Lawmakers Study Whether Data Servers At-Risk For Potential Cyber Attacks
Lawmakers are studying whether state agencies are doing enough to keep online “Hack-ta-vists” and other cyber criminals from accessing and stealing personal information. But state officials say while there are advances in technology, experts in the industry are not as readily available to state agencies.
In 2011, then-Texas Comptroller Susan Combs announced that the personal information of 3.5 million current and former state employees was stored on a publicly accessible computer server for about a year before it was discovered. Since then the Comptroller’s office is using different encryption technologies.
Eddie Block with the Texas Department of Information Resources said the state has the necessary technology to secure state data banks but is lacking in the number of experts needed when these type of threats occur.
“It’s clear across not just state governments but federal and private sectors that people are really at a shortfall. There’s negative unemployment in the information security community. So at the state level we are competing with private companies that maybe have shinier jobs," Block told lawmakers.
Block testified before the Texas House Committee on Government Transparency and Operations.
Brandon Neff is the president of the San Antonio-based technology firm, Innove and told lawmakers cyber threats against state agencies are very real and these online attacks may come from a few different fronts.
“One is from nation-state actors, these are countries with intelligence services that are developing code to access our networks without our knowledge; Second type of threat we are facing is from “Hack-ta-vists”, these are groups like Anonymous that we’ve heard about on television, another is organized crime, there are organized crime syndicates that operate overseas mostly in places like Eastern Europe," Neff explained.
Lawmakers will continue to study the issue with the possibility of adding more money to state agencies' budgets for cyber security efforts.