The Public Eye with Eric Chabrow

Politician Feels People's Pain over Breach

Governor's State of the State Address Zeros in on Cybersecurity
Politician Feels People's Pain over Breach

President Obama devoted one sentence to cybersecurity when he delivered his State of the Union address last year:

See Also: Webinar | Mythbusting MDR

"To stay one step ahead of our adversaries, I have already sent this Congress legislation that will secure our country from the growing danger of cyber-threats."

Those 26 out of 7,200 words encouraged Obama's cybersecurity agenda supporters, who said the mere fact that he mentioned cybersecurity in a major address proved significant, demonstrating the president's commitment to strengthen the government's and nation's cyber-defense [see The State of the Union's Cybersecurity].

Still, Congress failed to enact major cybersecurity legislation last year.

Fast forward 51 weeks and nearly 500 miles to the south to the State House in Columbia, S.C., where Gov. Nikki Haley delivered her State of the State address to lawmakers. Haley devoted nearly 10 percent of her Jan. 16 speech - 665 words - to cybersecurity.

It's rare for a government chief executive to commit that much time on any one issue in such a speech, let alone cybersecurity. But it's understandable in the Palmetto State. The cyber-threat to individual South Carolinians, unlike most other Americans, is real and has significant political consequences. A stolen state employee password allowed a hacker to breach the South Carolina tax system last year, resulting in the exposure of personally identifiable information of nearly 4 million individual and 700,000 business tax filers [see Stolen Password Led to South Carolina Tax Breach]. The state has borrowed $20.1 million to cover the cost of the breach [see $20 Million Loan to Cover Breach Costs].

Political Need to Act

Haley, who's up for re-election next year, can't afford politically not to address cybersecurity head-on. And, neither could her audience of lawmakers, who launched investigations into the breach and likely will come up with legislation to address security weaknesses in the state's IT systems.

"There is no question that what happened at the Department of Revenue was a jolt to all of us," Haley said in her address. "My pledge to the people of our state is that as with all crises, all challenges, we will do everything in our power to come out the other side stronger than before."

Much of the portion of the speech focusing on IT security dealt with steps already taken by her administration to shore up cyber-defenses since the breach, including the encryption of all personal and sensitive data and implementation of two-factor authentication for employees at the Department of Revenue, which runs the tax IT system.

Haley acknowledged that the state should have done better to protect the private information of its citizens and promised to do better in the future.

'No Such Thing as Absolute Security'

"That does not mean that we will be 100 percent protected," the governor said. "The toughest lesson I have learned is that in today's world there is no such thing as absolute security. That is true for conventional terrorism and homeland security threats, and it is true for cyberterrorism and cybersecurity threats. It's a hard reality, but reality nonetheless."

Getting politicians to act often takes a horrible event. The Obama administration issued 23 executive orders and a legislative package on gun violence, and the New York Legislature toughened its gun control laws a month after the horrid assault on the Sandy Hook Elementary School in Newtown, Conn. But nearly a half-year after the Obama administration began discussing the issuance of a cybersecurity executive order to promote better IT security standards for key systems, it has not been issued. One (but not the only) reason for inaction by the administration and Congress on cybersecurity initiatives is the lack of public demand for it.

Americans intellectually understand the threat cyber poses, but they don't yet feel it in their gut. Millions of South Carolinians are suffering the consequences of weak cyber-defenses, and that's why their governmental leaders are taking action.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.