IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

What Is Government's Responsibility When a Breach Hits?

Alaska’s inaugural CISO Shannon Lawson and CIO Bill Vajda weigh in on what government should do in the event of a cyberincident.

From left, Alaska Chief Information Security Officer Shannon Lawson and Chief Information Officer Bill Vajda
AUSTIN, Texas — Some of the criticism of Equifax's handling of its recent data breach centered around the time that passed between when the company first became aware of the incident and when the news got out months later. CIOs at the annual NASCIO conference in Austin this week offered their takes on the fallout from the breach. 

"It's something that shakes all organizations to the core, government in particular," said Alaska CIO Bill Vajda. 

But what are the rules when it comes to notifying customers that their data has been exposed?

"Communication is really important when you're talking about breaches or incidents," said Lynne Pizzini, Montana chief information security officer (CISO), in an interview with Government Technology. "I believe organizations really do need to have a very firm plan on how they're going to carry out any type of notification after an incident."

Vajda, joined by Alaska's newly named (and first ever) CISO Shannon Lawson, explained the responsibility of the public sector when a cyberincident takes place.

Government Technology editor Noelle Knell has more than 15 years of writing and editing experience, covering public projects, transportation, business and technology. A California native, she has worked in both state and local government, and is a graduate of the University of California, Davis, with majors in political science and American history. She can be reached via email and on Twitter. Follow @GovTechNoelle
Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.