You can take steps to protect the information, the best you can. You can make the effort to get to the information so hard that only a professional, or a nation state or large scale actors can try. You can lock your door; put a dead bolt, three locks, and an alarm system on it. But a professional thief is going to get in your house. It comes down to encryption technologies or biometric technologies and the security of the data inside. The Commonwealth of Virginia uses the list-based model as we have financial data, sensitive healthcare data, the state police’s criminal justice data, and tax data. At the end of the day, technology can help in making sure you know what protections you are taking, how you audit them, and how do you know that the ‘locks’ are good.
Prime Security Concerns
The cost of developing a tool to actually cause a problem is much cheaper now. One can just go to the dark web and pay someone in bitcoins and just download the software, you don’t have to be technically savvy to do it. You can buy this weapon for $10 without having to develop it yourself. The possibility of leveraging somebody else’s tools increases the impact of those tools while reducing its cost. Instead of password getting hacked, you can have weaponized ransomware. This is what keeps me up at night. We make sure that we have highest standards and governance in every approach. The Commonwealth of Virginia uses the NIST Cybersecurity Framework, trying to be at the forefront of cybersecurity arena.