Hello. You have reached an archived page. Content and links on this page are no longer being updated. Looking for a service? Please return to our home page.
October 2021
Volume 20, Number 10
From the CIO
Gov. Northam has recognized October as Cybersecurity Awareness Month in the Commonwealth. At VITA, we celebrate this all month (and all year!) long as cybersecurity is a chief priority and key strategic goal. Our Commonwealth security and risk management (CSRM) directorate fulfills the information security duties set forth in Virginia Code. Security of our programs, systems and technology-based tools underscores everything that we do. You can read the proclamation here.
VITA security teams are committed to protecting the Commonwealth's valuable data assets and providing a safe, secure technology environment that enables our partner agencies to accomplish their respective missions. At VITA, we like to say that if it’s connected, it must be protected. It’s amazing to see the changes in technology over time and experience just how much our technology-dependent devices and overall quality of life are impacted by connectivity and security. Our charge to each of you, as agency partners and customers, and each and every Virginian, is to connect our technology network to your needs, and recognize that security is the foundation on which our platform and portfolio is built.
Every year, CSRM, led by Chief Information Security Officer Mike Watson, prepares an annual report to assess the strength of agency information technology (IT) security programs that are established to protect Commonwealth data and systems. This report provides a baseline and status of security in the Commonwealth. Our reports indicate that key indicators for cybersecurity risk are increasing -- which should come as no surprise. Technology pervades just about everything we do, and ensuring that it’s used in safe and productive ways is our mission.
Cyberattacks and malware continue to threaten Virginia entities, including our partners at Virginia colleges and universities. In fact, 34% of all incidents were the result of successful malware attacks. As the largest category of incidents, malware is a constant threat to Commonwealth devices and data. Multiple attack vectors can be used to carry out cyberattacks, and the two primary avenues of attack seen by the Commonwealth are phishing emails containing malicious links or attachments and infected website redirection.
During 2020, VITA security provided simulated phishing training to 890 Commonwealth employees at one agency. Of the employees targeted, 660 employees opened the phishing message, 220 clicked on the link and 103 employees submitted their credentials. This is a sobering reminder that risks are everywhere, and our job to prevent cyberattack attempts and provide ample education is never fully complete.
Our centralized services team continues to address agency audit and risk management needs. VITA’s offering of centralized services for audit services, risk management services and vulnerability scanning has assisted agencies in meeting their compliance requirements. Additionally, VITA security’s vulnerability scanning service continues to help agencies reduce the number and impact of vulnerabilities associated with Commonwealth applications. We anticipate further improvements in compliance and security as agencies utilize the centralized services. Our centralized approach has also ensured that Virginia continues to have critical accesses to cyber insurance, a major accomplishment for the enterprise.
I urge you all to continue to practice safe online habits that keep Commonwealth data and systems secure. Happy Cybersecurity Awareness Month!
Nelson
Register for the VITA Virtual Services Fair!
Join us for VITA's first Virtual Services Fair on Wednesday, Oct. 20, to learn more about Virginia's enterprise technology portfolio and new offerings. An exciting and informative agenda awaits – guest speakers and Commonwealth leaders will share the latest in modernized service offerings to help agencies achieve tech-related goals.
Executive Director of the National Association of State Chief Information Officers (NASCIO), Doug Robinson, will provide keynote remarks, complete with trends and priorities emerging from across the country. A featured service spotlight from VITA’s messaging service owner and supplier, NTT Data, will share more about upcoming options for agency messaging solutions.
The fair will be held from 8:30 a.m. to noon. Registration is free but required to attend.
Learn more about the services fair, view the program and register today!
A look ahead at technology in the Commonwealth: Making IT work together
Over the last year-and-a-half, VITA’s enterprise architecture (EA) division has been working to enhance the Commonwealth technology program. Standards, definitions, taxonomies, roadmaps and technology baselines have been created as a starting point for developing a common technology language. This will move the state toward a Commonwealth-wide integrated program to help provide consistency and predictability across agencies.
Executive Order Number Nineteen (EO19) was one of the first test cases for an integrated program for the Commonwealth to achieve an established goal. With the of help agencies, it was an indisputable success and positioned the Commonwealth for leveraging not only more efficient technology but new capabilities not previously available.
With the experience gained from the cloud migration effort, VITA identified new tools and processes that will enhance the program. Plans to roll out a capability and technology management tool, along with a framework for technology usage, is planned by the end of the year. These will help facilitate the coordination of technology efforts and provide a common direction across all agencies in the Commonwealth.
The EA division structure itself is also evolving, most notably with the addition of an innovation and technology strategy component. One of VITA’s objectives is to encourage innovative business practices to increase efficiency and improve customer service. EA’s new responsibility to evaluate emerging technologies and trends and enable opportunities for innovation is a means to achieve this objective and will help shape the new focus of EA at VITA.
In the coming months, more details about standards, the innovation track, training for new tools and how agencies will leverage it for strategic planning will be provided.
Vaccine messaging on agency websites
As a reminder, earlier this summer, Gov. Northam and his pandemic response team requested that vaccine messaging appear prominently on all agency websites. The governor's request to display this information is still in effect.
The VDH Vaccine Call Center schedule has changed; it now operates Monday through Friday only.
Agencies that subscribe to the hosted Commonwealth banner do not need to do anything to reflect this change. VITA has updated the shared code, and your instance of the banner will update on refresh. For those using the message elsewhere on your sites: Please change your copy from "Monday-Saturday 8 a.m.- 6 p.m." to "Monday-Friday 8 a.m.- 6 p.m." The rest of the text remains the same.
*If you are interested in using the shared banner code on an agency site, please visit https://developer.virginia.gov.
Microsoft OneDrive is available now for WCS customers via request
Microsoft OneDrive is available as an opt-in service to workplace collaboration services (WCS)-subscribed agencies at no additional cost. OneDrive is a secure personal cloud storage platform that allows users to store and access files from anywhere on any device. It also allows users to share documents within their agency, as well as between agencies. Any agency electing to opt in must have agency IT resource (AITR) and information security officer (ISO) approval.
For more information about OneDrive, please review the Microsoft OneDrive FAQs (KB0018445) located in the VITA knowledge base or click here for a quick tutorial.
Opting in for existing WCS customers: Starting Sept. 14, WCS customers can request the enablement of OneDrive by utilizing the workplace collaboration services – subscription request via the VITA service catalog and modifying your agency’s subscription.
Non-WCS customer agencies: Your agency must be subscribed to WCS in order to access OneDrive. Agencies can subscribe to WCS by submitting a workplace collaboration services – subscription request via the VITA service catalog.
Please contact your AITR for more information and any questions.
Ordering Dell 3551 Mobile Precision laptops
As shared in last month’s edition of Network News, VITA has procured 900 of the Dell 3551 Mobile Precision laptops to alleviate the strain caused by global supply chain issues. The laptops are in stock, and agencies have been alerted that the lead time has been adjusted to 30+ business days to receive the laptops as the supplier works quickly to reduce a backlog of many backordered items that have been delivered.
Below are the ordering guidelines for the Dell 3551 Mobile Precision laptops, as well as the device specifications and pricing:
- Ordering through the catalog – For quantities of 20 or fewer, agencies should submit orders for net new devices using the catalog. Please note: Orders will be filled on a first in, first out basis. The average fulfillment time from when the order is placed until the device is installed for the customer is two weeks. However, due to the demand currently in the environment, an additional one to two weeks may be required to fill customers’ needs.
- Ordering through the request for solution (RFS) process – For quantities greater than 20 devices, agencies must submit orders using the RFS process.
The Dell 3551 Mobile Precision laptops should not be ordered for refreshes or as replacements for previously submitted orders. Nor should previously placed orders be canceled. Orders canceled now will lose their place in line with the manufacturers and there is no guarantee of improved lead times in the future.
Please contact your agency IT resource (AITR) for more information and any questions.
VITA IT Project Management Summit - Save the date!
VITA is pleased to announce the ninth annual VITA IT project management summit has been scheduled for Tuesday, Nov. 9. The theme of the virtual summit is “A Year of Change 2021.” Agency project managers are highly encouraged to attend. Registration is $75 and is open to state and locality staff only. Continuing education credits are offered.
Project managers (PMs) need to adapt and focus on new ways of managing their traditional tried-and-true project management processes to meet a changing environment. The summit will provide many opportunities to address project managers’ needs in today’s ever-changing environment: new skillsets, the latest updates about working in the cloud, security compliance, disaster recovery and conquer the challenges facing them while working remotely.
Conference details and registration information can be found here
Annual kids safe security poster contest
The annual kids safe online poster contest has been launched for 2021. The goal of the program is to engage young people in creating posters to encourage other young people to use the internet safely and securely. All public, private or home-schooled students in kindergarten through 12th grade are eligible to participate. Entries for the 2022 contest are due Jan. 12, 2022. Email submissions to CommonwealthSecurity@VITA.virginia.gov. A parent may submit their entries for home-schooled students directly to MS-ISAC.
The top five Virginia winners from each grade group (K-5, 6-8, 9-12) will be entered into the national competition. Entries received may be used in national, regional and state cyber and computer security awareness campaigns. The official rules and topic suggestions are included with the entry form. Please include the following entry form completely filled out (all fields are required) when submitting the poster.
Learn more about the contest and download the 2022 poster contest entry form.
New ITRM policies and standards posted
The following Information Technology Resource Management (ITRM) documents are now available on the VITA website. The names and purposes of each document are outlined below.
ITRM Prohibited Hardware, Software and Services Policy SEC528-00
- The purpose of the new ITRM Prohibited Hardware, Software and Services Policy (SEC528-00) is to protect the Commonwealth by notifying all agencies of any hardware, software or services that have been prohibited for use.
ITRM Information Technology Security Audit Standard SEC502-04
- The purpose of the revised ITRM Information Technology Security Audit Standard (SEC502-04) is to delineate the methodology for conducting an IT security audit of sensitive IT systems that contain agency information as identified and prioritized in an agency’s business impact analysis.
Information Security Policy SEC519-01
- The Information Security Policy (SEC519-01) has been revised. The purpose of this policy is to protect the commonwealth information assets by defining the minimum information security program for Commonwealth of Virginia (COV) agencies. This policy establishes the program as a comprehensive framework for agencies to follow in developing security programs to reduce the risk to COV information irrespective of the medium containing the information.
Information Security Tips
Tips to combat social engineering
The September edition of Information Security Tips looks at how to hack the human and train and arm the end user with tips on how to stay safe from social engineering. We want to trust our co-workers to do the right thing, but sometimes that does not happen. Some people become insider threats; that is, they use their authorized access to systems to harm their organization.
Read Information Security Tips