A Message from the Office of Information Security
More than half of all ransomware attacks target counties and municipalities. Why? Because they are usually easy targets for hackers. The “Whole of State” model helps governmental entities to leverage their combined resources to increase the availability of their cybersecurity resources and facilitate the sharing of information. However, the model is not exclusive only to government entities, in fact, “Whole of State” model can include local and federal governments, the private sector, and educational institutions. We call this strategy the “Whole-of-State” approach to cybersecurity. As government entities face a near-constant barrage of ransomware, denial-of-service attacks, election hacking and other cyber threats, the “Whole-of-State” is key for increasing our security posture.
This tactic breaks down the organizational walls while enabling real-time, cross-jurisdictional collaboration and partnerships across the entire state to improve the cybersecurity posture of all stakeholders, including these targeted entities. During a recent interview I was asked: “are you worried?” Yes, I answered, we are always on guard because in the world of cybersecurity – it is not a matter of “if” but “when” entities will come under attack from hackers. I personally love a quote from a colleague of mine: “In state and local cybersecurity, we’re expected to hold off national militaries with unlimited resources from around the world — all day, every day.” And ironically, we are supposed to do this with limited resources. And when resources are limited, creativity plays a crucial role.
As the newly appointed Chief Information Security Officer for the State of Colorado, I realized I was not appointed to keep things running, I was appointed to break the status quo and transform how the State approaches cybersecurity. And that process began by evaluating the current security posture for the State and realizing the need for a “Whole of State” approach going forward.
Ray Yepes, Chief Information Security Officer, Office of Information Security
Tel. 832-465-2377
ray.yepes@state.co.us | www.colorado.gov/oit
