Arizona has first chief information security officer to protect governmentBy Howard Fischer/ Capitol Media Services
PHOENIX - Arizona hired its first chief information security officer Wednesday, two years after auditors said that is necessary to protect government computers from hacking and the private information of people stored there.
Gov. Janet Napolitano named David VanderNaalt to the post. He starts his $118,000-a-year job Sept. 17.
The position is one of three created this past session by the Legislature in an effort to ensure that government computers are secure and private information cannot be "hacked.''
Chris Cummiskey, director of the state Government Information Technology Agency, said he also will hire a chief privacy officer and someone to educate state agencies about security.
"The office will have a focus on improving the state's ability to protect sensitive data that citizens share with state agencies,'' he said.
He said state agencies are collecting more and more private information from things ranging from license applications to tax returns.
Cummiskey said that requires secure networks to ensure that information does not fall into the wrong hands.
Cummiskey also said his agency will do a "vulnerability assessment'' to see how easy it is for anyone with a computer and an Internet connection to gain access to state files.
"We know there are too many 'back doors' right now,'' he said.
That refers to the practice by many organizations to provide an alternate method of accessing their computers other than the normal sign-in and verification process.
And Cummiskey said the proliferation of state employees with laptop computers presents its own problems.
For example, he said some workers access the state system through wi-fi or other wireless methods.
And those signals can be picked up by other computers.
That, said Cummiskey, shows the need to encrypt data so even if it is received it cannot be read.
The 2005 report by Auditor General Debbie Davenport found that hackers had gained access four times in the prior four years to state agency computers.
Davenport said the successful attacks prove the state needs to do more to protect its computer networks.
She said an examination of the systems of 11 major state agencies showed not just flaws making them liable to security breaches, but gaps that allowed viruses to infect the computers.
Davenport said staffers also found problems in ensuring that private information on state computers remains private.
It was in that report Davenport said some of the problems can be solved by creating a chief security officer who would be charged with ensuring that all agencies follow security standards - and following up with those that do not. Davenport also said the state should have a chief privacy officer.
Cummiskey said he had to wait until this year when lawmakers approved the funding and authorization.
VanderNaalt has been working for New York City in the dual position of director of citywide information security and citywide emergency continuity planning.
Prior to that he worked for American Express where he developed the company's first system-wide security program.