When COVID-19 reached American shores, state and local government agencies and educational organizations (SLED) had to abruptly and suddenly find a way to operate in a world with no face-to-face, in-person interaction. This forced many of them to turn to new, digital tools and applications that would enable them to work and keep agency operations up and running in a remote environment.
Two years later, most SLED agencies have finally settled in and become comfortable with their modernized workflows, systems, databases, and applications (both internal and constituent-facing). After having a pandemic-induced taste of what digital transformation could offer their database systems, SLED agencies are now turning their attention to exploring and realizing all the benefits their new technologies can deliver, as well as implementing the latest database performance monitoring solutions to manage them.
Many SLED agencies have turned to the commercial industry to find solutions to support their database performance monitoring, cybersecurity, applications, and cloud migration initiatives. Companies, like Quest Software, have designed SLED-specific solutions that can assist government agencies in managing and monitoring their large, complex databases of digital constituent data as they move their operations online. As a result, SLED agencies have been able to advance their missions forward while continuing to foster the digital transformation efforts that were spurred by the pandemic.
According to Quest’s Marketing Strategist, John Faulkner, “We, in Quest, think about data empowerment. It’s all about empowering people to access data from anywhere—no matter what the data is or what the platform is. The goal is to empower people to do their jobs.”
To learn more about how COVID-19 affected state and local government agencies’ IT operations, as well as learn how modernization is enhancing cybersecurity and boosting productivity for SLED agencies, the GovCyberHub sat down with Neil Chakrabarty, the Chief Information Officer of West Virginia’s Department of Environmental Protection.
Here is what he had to say:
GovCyberHub (GCH): Can you tell our readers a little bit about your role and responsibilities at the West Virginia Department of Environmental Protection? And what are some of the agency’s top priorities and goals?
Neil Chakrabarty: I have worked for West Virginia’s Department of Environmental Protection (WVDEP) for nearly 27 years. I began my tenure at WVDEP as a Developer. Currently, I have just entered my eighth year serving as WVDEP’s Chief Information Officer (CIO).
As for WVDEP itself, we are commissioned to enforce both state and federal environmental laws throughout West Virginia, in order to help protect our state’s air, water, and land.
GCH: What does the cybersecurity threat landscape look like for an agency like WVDEP? What are your top cybersecurity concerns and why would malicious cyber actors look to target state agencies like yours?
Neil Chakrabarty: As a state agency, we are in a subordinate role when it pertains to cybersecurity. West Virginia’s Office of Technology provides many of the cybersecurity training, processes, procedures, and controls that protect WVDEP.
“To combat these hackers WVDEP has placed great emphasis on education and controls, which are critical in order for us to be able to continue and advance our agency’s mission.” -Neil Chakrabarty
Our cybersecurity standard operating procedures (SOP) are primarily determined by federal mandates, rules, and directives. WVDEP is subject to follow the Federal Information Security Management Act (FISMA) and closely abides by the National Institute of Standards and Technology’s (NIST) SP 800-37 and 800-53 guidelines. We are also subject to the Cross-Media Electronic Reporting Rule (CROMMER), a set of rules and regulations provided by the U.S. Environmental Protection Agency.
As for our current cyber threat landscape, WVDEP’s firewalls and application firewalls experience constant attacks by malicious cyber actors who are seeking to breach our systems. They carry out their attempts via SQL injection, cookie tampering, virus file uploads, and much more. It is not uncommon for our network users to receive phishing emails, calls, and even requests on social media. To combat these hackers WVDEP has placed great emphasis on education and controls, which are critical in order for us to be able to continue and advance our agency’s mission.
The main objective of these types of cyber threats is to target and disrupt the economies of the United States, so we are a target in that most businesses require permits from us to operate.
GCH: Due to the COVID-19 pandemic, many state and local government agencies across the country were forced to quickly modernize both internal and constituent-facing services and applications. Were there any challenges with the movement from “pen and paper” processes to digital processes that WVDEP faced during this time?
Neil Chakrabarty: I have to say WVDEP was well positioned for the transition to remote work. We scaled our VPN and Citrix systems, and also moved to Google Workspace. Our staff was – and is – remarkable in their ability to shift away from our legacy processes and migrate towards more digitally transformed and modernized ways of conducting department work. In fact, adopting and implementing telework processes and procedures increased productivity within the agency.
As a result, telework is now an irreversible part of our business. We have actually reduced our physical office space. This has resulted in lower budgetary costs and increased productivity, a nice boon from COVID that is an otherwise unwelcome set of events.
“As we continue to more fully implement FISMA, NIST, and CROMERR compliance, our agency is constantly seeking out any and all proactive steps we can take when it pertains to cybersecurity.” – Neil Chakrabarty
GCH: As an agency that deals with massive amounts of constituent data and information, were there any specific database management challenges that WVDEP faced when the pandemic hit? And what are some of the innovative applications and solutions that your agency has implemented to help manage and secure its databases?
Neil Chakrabarty: We had previously implemented online systems and already had fantastic support that enabled the mission to continue without interruption.
Constituent-facing, WVDEP was the first regulatory agency to have online permit applications and is currently the largest implementation of online permit applications. In 2019, we revamped our 2002 online permit application system. We also updated the application for security and browser compatibility.
Internally, Citrix has enabled WVDEP to have our employees utilize applications in their home offices for systems that would not otherwise be online.
GCH: Are there any immediate projects and programs that WVDEP have planned related to cybersecurity?
Neil Chakrabarty: Presently, we are undergoing a multi-factor authentication (MFA) effort that will equip our applications with MFA. We are currently bidding out a contract to support our MFA transition.
As we continue to more fully implement FISMA, NIST, and CROMERR compliance, our agency is constantly seeking out any and all proactive steps we can take when it pertains to cybersecurity. Currently this means data entry and writing policy and procedures for the efforts we currently implement or need to adopt.
