August 2020
Dear Washingtonians!
As Dwight D. Eisenhower once said: "Plans are worthless, but planning is everything."
That's why one of my top goals, since appointed state Chief Information Security Officer (CISO) nine months ago, has been to create a sustainable cybersecurity operational plan for the State of Washington that can meet the security challenges that lie ahead.
A sustainable plan needs planning, which is a collaborative effort that requires strong engagement by everyone involved. I am working with the CISO Council - which includes chief information security officers at state agencies - state lawmakers and others to finalize the state plan, which is organized around five main goals, referenced in state law:
- Goal #1: Ensure the confidentiality, integrity, and availability of the information transacted, stored, or processed in the state's information technology systems and infrastructure.
- Goal #2: Protect all state information technology assets by a centralized cybersecurity protocol.
- Goal #3: Detect, respond to, and report all levels of security incidents consistent with information security standards and policies. Ensure the continuity of commerce for information resources that support state agencies' operations and assets in the event of a security incident.
- Goal #4: Advance the security program in the State of Washington.
- Goal #5: Position Washington as a national leader in cybersecurity.
While the State of Washington has strong systems to secure sensitive information entrusted to the government by Washingtonians, our surrounding environment is changing.
Our path forward must consider external challenges such as the state budget shortfall and the COVID-19 pandemic, as well as growing information security threats.
Each of the goals in the state operational plan is mapped to specific initiatives over the next two years. For example, to help meet the third goal, the plan calls for steps to improve our capability to detect and reduce the time to respond to malicious activity.
I view this work in a foundational way. These elements are required for continued improvement in state's security posture.
Here is my question for you: How would you improve the security posture of an organization in the aftermath of an unprecedented event?
I welcome your thoughts and ideas and look forward to our continuing partnership to serve this great state. Thank you for all that you are doing.
Vinod Brahmapuram
State Chief Information Security Officer