And on May 9, 2024, Gov. Laura Kelly signed into law state Senate Bill 291, which laid out a framework to harden the state’s cybersecurity stance post-cyber attack. It builds on earlier cybersecurity measures including the 2018 Kansas Cybersecurity Act, which codified the executive branch’s CISO role, Maxon said. SB 291 extends that requirement to the legislative and judicial branches, requiring each to have a designated cybersecurity officer like Burt, who had recently joined.
Recovery from the cyber attack, Anne Madden Johnson, the office’s deputy information technology officer, said in the report, was a “lesson in strength,” as Information Technology Services staffers worked to rebuild the network and bring services back online — while simultaneously completing “enhancement projects scheduled for the future.”
“We did three or five years’ worth of projects in about six months,” she said. “The upgrade to the electronic filing system alone should have taken six months and we did it in three.”
By late August 2024, Johnson, then the office’s acting CITO, reported to the state Joint Committee on Information Technology that judicial systems had been restored and no ransom paid; zero-trust security implemented; the security team enlarged; and improvements made to endpoint security, firewalls and backup.
