COLUMBIA — South Carolina is moving in the right direction on cyber-security following the massive breach at the Department of Revenue, the director of a national group of state computer chiefs said Tuesday.
Doug Robinson of the Association of State Chief Information Officers told a Senate committee that a proposed bill for centralizing state agencies’ cyber-security responsibilities contains key elements for success.
“It provides a high degree of accountability to protect the assets of the state,” he said.
He declined to rate South Carolina’s computer security prior to last fall’s cyber-attack, when a hacker stole unencrypted personal data of 6.4 million residents and businesses.
Robinson said one provision of the measure introduced last week would make South Carolina unique – though he declined to said whether that’s good or bad. No other state puts the chief information security officer in a stand-alone Cabinet agency. Colorado tried it for several years but abandoned that model in 2011, he said.
Having the state chief information officer and computer security officer in separate agencies could create coordination challenges, he said.
He gave a suggestion for the type of person for the job.
“I recommend hiring a pit bull. Someone who’s resolute, who obviously takes the position very seriously,” Robinson said, adding the state may have issues attracting that person on a state worker’s salary.