South Carolina exploring different cybersecurity plans

are entries into a computer system only a hacker may know about.

Kellerman is also concerned about the use of passwords and said the mentioning of passwords in the list “is ridiculous given that they have suffered a breach at this level.”

“They should move to two-factor authentication, which has always been a standard,” Kellerman said. “It blows my mind after a breach like this why they are still using passwords.”

Valerie King, a cybersecurity professor at the University of Maryland University Center, thinks the measures are a good sign of things to come.

“I think it is a good start and for a short-term fix, it will work,” King said of the eleven steps for agencies. “There are a few things that should also be addressed immediately or clarified.”

One of those factors that King feels should be clarified is the anti-virus recommendations.

“Are they saying that no changes are permitted?” King toldGreenvilleonline. “That is not a best practice. Best practices for anti-virus are: (a) ensure that anti-virus software is installed and up to date on all machines (desktop and server); (b) ensure that anti-virus definitions are up to date and are updated automatically; (c) ensure that anti-virus software is running continuously (can’t be turned off by users).

“But to me, the bigger issue is what are they going to do in the long run?” King asked. “I hope they initiated an investigation into this, both the incident and about their systems.”

Robert Rodriguez, who worked for the secret service for twenty-two years, is skeptical on whether the state is truly committed to strengthening their computer systems.

 “It’s easy for them to Monday-night quarterback,” Rodriguez told Greenvilleonline. “But if they’re not going to give them the leadership and the infrastructure support and the financial support, the manpower, they are in trouble. That’s the real question.”

Rodriguez said the fixes are “absolutely going to cost money and I wonder if they have the budget to do this.”

“You’ve got to walk the talk,” Rodriguez said. “They are going to have to hire more people. They are going to have to hire contractors. They are going to have to buy technology. And that costs money. And they need to make it a priority. They are an example right now of a major state breach.”

Haley told Greenvilleonline that she wants to bring in a private consultant to help develop a cybersecurity plan for the state, and believes that the legislature will have no problem spending the money that it will cost to increase South Carolina’s cybersecurity.

Rodriguez feels that state officials will have to work hard and commit to keep private information from falling into the wrong hands.

“It’s almost like states, governments and businesses, they’re just hoping it doesn’t happen to them and it happens to the other guy,” Rodriguez said. “It’s about risk and how they prioritize risk relative to cyber security. It all comes down to one word, trust. In the state’s case, it’s a little different because citizens are part of the system, so they have to give that personal data up. But they have to have confidence that the state is going to protect that data.”