Oklahoma Revamps Cybersecurity to Fight Fire with Fire
 

With government agencies under siege by cyber attackers, Oklahoma is one state that’s aggressively pushing back. Its response: an overhauled cybersecurity infrastructure, a significantly expanded security team and a growing collaboration with a wide range of peers facing similar challenges. 

Governments have proved to be irresistible targets for cyberattacks because of their extensive databases of personal information on citizens, their control over vital services and infrastructure, and their often outdated IT and security systems. In a recent Mimecast survey, for example, nearly 85% of U.S. public sector security professionals said ransomware had impacted their operations in 2021.

To turn the tide in Oklahoma, the state’s Office of Management and Enterprise Services (OMES) appointed Matt Singleton as its first chief information security officer in 2019. The timing was good; the start of the pandemic in 2020 forced  fundamental changes to the way the state government operated — with suddenly remote workers delivering new and critical services to affected citizens who could only access them online. 

The state is now almost three years into an overhaul of its cybersecurity infrastructure. OMES Cyber Command has put the basic systems in place to “serve and protect” an attack surface of over 30,000 state employees in dozens of state agencies that serve nearly 4 million citizens in coordination with hundreds of cities, towns, school districts and other local government counterparts.[1] 

At this point, OMES Cyber Command is holding its own against an average of 61.5 million cybersecurity-related events each day. What was once a small, underequipped department working manually can now stand strong against these threats and focus on more strategic objectives.

As cyberthreats continue to grow and change, one such objective is to keep maturing the foundation OMES Cyber Command has built to preserve security in support of a productive, hybrid workforce and open access to government services. Its other aim is to create a collaborative network with local municipalities, businesses and surrounding states that face similar challenges.

Building Oklahoma’s Cyber Command

OMES Cyber Command leaders have embraced the maxim that cybersecurity requires a strategic deployment of people, technology and processes. Its security transformation has included:

• People: In less than three years, the security team has grown from 14 to about 80 full-time employees who are organized, like a football team, into offense, defense and special teams. While an offensive player might be threat hunting, for example, a defensive team member might work on engineering network protections, and someone on a special team might focus on data privacy. The other people factor, of course, is the need to address employee security awareness to minimize the human errors at the heart of so many cyberattacks. OMES Cyber Command has instituted employee training and the means to measure its effectiveness.
• Technology: OMES Cyber Command’s overhaul prioritized email, reflecting the fact that over 90% of security breaches start with a malicious link, infected attachment or other email-borne exploit. Specific email defenses include secure email gateways that combine policies with detection engines and intelligence feeds to block attacks; anti-spoofing techniques rooted in the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol; and other tools that automate security. OMES Cyber Command leaders say that their implementation has dramatically decreased the number of IT tickets related to spam, malware and fraud. Email systems are integrated into a larger security ecosystem that includes endpoint detection tools, virtual private network (VPN) encryption and other defenses.[2]   
• Processes: Oklahoma’s state government is moving toward a zero-trust architecture, in which no individual or device is trusted without verification, whether inside or outside an agency. Automation and integration have freed up much of OMES Cyber Command to focus more on this and other strategic goals. Automation means the end of manually building custom rules and filters and applying them across email gateways, for example, or manually verifying whether suspicious emails are actually malicious. Integration means that each security tool deployed has been chosen for its ability to work seamlessly with the others in OMES Cyber Command’s ecosystem. 

“That allows us to focus on actual threats instead of fixing interconnection errors from applications that don’t talk to each other,” said John Tipsword, OMES’ manager of cyber defense operations. “We can focus on the work, not the tools.”

Building Strength Through Collaboration

Another maxim OMES Cyber Command has embraced  is that “cybersecurity is a team sport now,” said Chance Grubb, Cyber Command senior staff officer and OK-ISAC lead. “Bad guys are always working together, so why can’t the good guys work together?”

This team spirit spurred the state government in late 2020 to launch the Oklahoma Information Sharing and Analysis Center (OK-ISAC), a threat-sharing community of private and public sector members.[3] OMES Cyber Command leaders say they stand ready to help any organization in Oklahoma that is breached. Meanwhile, OK-ISAC is also helping to raise cybersecurity knowledge levels, strategic planning and real-time response capabilities statewide.

In addition, OMES Cyber Command is collaborating with governments and threat-sharing communities in surrounding states, exchanging threat intel, best practices and lessons learned. Running in the background on its email security platform is a threat intelligence feed that Mimecast constantly updates from across states and beyond. If California gets attacked by a previously unknown exploit, for example, Oklahoma can see it in near-real time and begin planning its defense.  

The Bottom Line

Oklahoma is among the many states buffeted by cyberattacks, but it is taking aggressive steps to ensure a highly secure, productive and citizen-friendly state government profile. Its strategy has involved overhauling its Cyber Command with significant improvements to its people, technology and processes. Another key move is a collaboration across Oklahoma and beyond to build cybersecurity strength in numbers.

[1] “Oklahoma OMES Cyber Command,” Oklahoma Office of Management & Enterprise Services

[2] “State of Oklahoma Deploys CrowdStrike to Defend Thousands of Endpoints Against Daily Threats,” CrowdStrike

[3] “Event Recap: Inaugural OK-ISAC Symposium,” Oklahoma Office of Management & Enterprise Services