Password:
Oklahoma is a decentralized state and has over 180 agencies. The Information Services Division of the Office of State Finance (ISD/OSF) operates the central data center and processes the State's financial, human resource, payroll, procurement and budget systems. However, the major agencies, particularly those supported with federal funds, maintain their own financial systems. The intent is to eliminate these agency systems when the remaining ERP applications are implemented.
ISD/OSF is responsible for the central telephone system with approximately 13,000 lines, including voice mail, IVR and other services. ISD/OSF also manages the State's fiber network and in partnership with OneNet provides connectivity across the state (later is a discussion of this partnership).
ISD/OSF provides the following services to other state agencies on a requested basis:
NASCIO: In an environment of increasing external threats as well as vulnerabilities created by more mobile workers and new technologies, what has been your major challenge with respect to IT security?
Fleckinger: Major challenges include intrusion attempts on our networks and specific devices on those networks including mainframes, servers and PC's. Another major challenge has been with contractors wanting to connect their personal laptops to the state network when performing work for the state. We also now have users with laptops with wireless access connecting to our network.
Oklahoma's approach to mitigate these vulnerabilities starts with a statewide policy that defines minimum mandatory security requirements and includes recommended procedures and guidelines. Oklahoma is moving toward a "Defense in Depth" methodology consistent with SANS. SANS' approach reduces external attacks by using: 1) network-based controls; 2) host-based controls; 3) techniques to eliminate security vulnerabilities; 4) methods to safely support authorized users; and 5) tools to minimize business losses and maximize effectiveness. The following are areas we are watching closely and what we feel need to be considered:
NASCIO: What advice would you give to other State CIOs as being the most important elements of securing state IT infrastructure and protecting the privacy of citizens' personal information?
Fleckinger: Implement intrusion detection and prevention devices on all networks. Implement enterprise firewalls on all networks in front of all mainframes, servers and PC's. Implement SSL with two-way authentication for all remote users. Implement anti-virus software on all PC's and servers and keep it current. Quickly implement all critical security patches issued by the vendors. Implement SPAM filtering systems that filter all incoming email for SPAM and attachments that may contain viruses or trojans and delete all email that have ".exe" attachments. Encrypt all confidential data that is being transmitted between servers, PC's, etc.
A first step would be to determine the current status of security of the State's IT infrastructure. In Oklahoma, we worked with the legislature to address the security of the State's infrastructure. Legislation passed in 2006 requires each agency to annually conduct a standard security risk assessment. This process allows us to identify areas of vulnerability and focus on shoring up areas of weakness, including IT infrastructure security and privacy of personal information.
A second bill passed by the legislature requires all governmental agencies to notify persons of a breach of computer systems that result in unauthorized release of personal information. In addition to these statutes, Oklahoma has implemented a mandatory Incident Reporting procedure in our statewide information security policy and has forged a close working relationship with the Oklahoma Computer Crimes Alliance (OCCA). The OCCA is a partnership of 20 local, state and federal law enforcement agencies formed to aggressively address cyber threats and crime in a coordinated manner. Oklahoma also implemented a cyber security incident reporting system that is accessible to each of the designated cyber security representatives within the state and the OCCA.
NASCIO: As CIO, how have you optimized your state's IT assets and delivery of services using a shared enterprise infrastructure model, especially as they relate to Consolidation and Shared Services, and Data center consolidation strategies and business justification?
Fleckinger: This is a work in progress. The state has implemented a centralized ERP system for Accounting, Procurement, Budgeting and HR/Payroll. A new state data center is in the planning stages that will provide the capacity to consolidate state agency data centers. In addition to the IT services mentioned above, the Office of State Finance provides shared Procurement and HR/Payroll services to state agencies. We continue to encourage agencies to work together and share resources.
NASCIO: As CIO, what initiatives have you undertaken to promote cross-boundary collaboration and coordination with local governments in your state?
Fleckinger: The state's Joint Oklahoma Information Network (JOIN) system provides a Statewide Community Resource Directory. This system provides an internet-accessible data sharing system that improves service delivery to the citizens of Oklahoma by providing personalized access to programs and services. JOIN is now collaborating with the state 2-1-1 system serving Oklahoma City, Tulsa, Southeastern Oklahoma, Lawton, Bartlesville and Ponca City. JOIN and 2-1-1 have created a common resource directory that is shared by JOIN and the 2-1-1 call centers. Another example is the OCCA partnership with local government, federal and state law enforcement entities and state agencies on cyber security.
NASCIO: In reviewing the ISF webpage, I discovered OneNet--Oklahoma's telecommunications and information network for education and government, which is a division of the Oklahoma State Regents for Higher Education and is operated in cooperation with the Oklahoma Office of State Finance. This is a very interesting collaboration that would be of interest to NASCIO members. Would you describe very briefly how the project came into existence and some of the benefits that it provides for Oklahoma citizens?
Fleckinger: OneNet, Oklahoma's telecommunications and information network for education and government, is currently an operational division of the Oklahoma State Regents for Higher Education and is operated in cooperation with the Oklahoma Office of State Finance.
In the late 1980's the Office of State Finance recognized the need for a communications network for Oklahoma State Government due to the emerging technology for online services and data sharing within the government agencies. This would provide a vehicle for the state agencies to provide automated services to the citizens of Oklahoma. The Oklahoma legislature also became integrally involved when it recognized multiple, duplicative requests for state networking from a variety of agencies. A few key members of the legislature embraced the challenge of developing a single, integrated statewide network and worked closely with the Office of State Finance and the State Regents in its development.
The planning for a network was started, to provide connectivity statewide, and was planned in a phased approach. The Office of State Finance acquired funding from the Legislature and leveraged targeted higher education dollars to install fiber optic cable from Oklahoma City to Norman which was installed with the next plan to be the installation from Oklahoma City to Stillwater. These linkages would provide accessibility and connectivity between the State Capitol Complex and the two major state universities. The State system of higher education was interested in this infrastructure enhancement in that the institutions were utilizing an aging statewide microwave tower system and was studying opportunities to retire the system and replace it with a larger and more reliable, fiber-based network for research and education.
Subsequent to this initial phase of deployment, the Office of State Finance was contacted by a major communications company with a plan to utilize the rights-of-way on the Turner Turnpike to install fiber optic cable between Oklahoma City and Tulsa. An agreement was made between the Office of State Finance, the Oklahoma Turnpike Authority and the vendor for capacity sharing and, upon completion, connectivity was established from the State Capitol in Oklahoma City to the Capitol Complex in Tulsa.
Due to the statewide requirements of both the Office of State Finance and the State Regents for Higher Education, a joint planning effort was started to provide and install one network that would serve all of Oklahoma State Government. After months of planning a proposal was presented to the Legislature and, in 1992, the voters in Oklahoma approved a statewide capital bond issue that provided $14 million for the implementation of a joint statewide telecommunications network. In 1995, the network's business plan was approved and work commenced on establishing the statewide network infrastructure.
The network's topology was designed to incorporate hubs throughout Oklahoma in order to aggregate services and to provide connectivity to all the seventy-seven counties, state agencies and institutions of higher education. Since the higher education institutions within the State already had a communications presence, it was agreed to utilize their remote locations as the hubs. Further, a public/private partnership was developed with the State's commercial telecommunications providers to provide last-mile circuits and equipment. With a legislative mandate to provide postalized, low-cost connectivity throughout all corners of the state, this was seen as the most cost-effective manner in which to achieve the desired outcome. This model also has tangible economic benefits to the rural areas of the state with regard to the millions of dollars invested in leased circuits. OneNet currently leases circuits from 39 of the 44 providers within Oklahoma. After special tariffs were put in place with the Oklahoma Corporation Commission, it became operational in 1996.
Because of the high volume of existing activity for higher education and the availability of existing higher education staff and due to the elimination of the microwave tower system, the Office of State Finance and the State Regents for Higher Education agreed that the operations and management of the network would be maintained by the Regents and was called "OneNet".
Today, OneNet has evolved into a Regional Optical Network that is supported by a fault-tolerant, optical core that provides high-speed telecommunications services to a broad variety of Oklahoma entities such as: public and vocational-technical schools; colleges and universities; public libraries; local, tribal, state and federal governments; court systems; rural health care delivery systems; and programs engaged in research. This infrastructure is also the gateway to advanced national networking services such as the National LambdaRail and services both the University of Arkansas and Arkansas State Systems of higher education. The network is still operated as a joint venture between the Office of State Finance and the State Regents for Higher Education.
NASCIO: Please describe some of the major IT projects and initiatives that Oklahoma plans to undertake over the next 1-3 years.
Fleckinger: Build a new hardened, secure data center with the capacity to consolidate data center operations for all major state agencies.
Continue the annual security risk assessments and measure agency improvements year over year.
Upgrade the telecommunications system and provide Voice over Internet Protocol (VoIP) capability.
Upgrade the existing ERP applications and expand the use of the CRM module to other agencies.
Implement the remaining ERP modules acquired in order to retire the many agency legacy systems.
Implement a statewide cyber security portal in a collaborative environment that provides the status of our environment, including alerts, incidents and a repository for continuity plans and procedures.
Investigate opportunities to improve operating efficiencies and security.
NASCIO: Please provide any additional information that you would like to include.
Fleckinger: Over 40 percent of our workforce is eligible to retire within the next five years. We have embarked on a Strategic Workforce Planning project. This project includes:
