Cybersecurity and risk management are priorities “in front of Alaska leaders,” Chief Information Officer Bill Smith said at a national conference on cyber threats and online crime.

Speaking at the Cybersecurity Summit on Government, Alaska's top IT chief said Tuesday that senior state officials recognize the persistent threat of cyber crimes. They are focused on “What are the risk tolerance levels?” and a "continuous improvement model" at the state of Alaska, he said. 

Alaska is the target of recent large-scale cyberattacks that took court, health and social services offline. The cyberattacks were not discussed at the virtual conference. But Smith noted that state leaders have moved away from a “binary discussion on ‘Are we secure?'" 

In addition to Smith, speakers at the annual conference included FBI investigators and government cybersecurity leaders, including from the U.S. Departments of Energy and Health and Human Services, among other federal agencies. Top IT officers from Nevada, North Carolina and other states also participated. 

Alaska malware attacks

Cyber risks are a pressing concern of government agencies at all levels. In Alaska, malware attacks led security officials to secure online services at the Alaska Court System in April and at the Department of Health and Social Services a month later. 

DHSS continues to work with authorities to investigate the hack and restore systems. The breach involved Vital Records, the Background Check System and the Provider Vaccine Exchange. At the Alaska Court System, malware was discovered on servers and personal computers in April. Technicians temporarily disconnected the website and online applications to stop the breach. 

Smith said Tuesday that his office is looking at ways to shorten response cycles when problems are identified and foster collaboration between public and private agencies to share information and leverage capabilities. He said these steps enable the state to "maximize resources" and "respond more quickly to the threat of bad actors." 

A goal of the two-day virtual summit, which ends today, is to connect senior security leaders with national experts for actionable solutions on cybersecurity risks. Cisco, Yubico and other tech companies participated in the business expo at the event.

Cyber crime prevention strategies

FBI special agent Elvis Chan, speaking at a different panel discussion, encouraged government leaders to implement crime prevention strategies. He recommended adding multi-factor authentication on email accounts, deploying zero-trust architecture and installing cyber perimeters around “the crown jewels of an organization.”

“Let’s verify and then trust,” Chan said. He encouraged government officials to develop relationships with their local FBI field office involving cybersecurity risks and prevention. He advised companies and agencies to have an incident response plan that establishes policies and practices in the event of a threat or attack. 

Said Chan: “Practice it before you actually have to use it.”

Contact political reporter Linda F. Hersey at 907-459-7504.