This year I have witnessed the quickest deployment and implementation of a major state governmental process that I have ever seen. I think this success provides the ideal state counterpart example to the shortcomings demonstrated by the federal HealthCare.gov website.
In years past, hundreds of thousands of electronic government records containing the personal data of Oklahoma taxpayers were lost or stolen. Following these failures, state legislators advanced a plan whereby the information technology operations of Oklahoma’s many state government agencies would be consolidated. There were two primary reasons given for the consolidation; the first was cost savings and the second was security. We felt that if the resources of the agencies were combined, the capabilities would be greatly improved. It simply didn’t make sense for each agency to segregate and silo resources into security operations that obviously were not working.
Earlier this year, the consolidated IT operation launched its security operation center. Amazingly, the SOC’s deployment occurred just two months after its specifics were envisioned.
State government networks are under frequent attack from foreign and domestic enemies who would seek to steal government information. In the past, security resources were divided among the countless state agencies. There was likely very little real-time monitoring, and by the time an intrusion was detected, any compromised data would have been long gone. In fact, the intrusion may not have ever been detected because IT officials would have been forced to pick and choose from thousands of interactions just to figure out what to audit.
Now all of this has changed. Oklahoma’s new consolidated IT operation developed a minimal cost in-house solution that integrates security reporting capabilities from multiple software programs. This allows SOC to provide 24-7 real-time monitoring. When a significant intrusion attempt occurs, an alarm signals to warn the monitoring officials. The details of the intrusion appear on big screens within the SOC for all to see. In the past, it might have been days before IT officials would have seen the intrusion attempt. Now they see it as it happens.
This new operation appears to be unlike any other in the nation. Oklahoma IT employees have now become a leading identifier of those parties who are attacking government systems. This valuable intelligence is distributed nationwide so that other government officials can quickly identify attacks on their systems. This has significant national security implications because American government networks are constantly under attack from foreign nations.
There are numerous other benefits to this monitoring. For example, these systems track use of state government computers and their online interactions. They quickly aggregate data like the sites that are visited by government employees. This allows IT employees to notice if state computers have been compromised. Interestingly, the aggregated stats also show that many of the most utilized web-based applications appear not to be work-related and have not escaped the notice of legislators. This could have helpful implications as we strive for efficiencies within state agencies. More on that later.
I have been accustomed to the painstakingly slow process by which new government processes are deployed. The SOC deployment is an amazing exception to this rule. I believe it represents an excellent example of the changing culture brought about by IT consolidation and the state officials who are charged with making it happen. It hasn’t always been easy, but a new culture of effectiveness and efficiency is starting to produce tangible results.
REP. JASON MURPHEY, R-Guthrie, represents House District 31, which encompasses all of Logan County and a portion of northern Edmond. He may be reached via email at firstname.lastname@example.org.