The Increasing Relevance Of Cybersecurity In The Government Sector

Behzad Zamanian, CIO, Washoe County Technology Services

Behzad Zamanian, CIO, Washoe County Technology Services

Behzad Zamanian is the CIO of Washoe County Technology Services, a critical position that oversees the digital security and technology infrastructure of Washoe County. Prior to joining the organization, Zamanian served as CIO at the City of Huntington Beach. He has over 25 years of demonstrated experience in the information technology field and is certified as a CGCIO (Certified Government Chief Information Officer) by Rutgers School of Public Affairs and Administration and Public Technology Institute.

In an interview with Government CIO Outlook magazine, Zamanian talks about how having a sound technology plan along a comprehensive cybersecurity roadmap and nurturing partnerships with cybersecurity organizations can help the latter improve its cybersecurity infrastructure.

What, according to you, are some of the challenges that govt. entities face when it comes to cybersecurity?

Connected everything, online services, 3^rd party applications, remote work, and ultimately, undefined network parameters are just among some of the things that pose many cybersecurity challenges to government agencies. One example is connected everything also known as the Internet of Things (IoT) in which agency assets become a part of a bigger network that promises to deliver added value, enhanced capabilities, and streamlined processes targeting citizens, businesses and community partners. Such promising technologies also expose mission critical government infrastructure to cybersecurity threats. Moreover, the issue is not unique to the government, as almost every industry is more or less struggling with it. The more we connect ourselves to the digital world, the greater our vulnerability is. To prevent this, industries must have good cybersecurity infrastructure in place. However, for most government agencies, the lack of proper resources and planning often blocks the way towards attaining sound cybersecurity.

Over the last decade, the concept of cybersecurity has drastically changed for every agency including Washoe County. There used to be a time when an IT team used to take care of cybersecurity by doing a few things, installing virus software with some security measures. Talking about today, the government world is driven by digital technologies, which means we have countless applications and devices to take care of. Now, we need to employ teams of cybersecurity experts responsible for providing security to the County employees and citizens. In addition to that, we must partner with cybersecurity firms as well as other government agencies that can help with additional cybersecurity resources.

Could you throw more light on how you enable Washoe County in enhancing its cybersecurity infrastructure?

We are living in extraordinary times and witnessing the fourth industrial revolution unfolding in front of our eyes as the Covid-19 pandemic, unlike any other force, accelerating the rapid change to technology, industries, and societal patterns and processes. During this shift, those government agencies succeed that reengineer their technology planning and regulatory approach. More than ever, we need to understand roadblocks and develop a comprehensive technology roadmap.

Organizations often seek consultants to develop a robust technology plan. In this process, consulting firms send their experts to interview the organizations’ employees to understand the roadblocks present in their infrastructure and recommend solutions. In an effort to ensure better alignment of the plan with the County strategic objectives, I decided to architect the plan so we identified a series of inputs such as stakeholder interviews, user surveys, industry trends, risk assessment and then through a series of collaborative analysis of the collected data and in alignment with the County strategic objectives, we developed the Washoe County Technology Plan made of a series of strategic actions and clear projects with timelines. It's important to note that we looked at all the projects that were undergoing throughout the organization and categorized them under strategic actions to make sure that whatever we do subsequently as part of the technology and cybersecurity planning process was aligned with the overall objectives of the county. As a result, we focused on the highest priority projects as a way to scale up IT efforts.

At the highest level, the Tech Plan identified Cybersecurity as one of the top 3 strategic objectives. We are now in the process of finalizing our cybersecurity plan by aligning our projects and objectives with security functions such as Identify, Detect, Protect, Respond, Recover, and Programs. In order to do so, we identified several strategic actions under each security functions followed by a list of projects associated with each strategic actions. This process ensures that we have identified all aspects of cybersecurity from identifying a threat to response and recovery in case of an attack. As part of that process, we developed a comprehensive series of controls by following the CIS framework and ranked our measures. In addition to having over a hundred firewalls, comprehensive layered security model and dedicated cybersecurity team, we also have developed additional programs such as hiring a managed service provider to monitor our networks. We are also partnering with other agencies such as Cybersecurity and Infrastructure Security Agency (CISA) and Nevada Office of Cyber Defense to take advantage of free Cybersecurity resources.

Please walk us through the leadership strategy that helps you align with Washoe County’s objectives.

My leadership strategy is primarily about defining priorities and aligning IT goals with Washoe County’s strategic objectives. In doing so, I base my IT Governance on partnership at all levels of the organization. Partnering with departments, vendors, regional agencies, businesses and the community. The way I see it, as long as I’m able to partner with County departments, I have automatically aligned IT goals with the County’s objectives. For example, if “public safety” is one of the County’s strategic objectives, as long as I can partner with public safety departments and address their technology needs, I have automatically aligned part of my goals with some of the County’s strategic objective.

Another strategy I vouch for is the regionalization of services. Washoe County’s vision is to become the social, economic and policy leadership force in Nevada. To be that leadership force, we need to lead and expand technology regionally through a series of regional initiatives. For example, we are leading several regional technology initiatives such as partnering with other organizations to implement broadband for unserved and underserved communities, implementing a regional permit and licensing system, and implementing a regional public safety system to reduce the response time to public safety requests. In the government sector, the resources are greatly limited, making regional initiatives extremely beneficial in improving our services and response to the community needs.

“Digital transformation is not complete for any organization until they successfully bring their people, technology, and processes together in a secure space.”

How do you envision the future of cybersecurity in the government space?

In my opinion the future of cybersecurity in general will center around Artificial Intelligence (AI). Hackers will continue to be more sophisticated, using new methods and tools to gain access to private information while technology will continue to evolve, providing hackers with an even larger attack target and more vulnerabilities to exploit. We will continue to see increase in the adoption of cloud services which means even more exposure to threats and bad actors. Therefore, I see AI to be the catalyst in the war between bad and good actors.

As it relates to government technology, there was a time when government was on the bleeding edge of technology and private sector benefited from government research. Private sector quickly realized the benefits of technology and started to take the lead and since then government agencies have been behind the curve. I think government will continue to adopt more cloud applications and connected everything (IoT) solutions; therefore cybersecurity will become even more important and we have no choice other than investing heavily in cybersecurity space. I can also see the need for more privacy that will force government into building privacy regulation and establishing data publishing/sharing compliance requirements.

The pandemic has undoubtedly accelerated digital transformation. Today, businesses truly understand how technology is significant in improving their business operations and processes. Still, digital transformation is not complete for any organization until they successfully bring their people, processes, and technology on the same page in a cybersecure environment. That can only happen by making employees and leadership digitally fluent or tech-savvy and develop a rich cybersecurity culture. Ultimately, government leaders must embrace and invest a lot more in technology and cybersecurity, and above all, view technology and cybersecurity as an enabler to shape the future, starting today.