When William “Bill” Kehoe started his current job as Washington state chief information officer this past August, he entered a gig with a plateful of problems, from cybersecurity issues to broadband equity gaps.
The Gonzaga University grad recently sat down (virtually) with GeekWire contributing editor Mike Lewis to talk about his priorities for 2022. Kehoe has years of experience managing information technology departments in state and local governments including working as CIO in Los Angeles and as King County’s information department director in Seattle.
This interview has been edited for length and clarity.
GW: The infrastructure bill, according to Sen. Patty Murray’s office, will bring a minimum of $100 million to Washington state, likely a lot more. One of the things it would fund is improving broadband access. I want to get your thoughts on broadband access in Washington state.
Kehoe: Before coming to the state of Washington, I was leading a digital equity and strategic planning exercise in L.A. County. So I have some experience in terms of what is needed to really help with the digital divide situation.
There are three pillars of the digital divide, or digital equity, that I think are really important. Broadband is one — and that’s access to the internet. That includes the last mile. Solutions for that can vary from community to community, depending on the needs.
Then the need for devices. If a household doesn’t have broadband access, they might not have devices. If they have devices, they may not understand how to utilize those devices. That’s where digital literacy and having programs available in the community also helps.
I think for broadband, our Department of Commerce will partner with us and other agencies in the state in terms of needs and I think they have some projects lined up. Then we’ll look at this kind of broader digital equity piece as well. But in terms of other uses for the (infrastructure) money, I know that we’re looking at potentially having some help around cybersecurity and our needs there.
GW: That gets to my next question regarding cybersecurity. Plenty has been written about Washington and what happened with employment security. What do you think is the problem with Washington state and cybersecurity? And secondarily, how do how do we solve it?
Kehoe: I think we’re seeing that across the country in many ways, the sophistication of fraud and attacks is growing, the phishing emails are getting more and more sophisticated and harder to harder to pick up.
One of the major problems that we’re trying to overcome is that traditionally in federated states, each agency has their own IT shop and is doing their own security controls, putting [common] tools in place. Some agencies were doing it really well, other agencies didn’t have the staff or the funding or the maturity to really handle the sophistication of the cyberattacks.
What we’re doing about it is we’ve launched a pretty aggressive enterprise security program here in the state and we’re putting services in place — endpoint security — as well as other tools and controls.
We’re really trying to turn the tables and put in an enterprise security program and also be more proactive in terms of detection, beefing up our monitoring and also remediation. I think we’re starting to put in a good foundation. There’s a lot more work that we’re going to have to do.
GW: When your security chief took a look at this particular data breach, what was that actual analysis? Was there something fundamentally wrong from the state? Or was it just one of those unexpected super sophisticated attacks that really was difficult to prevent in any way?
Kehoe: Again, I don’t have the specific details on that. But I can tell you that what I’ve heard and the investigations that I have done. It did happen quickly in terms of trying to figure out the problem with our security office and the agency working together. But with any breach like this, or any incident, you have to make sure that you understand the problem as well.
There’s some analysis that needs to occur. But from all the information I’ve gathered, people were really focused on this full time. We worked as a community to investigate the problem, put additional controls in place, and that’s always the case, right? I think they did a good job in really focusing on that and making sure they understood the problem. The system owners put the controls in place as quickly as they could to prevent any further incidents.
GW: From a computer security standpoint, is this something the state outsources or is this something that the state does in-house or is it a mixture of both?
Kehoe: The tools are coming from private industry and security organizations. We have a mixture of outside organizations that are assisting us in the monitoring and detection. We also have staff within our office of cybersecurity who work with those outside vendors as well. So we have both. But in terms of the platforms and the tools, those are things that we procure via contract and subscription from outside organizations, security organizations. So it’s more of a hybrid type of environment.
GW: According to the governor — and according to you — what is your job as chief information officer? What should you be on point about regarding all of this?
Kehoe: I need to provide leadership to the agencies around this movement toward enterprise services, and to ensure that these services are working well, that they have a high degree of excellence and quality and that we’re moving toward that proactive security posture that I was talking about. It is a big responsibility. The governor made [me] very aware during my process of coming into the position, that security is a high expectation. The [state] security officer reports to me. We’re working with all the agencies in moving toward this enterprise security services and program.
GW: Is it surprising to you that the employment security hack happened in a state that has a lot of technology talent? There’s been some criticism in the technology community that Washington state, while having enormous amounts of talent, does not do technology very well. How would you respond to that?
Kehoe: I think we do have talent. There’s been a lot of attention paid to existing legacy systems and maintaining those. One of my initiatives here is to really create more of an innovative culture in Washington state, where we can approach projects in more of an agile way and that we have funding mechanisms in place to provide for high-impact but low-timeframe projects. There’s tremendous opportunity for us to change that culture and move into more of an innovative mindset, so that we can move faster on some of these projects. But that’s a culture shift. And I did hear and see some amazing things go on during COVID that happened very fast terms of putting up quick applications.
GW: Give me an example of that. What did you see that impressed you specifically?
Kehoe: I saw information going out to the public around COVID [such as] available hospital beds. Also contact-tracing type information, where the outbreaks were and where we had hotspots. All really important information, as well as where [residents] could get tested. And then information around vaccines. That was all really important. And that happened really fast here.
And then in terms of the vaccine, the verification of vaccine that came together fairly quickly. Our health agencies worked with private industry to make that happen. We utilized some common open source code from California that Oregon utilized as well. That’s going to give us confidence to look and see how we can apply that in other areas.
GW: Still happy you took the job?
Kehoe: Oh, absolutely. It’s my home state so I’m returning to where I started and applying all the lessons learned from King County and L.A. County and bringing it back. I’m really enjoying the people here. I’m hoping we can make a make a difference and put the state on a good path.
Conclusion: So above is the Interview: Washington state CIO Invoice Kehoe on infrastructure, cybersecurity and extra article. Hopefully with this article you can help you in life, always follow and read our good articles on the website: Doshared.com