http://kennebecjournal.mainetoday.com/news/local/2383457.shtml By SUSAN M. COVER Staff Writer January 31, 2006 AUGUSTA -- The state is taking steps to limit access to critical computer systems in response to a report that showed deficiencies in security. The Office of Program Evaluation and Government Accountability released a report Monday that revealed weaknesses in the way the state runs its computer systems. Part of the report, which was given to lawmakers and others in a closed session last month, indicated that the state needs to make sure only those who have proper credentials can get access to critical information. However, the state system was not affected by hackers who tapped into Rhode Island's state Web site and got access to credit card numbers, said Richard Thompson, chief information officer for the state. The company that manages the Rhode Island site also works for the Maine government Web site. The breach, which occurred in December, was made public Friday. Thompson said he had staff working all weekend, but they did not find any record that Maine's site had been illegally accessed. "We are convinced, at least as of today, we are in good shape," he said. Rep. A. David Trahan, R-Waldoboro, said he's heard from people who are concerned about the security of state computer systems. "The urgency of this is greater now because of what just happened," he said. A review of state computer security procedures conducted by Jefferson Wells International found that "system access controls do not measure up to industry standards." Also, the state has not adequately put in writing what steps it would take if a major computer system fails or if offices could not be used because of a terrorist threat, according to the report. Thompson, who is in the process of reorganizing how state agencies purchase and manage computer systems, said at least some of the criticism is due to a lack of paperwork. "The weaknesses Jefferson Wells identified was, 'We can't tell you what we've got' ," he said. "It wasn't that we didn't have enough security." Other parts of the report detailed a piecemeal approach in state government when it comes to purchasing new computers. State agencies, often using federal government money, move ahead on an individual basis without consulting other agencies. And although Thompson is in charge of the executive branch computer systems, he does not have jurisdiction over the Legislature or judicial branch. Also, it's difficult for the program evaluation office to find out how much is being spent on computers and computer software because it is scattered throughout state government, said Beth Ashcroft, director of the evaluation office. "The goal here from (the program evaluation office) perspective is to shine a light on information technology and how it's being managed," she said. "Right now, there's no good way to get a handle on that." Another inefficiency is that it's hard to combine data from different agencies and some data is duplicated in several systems, she said. The program evaluation oversight committee, which is made up of 12 legislators, will meet again to discuss what action it can take to address some of the concerns in the report. Copyright © 2005 Blethen Maine Newspapers Inc. _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Feb 01 2006 - 04:28:20 PST