Illinois state workers will put on cyber sleuthing hats under new law
Gov. Bruce Rauner is calling on all state employees to do their part in protecting Illinois from cyber attacks, according to a recent press release.
“Cybersecurity, the protection of our digital assets and the personal information of Illinois, is one of the most important public safety issues facing our state,” Rauner said at ceremony where he signed House Bill 2371. “This is a critical time, we have terrorists we have criminals of various types and people who have ill intent using all sorts of creative approaches to gain access to our computer systems, to our personal files, to our data, to our networks of communications.”
HB2371 is a bipartisan measure that mandates that state employees receive annual training from the state’s Department of Innovation and Technology (DoIT) on cybersecurity threats and actions they can take to better protect information. Illinois is one of 15 states to put such a training program, the press release said.
“It is essential – to keep the people of Illinois safe, keep their privacy reserved – that we are at the forefront of cyber protection and cybersecurity,” Rauner said. “I’m very proud to say that, on a bipartisan basis, the members of the General Assembly came together to pass very important legislation – landmark legislation – basically requiring annual training for all state employees on cybersecurity and cyber threats to keep our data safe, to keep the people of Illinois and their families and their personal and private information safe.”
The release places the cost of training and reinforcement programs at less than $5 per person, which provides cost avoidance worth $184 per user. Rauner's office cited data from the Ponemon Institute and IBM Security that put the average cost of data breaches at $3.62 million, based on information from 419 organizations.
“One of the weaker points in most organizations across the globe is the human being," Hardik Bhatt, secretary designate and chief digital officer of the innovation department, said. "We at our homes, we get emails, we get drawn into clicking some links that we should not be and that causes a virus attack on our personal computer. In an enterprise environment, it propagates into many other networks and computers, so it is very important that our employees become our first line of defense when it comes to cybersecurity, when it comes to making sure that our environment is safe.”
HB2371 will play a key role in the State of Illinois Cybersecurity Strategy, released earlier this year, which includes objectives like reducing cyber risk and providing best-in-class cybersecurity capabilities. Under the strategy, Bhatt’s department has already begun to offer training to Illinois state employees.
According to Kirk Lonbom, the department's chief security information officer, state employees are learning how to protect themselves and the systems they work on, report suspicious activity and act quickly to limit the damage of any possible attacks.
“Already, even ahead of this legislation, DoIT … has already done security training for 47,000 of our state employees, out of the 50,000 total,” Rauner said. “So we’re well on the way for our first training exercise, and now this legislation will help us get this done every year going forward to keep the people of Illinois safe.”