Oklahoma's head of cyber security told lawmakers Thursday the state is making strides but is in danger of falling behind the bad guys.
Consolidation of Oklahoma's state IT systems means nearly 39,000 state assets are now under real-time monitoring by a dedicated cyber security center. Chief Security Officer Mark Gower said that's saved money and increased security.
"This is a new frontier, and we must brave it with the steadfastness of the settlers and the pioneers that built this very state," Gower said. "Wavering from our goals in securing the state could have dramatic consequences in our ability to operate even the most core elements of state government should events unfold that leave us vulnerable and open to cyber attacks and compromise."
The cyber security center has dealt with threats such as denial of service attacks, malware and dark web sales of state employee passwords, but the money isn't there to keep pace with hackers' adoption of new methods and technology.
"Oklahoma is not alone in this issue, but we are behind in identification of a direct funding method for cyber security," Gower said.
After more than 32,000 attacks in 2016, malware is one of the big threats to Oklahoma's IT system. One variant is ransomware, malicious code that seizes a computer and directs the user to pay a fee to regain control. State Rep. Jason Murphey asked Gower whether the state has ever paid a ransom.
"So, it's safe to say that if taxpayer funds were used to purchase Bitcoin to pay ransom that occurred in a state agency that has not, as of yet, been brought into the unified environment?" Murphey said.
"That would be correct," Gower said.
"Of those that are in the unified environment, no ransom has ever been paid?" Murphey said.
"Correct," Gower said.
While state IT has been consolidated to a unified system, some agencies are still outside of it.