MADISON, Wis. -- Representative Romaine Quinn (R-Barron) convened the Assembly Committee on Science and Technology Wednesday to review the state’s efforts on protecting state electronic data.
“With tax season upon us and elections coming up soon, the state’s cybersecurity efforts are crucial to ensuring that our citizens’ data is protected and online threats are minimized,” said Rep. Quinn. “The state plays a major role in securing information submitted by all of our residents, and it’s important to review our efforts and make sure the legislature is a good partner in these efforts.”
The state faces significant attempts by hackers to access databases containing sensitive information housed on our servers – Social Security Numbers, vital statistics like dates of birth, and tax identification information, among other things. Major motivations for hacking include criminal endeavors and social action; according to David Cagigal, Chief Information Officer with the Department of Administration (DOA), the city of Madison faced significant Distributed Denial of Service (DDOS) attacks in the wake of an officer-involved shooting.
“The state has strong resources in place to come to the aid of any organization that is facing cyberattacks of any kind,” said Rep. Quinn. “We have helped school districts clean viruses and back up data for many departments that house sensitive information.”
Information from many Wisconsin departments is protected in a data center run by DOA, which allows the department to take proactive and innovative steps to ensure information is secure. In 2017, the data center defended against:
- 728 million filtered emails
- 153 million vulnerability scans
- 33,000 preventive malware downloads
- 36,000 attempts to exploit web apps
- 235,000 attempts to break passwords
Rick Offenbecher, Chief Information Officer at the Department of Revenue (DOR), stressed how seriously his department takes protecting Wisconsinites’ tax information. In addition to using multi-factor authentication and advanced encryption methods, DOR conducts extensive training to ensure that employees are aware of the types of attacks they may face.
Training was also a focus for Richard Rydecki of the Wisconsin Elections Commission (WEC). Facing the unique challenge of training 1,853 municipal clerks and 72 county clerks on election security, he noted WEC runs frequent training programs for local users. WEC is also updating its user agreements to ensure that any suspicious activity is reported and followed up on. According to rules going into effect for the 2018 election, “Users of [the voter registration system] WisVote will be required to report any election-related security issues or incidents to the WEC and appropriate law enforcement.”
“Security starts and ends with the user,” said Rep. Quinn. “The state offers great resources to local stakeholders, but without training and awareness, even the most high-tech equipment is in danger. I’m very proud of the efforts I learned about in this hearing to make sure our departments have taken every precaution in training their people on how to detect and prevent possible breaches. I encourage everyone to take this issue seriously and dedicate time to ensuring you know how to maintain a safe data environment.”