DENVER (CBS4) – State lawmakers say Colorado isn’t doing enough to protect confidential government information, but a new bill could change that.

There are reportedly six to eight million attempts every day to hack state offices.

(credit: CBS4)

“They’re looking for you private, personal information. They’re looking for state records,” said State Senator Kent Lambert (R) of Colorado Springs.

CO State Sen. Kent Lambert (R) (credit: CBS4)

“Some of them may want to get into your health records, some may want to get into your voting records. So we need a comprehensive look across all of our departments at how we protect that data, how we handle the data more efficiently,” said Lambert.

To prevent beaches, lawmakers introduced legislation aimed at improving the security of state data to prevent cyber attacks.

It would direct $250,000 toward the development of cutting-edge encryption technology.

Lawmakers say the encryption technology would become a model for other states.

The bill has bi-partisan support, and passed its first committee on Wednesday.

  1. Focusing on one thing, which in this case, encryption, is limiting. For one thing there are very good encryption standards out there already. So good in fact that the NSA, CIA and other alphabet agencies want to put back doors on these systems. The danger here is that with a government approach to developing encryption, rather than from the private sector, such as RSA and others, could very well be to put in back doors of one sort or another. Rather the government systems should focus on a layered approach which includes education and training for all employees about cyber security. Most exploits occur because an employee inside the organization clicks on a link that does bad things to the network and or the data stored within the network. All the security, including encryption won’t help in that case. The layered approach includes an outward facing firewall, intrusion detection and prevention systems, technology for authenticating and authorizing users, internal firewall, access controls limiting access to resources only to those who need access, and finally the users themselves.

    Allen Gordon, Ph.D., CISSP
    Randori-Consulting, LLC

Leave a Reply