JOINT RELEASE: Governor and OMES comment on cybersecurity

-- NEWS RELEASE --

For Immediate Release

PRESTON L. DOERFLINGER
Secretary
Finance, Administration
and Information Technology

MARY FALLIN
Governor

Feb. 14, 2017

Governor and OMES on cybersecurity incident

Unification essential in preventing cybersecurity attacks

OKLAHOMA CITY Gov. Mary Fallin and the Oklahoma Office of Management and Enterprise Services are offering the following information regarding a cyberattack against a state agency that was referenced last week during a House Government Modernization Committee meeting.

The agency referenced did not pay a ransom as a result of the cyber incident, an investigation by Oklahoma CyberCommand, an arm of OMES Information Services, confirmed today.

The incident in question was a ransomware attack on an agency that had not had its information technology unified under HB 1304 passed in 2011. The fact that the incident even brought about the consideration of paying a ransom shows the importance of IT unification.

“This incident further illustrates how essential IT unification has been in protecting our state’s technological infrastructure,” Fallin said. “The importance of state agencies unifying their IT with OMES to have the best cybersecurity available cannot be understated. “

Unification allows agencies to have the updated resources of Oklahoma CyberCommand that quickly detect and prevent ransomware attacks, said Oklahoma CyberCommand Director Mark Gower.

“CyberCommand has created a specific set of technical and response capabilities for dealing with an increase in ransomware attacks that can encrypt state computers and make them inaccessible until ransom has been paid,” Gower said. “Not a single unified state agency has been forced to pay ransom. Nonunified agencies don’t have access to the same levels of services through CyberCommand and can therefore be more vulnerable.”

In 2016, CyberCommand successfully responded to about 32,000 cases of unique malware, about 750 instances of malicious activity, nearly 400 occasions of unauthorized access and two denial-of-service attacks. The state's ongoing information technology unification efforts and the OMES Security Operations Center can identify and respond quickly 24/7 to cyberattacks. Nonunified agencies are responsible for their own cybersecurity and typically don’t have the same updated resources available through Oklahoma CyberCommand.

“This just validates that unification efforts are proving to be successful on this front in addition to saving Oklahomans millions of dollars,” said Secretary of Finance, Administration and Information Technology Preston L. Doerflinger, who is the director of OMES.

“Any calls to unwind the mandated unification of state agencies or exempt certain state agencies from the unification process are misguided and motivated by something other than the best interests of the State of Oklahoma,” Doerflinger said. “Further, as this incident shows, those misguided efforts could expose the private information of Oklahomans to greater chances of falling into the wrong hands.”

To date, 58 of 78 legislatively mandated agencies have unified their information technology with OMES. Another 31 agencies have voluntarily unified their IT with OMES. The remaining 20 legislatively mandated agencies are expected to be unified with OMES by the end of the fiscal year. Unifying IT services has not only resulted in a combined reduced spending and projected savings of about $129 million, but also provides better access to security resources, said Oklahoma Chief Information Officer Bo Reese.

“The state continues to have cyber threats, and the services unified agencies have afford greater protections than agencies that have not yet consolidated,” Reese said.

At this time, no further details of the referenced incident are available for release as it could compromise the cybersecurity of the agency in question and possibly other agencies.


Media Contact

MICHAEL BAKER
Director of Public Affairs
(405) 522-4265 | michael.baker@omes.ok.gov


OMES 'O' Logo

About the Office of Management and Enterprise Services

The Office of Management and Enterprise Services provides financial, property, purchasing, human resources and information technology services to all state agencies, and assists the Governor’s Office on budgetary policy matters. Our mission: Supporting our partners through unified business services. For more information, visit OMES.OK.gov.