Your browser does not support JavaScript!

Network News

March 2020
Volume 16, Number 15

From the CIO

CIO Nelson Moe
CIO Nelson Moe
As we approach the end of the first quarter of 2020, I am compelled to note what a busy year we have already had in the information security world. Cyberwarfare by Iran, vulnerabilities in Microsoft systems and doubts about election security have made headlines and kept cybersecurity professionals on their toes.
 
Recent political issues with Iran provoked increased cyber activity. As one of the top world powers in hacking, Iran directs its focus on targets of value that are newsworthy and can provide significant disruption. While nation-state cyberattacks aren’t necessarily new, activity in response to a physical incursion is still an untested area. Since cyberattacks from nation-states aren’t discerning about their government targets it increases the likelihood of state and local impact. In terms of risk to the commonwealth, these systems would be our critical infrastructure and those systems used most by the public.
 
Microsoft recently discovered a vulnerability in the Windows 10 operating system so potentially damaging that the Department of Homeland Security and the National Security Agency contacted states and critical infrastructure providers directly to make sure they addressed the vulnerability immediately. There is no known way to detect if someone were to take advantage of the vulnerability and no known protections other than to update systems directly. Additionally, the size of the update and the deployment of these patches enterprise-wide in such a short timeframe presented quite a challenge.
 
Technology took a hit at the Iowa caucuses and added fuel to fears and spread doubt about the security of election systems – a situation fraught with peril with a national election on the horizon. Rest assured, in Virginia we have already begun the preparation of our IT systems for the upcoming November elections and are ready for this week’s primary.   
Make no mistake about it, protecting the systems and the information entrusted to us is of paramount importance to VITA. We work every day, around the clock, to ensure the safety and reliability of commonwealth data, networks and devices.
 
Your awareness and use of good cybersecurity practices is also a critical part in maintaining system health. I encourage you to stay up-to-date and avail yourself of opportunities such as the upcoming COV Information Security Conference to expand your knowledge. Topics are presented from a high level to a deep dive; there is something for everyone. I hope to see you there.

Nelson

2020 security conference registration open; call for papers deadline extended

Registration for the 2020 Commonwealth of Virginia (COV) Information Security Conference is filling fast – there are fewer than 50 spots remaining! The conference will be held at the Altria Theater in Richmond on April 16 -17. We encourage you to register now as we expect the conference will reach maximum capacity. 

The submission deadline for the call for papers is March 6. "2020 vision: A future of innovation" is the theme, and the conference will offer three tracks of seminars. 

  1. Welcome to the cyberverse - introduction, high-level 
  2. Elevate your cyberverse - specialties driven, mid-level
  3. Enter the cyberverse - technical, deep dive 

When submitting your synopsis, we kindly ask that you give a brief overview of how you would tailor your presentation for each of the learning tracks above. Please indicate in the synopsis if you are willing to present on multiple tracks. 

Submit a synopsis 

Conference and registration information can be found at the links below.

2020 conference information

Register for the 2020 conference

 

Okta security policy to be updated March 6 

On March 6, the Okta security policy will be modified to increase the lockout duration from five minutes to 15 minutes in accordance with commonwealth security standard 501 (SEC 501). The account will unlock itself after 15 minutes or a ticket can be submitted to the VITA Customer Care Center (VCCC) if it needs to be unlocked immediately. After the lockout period passes, the user can attempt to log in again.

 

VITA service portal will have a new address on March 23

Beginning March 23, the VITA service portal address will be: https://vccc.vita.virginia.gov

Agencies will be contacted the week of the move with a reminder to bookmark and begin using the new address. The move is occurring because ServiceNOW acquired FedRAMP level four certification and is isolating their FedRAMP environment from their non-FedRAMP customers. This move provides more stringent compliance requirements, security and data control for VITA and commonwealth agencies. No other changes are occurring in the environment; there will be a short period of downtime over the weekend of March 20.

 

WIN conference scheduled March 17

Biochemist and STEM advocate Camille Schrier will keynote the commonwealth’s second annual Women in Innovation (WIN) conference on Tuesday, March 17. The VITA Innovation Program (VIP) will host the conference in Richmond.

The conference celebrates the achievements of Virginia women in the fields of science, technology, engineering and mathematics (STEM), and aims to inspire the next generation of women innovators. The conference will focus on the exchange of knowledge and ideas, offering a range of networking opportunities where participants can connect with their peers, collaborate on new ideas, and generate new energy to continue their work. 

The event will be held at the Dewey Gottwald Center at the Science Museum of Virginia and the registration fee is $75. To register, or for additional event information, including the program schedule, please visit the Women in Innovation website.

 

IT procurement class slated April 3

VITA and the Capital Area Purchasing Association (CAPA) will be hosting an IT procurement class on Friday, April 3. The class is open to state agencies only and will be held at the Commonwealth Enterprise Solutions Center in Chester. The class will run from 8:30 a.m. to 3 p.m. The price is $65 for CAPA members and $85 for non-members. 

Topics include:

  • Overview of the VITA request for proposal (RFP) method
  • Review of key IT terms and conditions, including cloud
  • Discussion of the new law, High Risk Contracts; Definition, Review (2.2-4303.01), and what it means to you 
  • Negotiation tips and strategies and how to make them work for you
  • Q&A 

Space is limited! To sign-up for this class, please email Doug Crenshaw.

For more information, please contact scminfo@vita.virginia.gov

 

Veritas hosted mail archiving unavailable after March 31

VITA will discontinue Veritas hosted mail archiving (HMA) services, effective March 31. After March 31, agencies with HMA data will not be able to access their HMA data and the data in HMA will be destroyed.   

The deadline for exporting the HMA data is March 31. The data administrator (a user who has rights to read and export HMA data for the agency), should complete the export process of data that is needed or required by an agency before March 31. Google Vault will continue to be available for agency mail archiving needs. To learn more about Google Vault, please visit the messaging G Suite support site 

All affected agencies are encouraged to attend the upcoming Relationship Management Committee “Action-HMA/ Records Retention” call on Wednesday, March 4 at 9 a.m. Please contact your customer account manager (CAM) with any questions or concerns.

 

VITA rates for fiscal year 2021

As part of VITA’s ongoing effort to be transparent with agencies throughout the budget planning and execution processes, provisional fiscal year 2021 (FY21) IT service rates are now available for review. Although more detailed information will be provided for each specific agency, at a high level it is noteworthy that the provisional FY21 IT services rates are generally lower than FY20 rates for two reasons. First, repayment of the line of credit will be completed in FY20. Second, the prior year under-recovery from FY18 that is included in the rates for FY20 will not carry forward into FY21. A link to the provisional FY21 rates is provided below. These rates are provisional until the governor’s budget is approved by the General Assembly. Once approved the VITA service catalog will be updated to reflect the new FY21 rates and services. 

VITA worked closely with the Department of Planning and Budget (DPB) to update the FY21 budget based on VITA's forecast of FY21 IT usage and the aforementioned rate structure. The general fund share of each agency’s increase or decrease in funding, as a result of the new rates and/or change in usage, has been budgeted in central appropriations and will be allocated to agencies by DPB upon approval from the General Assembly and governor. Please contact your DPB analyst with questions regarding changes to your IT budget. 

 

For questions about the rates, please contact your CAM or Tom Nikles 

For questions about invoicing, please contact VITA at itfmbilling@vita.virginia.gov 

 

VITA offering training opportunities for AITRs

VITA is offering training classes in the first quarter of 2020 to help agency IT resources (AITRs) and agency finance users work effectively and efficiently in our IT environment. Review the list below to register for the training and support opportunities available.

If you have any questions about a class or registration, please contact the MSI training team.

 

VITA wins 911 Honor Award 

The Next Generation 911 Institute (NG911 Institute) announced their winners of the 17th annual 911 Honor Awards at an awards reception in Washington, D.C. 

VITA’s integrated services program (ISP) won the Outstanding 911 Call Center / Program which recognizes a 911 call center/ state or regional 911 program for overall excellence in serving the public, including the handling of emergency situations and the deployment and management of new technology. Interim ISP Manager Dorothy A. Spears-Dean, Ph.D. accepted the award on behalf of VITA.

Read press release

 

Agency projects spotlighted

The Project Excellence Awards were presented at the annual IT project management summit. State and local individuals and teams submitted nominations based on topics that included project, risk, communication, acceptance, organizational change and issue management.

Project Excellence Awards are for agency level projects that are completed or closed within the last year. This year’s winners include: 

First place

  • Agency: Department of Environmental Quality
  • Project: Pollution Response Reporting System

Second place (tie)

  • Agency: Alcohol and Beverage Control
  • Project: ABC Financial Management System Replacement

Second place (tie)

  • Agency: Virginia Department of Conservation and Recreation
  • Project: Dam Safety Inventory System (DSIS) Phase 2

Third place

  • Agency: Virginia Department of Social Services
  • Project: Compass Mobility 


Information Security Tips 

Cyber threat actors (CTA) leverage interest during public health threats and other high-profile events in order to conduct financial fraud and disseminate malware. We expect that this trend will continue with the emergence of new and recycled scams involving financial fraud and malware related to the coronavirus outbreak.

Malicious actors are likely to post links to fake charities and fraudulent websites that solicit donations for relief efforts or deliver malware. Internet users should exercise caution before opening related emails, clicking links, visiting websites, or making donations to coronavirus relief efforts.

Read Information Security Tips