OGDEN - State databases are under assault from hackers, with as many as 350 million attacks in a single day, but sensitive information about state residents is as safe as security people know how to make it, the head of the state's Department of Technology Services said Friday.
Mark VanOrden, who heads the DTS, made a presentation to state lawmakers during a legislative committee meeting held at Stewart Stadium, outlining measures his department is taking to protect state databases. He said the department has implemented a number of security measures to continually assess the safety of databases. He said hacks on the state system number in the millions daily, with 350 million in a single day in July of this year.
VanOrden said there is no question state databases are more secure today than they were in 2012 when hackers were able to breach a state database with personal information on 780,000 Utahns including the social security numbers of 280,000 residents. But he said the evolution of technology poses new challenges -- especially in regard to mobile devices.
Tim Hastings, chief information and security officer for DTA, said the agency has established a security operations team that looks at all attacks coming into the state system, but he said the department has also put a number of automated routines and tools in place to actively keep tabs on databases.
Since the breach 18 months ago, Hastings said the DTS has changed its strategy of protecting the network perimeter. He said security officials have built layers of protection around sensitive data.
One other key move, according to VanOrden, has been consolidating the location of state databases. He said the state used to have 30 major databases in different locations. He said there are now only two data centers, one near the Capitol, and one located in Richfield. Those centers support 1,100 applications.
Besides a technical approach to security, VanOrden told lawmakers the DTS has also established its own security council, with directors from several agencies, and a representative from the governor's office meeting regularly to access security measures.
Stephanie Weiss, a spokesperson for the DTS, said later Friday the hackers are not coming from any area of the world, like Russia or China. She described the attacks as being global in nature, with many of them coming from within the United States. She said the department employs a geo-blocking system for intrusions from select areas of the globe.
Weiss also said the state agency works in collaboration with the federal government, including the FBI, in sharing intelligence on potential cyber threats.
Sen. Kevin Van Tassell, R-Vernal, expressed concerns about the success of the state agency in protecting sensitive information. He pressed VanOrden about how different state agencies might be reacting to efforts to tighten potential loopholes in access to the state system.
"In today's world in what's going on with the national mining of data there should not be opportunities for the agency to choose. If we have a data breach and you can't defend what you've done, someone has to be responsible," Van Tassell said.
Van Tassell also asked VanOrden if state systems are safer today than they have been.
"Absolutely. I can say that without equivocation," VanOrden said.
Rep. Gage Froerer, R-Huntsville, asked VanOrden if there was any direct correlation to the data breach in 2011 and fraudulent activity for residents with their information being inappropriately used. VanOrden said there were four people in the database of 280,000 who had a breach, but he said there was no correlation to the problems for those four and the original breach.