The cybersecurity landscape is changing rapidly, and not in a good way.
Cyberattacks are no longer the sole domain of nation states and a relatively small number of criminals with technical skills. Hackers now sell their services on the internet; much like private stores sell goods and services to the broader public online.
State and local governments, including Washington state, are seeing a surge in cyberattacks because of this and other factors, including the proliferation of devices being connected to the internet.
The exponential growth of attacks represents a challenge for both the public and private sector not only in terms of keeping pace with threat, but also in finding enough qualified cybersecurity professionals to defend networks.
The Washington state Legislature and Governor's office created the Washington State Office of CyberSecurity (OCS) in July 2015 to guard the state's networks against attacks.
The office's cybersecurity team works 24 hours a day to detect, block and respond to cyberattacks. The office helps prevent and mitigate threats before they can cause significant damage.
In the past year alone, OCS blocked several billion unauthorized attempts to access the state's network and more than 80 million potentially malicious emails. OCS also successfully mitigated 15 major DDoS attacks in 2017 that were aimed at shutting down the state network.
In addition, our office works with state, local government and military agencies to build more secure networks. OCS sends out teams on a moment's notice to help state agencies with cyber threats.
As part of an ongoing outreach effort, our staff travels the state, speaking at colleges, libraries and retirement centers to provide information on how to stay safe online.
The office also runs an annual "Hacktober" cybersecurity quiz in October to raise state employee awareness as part of the National Cyber Security Awareness Month. The campaign, which tests state workers on their cyber knowledge, garnered more than 18,000 responses this year.
We have more plans in the works, including:
- Red Team: Will proactively test the security of the state's networks and services to help identify and fix potential vulnerabilities before a cyber attack can exploit and disrupt networks.
- Application Certification and Accreditation Program: Will train application developers at government agencies on secure coding best practices and application of security patches.
- Information Sharing and Analysis Center: Will collect, analyze and disseminate actionable threat information to public organizations and federal partners.
Please download our full 2017 Report for more information about the Office of CyberSecurity, as well as information about new cyber threats, the hunt for more security professionals, advice on how to keep your data safe and more.