What’s the bigger threat to cybersecurity in Hawaii: state-sponsored hackers seeking disruption or unaffiliated criminals seeking money?
State-sponsored hackers have greater resources and specific targets for disruption, such as infrastructure and transportation. When these services are crippled, the economic impact can be substantial, but embarrassment and loss of confidence are usually the real goal of state-sponsored hackers.
Hackers that are looking to collect a ransom are usually less specific about their targets. They indiscriminately spread malware and hope that somebody falls for their scheme. Victims of a cyberattack are usually advised not to pay a ransom, as this just encourages criminals. There is also no guarantee that paying a ransom will result in restoration of services.
Besides ransomware, individuals need to worry about identity theft. New threats are emerging all the time, and we need to take them all very seriously.
Are there data backups or other strategies to make critical services less vulnerable?
Human error is often the vulnerability that enables an attack. Training and cyber awareness need to be at the top of any organization’s strategy. Access to services should be strictly limited to necessary and authorized use.
Organizations often overlook the importance of restricting outgoing traffic, such as employee access to websites. Users need to scrutinize websites with a healthy dose of skepticism and doubt.
I recommend backing up critical data several times per day, retaining backups for as long as you can. Cloud-based, encrypted permanent backups are a good, but expensive, option. Regularly test your backups; a backup strategy is useless if you cannot recover the data.
Organizations should assume they will be attacked. Religiously apply security patches, establish an incident response plan, and have cyber insurance to provide resources for additional support and expertise; www.nist.gov is a good source for best practices.
Tell us about the Akamai chatbot: How is that working out in helping the public find answers?
Akamai has been operational for less than one month, and we’re seeing just under 10,000 hits a day. This is helping to reduce the number of phone calls to the Customer Services department.
When first introduced, Akamai was able to answer only the most frequent and basic questions. Accuracy and breadth of knowledge will improve with time and use.
You can converse with Akamai in nine languages now. We hope to support more languages and to eventually handle spoken questions and answers as well, and to integrate with other systems to handle customer and account-specific questions, such as setting up appointments for services.
What advice would you give users of computer systems, public or private, to best secure their data?
Users should make sure that their most critical data is inaccessible from the internet. Never store your passwords or sensitive personal information on an electronic device.
I recommend using long phrases as a basis for a password, substituting letters with symbols and digits.
If you are a larger organization, segment your networks to limit contagion.
Have multiple removable backups stored in different places.
Organizations can improve their network defenses by having several layers of security products from different vendors. Firewalls from a single vendor can have common flaws that hackers can exploit. It is impossible to prevent all types of intrusion, but it should be possible to minimize the damage by compartmentalizing data and systems.
The best advice I can give is to assume that you will eventually get hacked, and that you should not fully trust anybody except yourself.
Which IT developments on the horizon do you see as the most promising or exciting?
Blockchain is going to become critical to businesses.
Commonly associated with cryptocurrencies, blockchain can also be used for things like vehicle registration and property titles. The lay person should think of blockchain as a way to securely share transactions between multiple parties.
Artificial intelligence (AI) covers a wide range of technologies, but one of the most exciting areas of AI is machine learning, specifically neural networks that mimic functions of the human brain.
The city recently installed a system that can do 2.5 quadrillion operations per second. This technology will soon find its way into cars, phones and wearable devices.
Augmented reality (AR) should become mainstream this year. AR allows us to use eyeglasses to overlay digital information onto a view of the real world.
Like Geordi in “Star Trek,” our glasses could identify a person whose name you cannot remember, give us visual appointment reminders, and look up information — all without the knowledge of those around us.
THE BIO FILE
>> Title: Chief information officer, City and County of Honolulu.
>> Personal history: Born in New York, raised in Honolulu since age 2; educated at Iolani School, Yale University.
>> Professional history: First full-time IT job was as a senior systems analyst for Yale; CEO of Commercial Data Systems from 1986 until retirement in 2011.
>> First career: Professional pianist and organist for over 50 years. Unique gigs include a Hawaii Islanders baseball game, Christmas at the original Waikiki Theater, musicals at Diamond Head Theatre, and concerts with local symphonies. Appointed organist in 2022 at the Cathedral Church of St. Andrew.
>> Community roles: Chaired the Heart Ball and the Symphony Ball; served on boards of Hawaii Pacific Health, Muscular Dystrophy Association, Hawaii Public Radio, Hawaii Theatre Center, Honolulu Symphony Foundation, Kakaako Makai Community Planning Advisory Council.
>> Fun fact: Listed as one of only two internet contacts in Hawaii in the Internet Manager’s Phonebook of 1990.
