The plan’s overarching vision is to advance modernization across agencies, doing so by focusing on three areas: customer experience and collaboration, service delivery, and financial operations. Among eight objectives listed in the service delivery area, the agency plans to monitor its system visibility and observability, its cybersecurity incident response processes and its security patch management process.
The division will monitor system visibility by developing and maintaining “a centralized, continuously updated inventory of all applications to serve as a source of truth for operational awareness, impact analysis and incident response,” according to the plan. “This inventory will include key metadata such as ownership, business function, criticality, hosting environment, dependencies and integration points.” OTS lists New Relic and Azure Monitor as examples of potential platforms.
The approach reflects broader best practices in cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) emphasizes that maintaining an accurate, centralized asset inventory is essential to cybersecurity programs. In its Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, released in August, CISA outlines how inventories support risk assessment, threat detection and rapid incident response — stating that “you can’t protect what you don’t know you have.”
Louisiana also wants to shorten its mean time to detect and mean time to resolve for cybersecurity events. The performance indicators are to detect events within one hour and respond within eight hours, according to the plan. And security patch management is in this cluster of objectives, with performance indicators of bringing managed endpoints and servers to at least 95 percent compliance, public-facing endpoints to 100 percent compliance and patch deployment to no more than seven days.
States continue to be vulnerable to data breaches, malware and ransomware. Louisiana Gov. Jeff Landry on Sept. 5 renewed a state of emergency for cybersecurity incidents, originally put in place by the previous administration. Although it expires Oct. 5, the document illustrates ongoing cyber concerns. Nevada was hit by a late August ransomware attack that knocked state offices offline, and the Texas General Land Office recently discovered a software misconfiguration that left more than 40,000 people’s data exposed. For context, Nevada has 3.1 million residents, and Louisiana has about 4.7 million.
