Oklahoma Cyber Command never rests.
“Eeeeeee! Eeeeeee! Eeeeeee!” The siren blares.
Alert: Level 10.
A text message summons members of the State of Oklahoma Cybersecurity Emergency Response Team.
The threat is identified. Malware has been spreading onto state computers through an advertisement on a major news website.
The team immediately responds by blocking the site from displaying on state computers, identifies who may have been exposed and removes all traces of the potential problem.
Less than two hours have elapsed since the initial alarm.
“Previously it would have taken weeks for the same level of security response,” said Mark Gower, Oklahoma’s chief information security officer and director of Cyber Command.
The previous time of which Gower spoke was before the Oklahoma Legislature mandated statewide information technology unification.
“Before unification, every agency was responsible for its own security. They had their own firewalls in place and their own anti-virus for malware,” said state Chief Information Officer Bo Reese. “Now with unification, we can actually see in real time and they can respond extremely quickly.”
Always Under Attack
With the state’s data running through the servers in the main Information Services building, Gower’s team has also set up shop there, always on the lookout for the next hacker or malware attack.
There are about 11,000 cyberincidents involving the state government’s data every week. At any given time, 53 percent of the systems monitored by Cyber Command are under attack.
“It’s really national and global in its scope,” Gower said. A large Cyber Command monitor shows the extent of the attacks on a real-time map, with red arcing lines jumping oceans and landing in Oklahoma.
It’s part of an effort that synthesizes several data sources to determine the actual threat level. Each incident is cross-referenced with social media posts, federal data and other sources. Incidents are then rated on a 1-to-10 scale, with 10 being the most severe. Of the weekly incidents, about 3,000 are serious enough to require follow-up.
Attacks will always happen. The real goal is making sure the data doesn’t leave Oklahoma’s systems.
“You can’t keep every bad actor from gaining access to a system. That’s impossible, today,” Reese said. “But being able to respond quickly and keep the data from leaving the state’s control is what’s so important.”
To date, Oklahoma Cyber Command and Information Services have been successful.
Government computer networks are continually under attack because of the amount of personal data they contain, from Social Security numbers and birth dates to addresses. Hackers are always looking for the big score. The U.S. Office of Personnel Management demonstrated the damage that could be done when they disclosed in July that hackers had gained access to their systems and the sensitive information of 21.5 million people. Social Security numbers of current and former federal workers, contractors, friends and family were all exposed to what some officials believe were Chinese hackers.
Cases like that keep Gower’s team always on alert.
“It’s incumbent upon us to protect the data of the citizens of the State of Oklahoma and protect the government,” Gower said. “We are doing something for the constituency of the State of Oklahoma.”
Gower and his team are quick to respond to threats, realizing the trust put in them to protect Oklahomans’ personal information. The CyberWarn system Gower and his team have created has been active for about two years, but their approach is always evolving.
The hackers aren’t sitting back and using obsolete technology and methods. Cyber Command is meeting innovation with innovation.
“I think the Oklahoma citizens can be proud of what we’ve built here,” Gower said. “Our motto is the State of Oklahoma Cyber Command is ever vigilant. We can never just sit back and rest. We’re always moving forward.”