Op-Ed: Cybersecurity Threats Demand a Comprehensive Solution


Advances in technology are changing nearly every aspect of our lives – including how our state government operates. Unfortunately, with every new technology, there is no shortage of criminals trying to exploit those tools for their own personal gain.

The Pennsylvania Department of Treasury alone is targeted by cyberattacks 10 million times every month. Although none of these attacks has been successful, even one momentary lapse in security could have far-reaching consequences. A successful hack could not only compromise state agency information and operations, but also threaten the sensitive personal and financial information of millions of state residents.

As Chairman of the Senate Communications and Technology Committee, I am committed to exploring every solution to not only protect against cyberattacks, but also ensure the state’s information technology assets are managed wisely.

Although we have been fortunate that no state agency has suffered any kind of catastrophic cyberattack or wide-scale data breach, state residents are still paying the price for Pennsylvania’s aging, inadequate and costly information technology (IT) systems through mismanagement due to inflated costs.

A recent audit of the state’s Unemployment Compensation Call Centers uncovered hundreds of millions of dollars in waste and mismanagement pertaining to upgrades that were never actually completed. The Department of Revenue has received special funding for IT upgrades each year for the past 18 years, and yet they still have significant needs for additional upgrades.

State government cannot treat taxpayers like an endless well of money that they can tap whenever they decide it is necessary. Providing oversight, consolidation and better planning for all of the Commonwealth’s IT systems will help ensure all of the necessary upgrades are completed at the lowest possible cost to taxpayers.

Last year, Governor Wolf took an important step toward improving IT management by issuing an Executive Order creating a new Office for Information Technology to consolidate and oversee all information technology systems and contracts of state agencies.

Last month, I joined several of my colleagues in the General Assembly in proposing legislation that would take the next steps to completely overhaul Pennsylvania’s IT systems and prepare state government for the needs and threats of the 21st Century by codifying this office into law and giving it additional powers to protect against all manner of cyber threats.

Under our legislation, the Office for Information Technology would have broad powers to bring all state agency IT system management under one roof. The office would be responsible for making sure government has all the tools it needs to protect against cyber threats, while at the same time ensuring state taxpayers get what they pay for in terms of IT upgrades.

While the office would be responsible for overseeing every agency’s IT needs and infrastructure, its role would be more than just keeping tabs on what upgrades are needed and how much money gets spent in the process.

The Office for Information Technology would also play a role in managing the procurement of IT contracts and services, setting a schedule for replacement and modification of existing infrastructure, ensuring each agency has updated disaster recovery plans, and reporting on past, present and future projects in an annual report to the General Assembly.

Pennsylvania is not in this fight alone.

Hackers are not only targeting state government. Many businesses, individuals and other government bodies face the same kind of threats on a daily basis.

Our legislation gives the Office for Information Technology the tools to keep state government one step ahead of the criminals targeting our systems by utilizing best industry standards for internet security and requiring frequent tests of state cybersecurity systems to be performed by independent organizations from outside of state government.

This approach will help ensure any gaps in our current systems can be identified and fixed before they can be exploited by criminals.

I am confident lawmakers will be able to work with the Wolf Administration to create a bipartisan solution to the threats posed to our IT systems. Over the past several months, I worked with the governor’s office to create an independent Office of Inspector General to better safeguard taxpayer dollars. This legislation takes an identical approach to that cooperative, bipartisan process, and I am hopeful we can achieve similar results.

Pennsylvanians deserve a state government that protects them both against cyberattacks and unnecessary expenses. We need to strike the proper balance between improving our cybersecurity, and ensuring the public’s trust – and money – isn’t abused.

I am confident we can accomplish both of these goals by creating a comprehensive IT oversight model that reflects the needs of state government and the dangers it faces from cybercriminals.