Statement
from Governor Patton Regarding Transportation IT Incidents:
"We
have looked into the issues that were contained in the Auditor's report related
to the IT security incidents and inappropriate use of the internet in the
Transportation Cabinet and have determined that state government-wide policies
and procedures, put in place by the Governor's Office for Technology, were not
followed. As a result we have directed the Governor's Office for Technology to
work with officials in the Transportation Cabinet to take immediate and
appropriate steps to rectify the situation."
Statement
from Aldona Valicenti
Chief
Information Officer for the Commonwealth of Kentucky
"The Governor’s Office For Technology has worked very hard to put in
place statewide policies and practices for IT security. That includes policies
to help prevent hacking incidents and policies related to viewing pornographic
material by state workers. We’re
disappointed that those policies were not followed by the Transportation Cabinet
and that this lead to a misrepresentation of our efforts by the State
Auditor’s Office. Most of the issues identified in the Auditor's
report are related to IT management and procedures, which are the responsibility
of each state agency. They are not necessarily pure technology
issues."
"Each agency in state government, including the Transportation Cabinet, has
been delegated the responsibility to adhere to state government-wide policies
and procedures. GOT continues to work with agencies to assist them with
this endeavor. On July 21, 2003, GOT released a new Enterprise Security
Network Architecture to further improve security related to the Internet.
This new policy affects all state agencies. In addition, we are requesting
funding for the upcoming budget session that would better protect portions of
the infrastructure and create a more secure computing environment. We are
hopeful that funding will be approved."
Implementing
IT Security Changes at the Transportation Cabinet
The
Governor's Office for Technology (GOT) today is actively taking steps to
work with the Transportation Cabinet to improve IT security. Those steps
include a thorough review of IT systems and a transition
plan to bring the Transportation Cabinet into compliance with Commonwealth
enterprise architecture and standards related to IT security. In addition,
a 3rd party independent security review and assessment with a current price
contract holder will be implemented.
Governor's
Office for Technology: Infrastructure Responsibilities
The
Governor's Office for Technology is responsible for computing services,
end-user support, e-mail services, network and security services in state
government. This includes the operation of the Commonwealth's
enterprise computing environment, e-mail system, which includes 100,000 e-mail
accounts producing over 70 million messages a month and daily operation of the
Commonwealth Data Center. GOT also operates and maintains the Kentucky
Information Highway (KIH) which provides Internet, interactive video, voice and
data services to state and local government agencies in all 120 Kentucky
counties. In addition, GOT maintains support for end-users and maintains
standards for IT security, virus protection and virus prevention for state
agencies.
-30-