Inspector General: State's IT security "less than adequate"

A state Senate panel heard from the state's Inspector General on Wednesday in an effort to get to the bottom of how a hacker got inside the state's Revenue Department and lifted the personal information of millions of South Carolinians.

Inspector General Pat Maley delivered a stark analysis of the state's information security systems to the panel, calling the systems "less than adequate."

Maley found major problems that exposed every state agency to the hacker.

"In today's environment where everybody is networked through common data streams, a hacker could compromise one agency and migrate to other agencies. So, one weak link does expose the entire system," said Maley.

The good news is that most agencies are now under the Division of Information Technology's free 24/7 monitoring. That wasn't the case before. Following the hack, a WIS investigation found the Revenue Department did not participate in the monitoring, a move security experts say is a possible reason the department got hacked.

State IT director Jimmy Earley told the panel the state lacks but needs statewide standards.

"I'm glad to see agencies are evaluating their security positions now in the wake of the breach. So, I think that can only help," said Earley.

However, Earley says the state is far from where it needs to be. "Very much so," he said, "a long way to go."

The key, according to the Maley's report, is South Carolina needs to hire a statewide information security officer. This person would, the report argues, set baseline standards for all state agencies to secure your information to hopefully make sure a hack like this one never happens again.

Copyright 2012 WIS. All rights reserved.