|
|
|
|
CIO Confirmed by State Senate
On April 22, the Hawaii Senate approved Governor David Ige’s nomination for State of Hawaii Chief Information Officer (CIO), Todd Nacapuy, whose term will run through Dec. 3, 2018. He succeeds former CIO Keone Kali, who served in the position for just over a year.
|
|
|
In recognition of the pivotal role that technology and innovation hold in Hawaii’s future, Act 200, 2010 Session Laws of Hawaii, formally established the full-time CIO position. The law also established the IT Steering Committee to assist the CIO in developing the state’s standards and policies.
|
|
|
When Nacapuy officially steps into the role next week, he will lead the Office of Information Management and Technology (OIMT) and oversee the Information and Communication Services Division (ICSD) of the Department of Accounting and General Services (DAGS). As his team works to achieve the Ige Administration’s goals for IT modernization, his focus will be on ensuring that the right systems are in place to make state government more efficient and effective.
“I’m pleased to be joining Governor Ige’s team in a role that allows me to use what I know about technology to serve the people of Hawaii...”
– Todd Nacapuy
|
|
State Team Responds Swiftly to DoS Incident
The possibility of a denial-of-service (DoS) attack is a reality for any entity operating a website. On Sunday, April 26, the eHawaii.gov state portal was impacted by an apparent DoS attack, allegedly connected to similar activity targeting a third party.
|
|
A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack attempts to make a network resource unavailable to users, often by saturating the target with external communications requests to impede its ability to respond to legitimate user traffic.
eHawaii.gov personnel deployed Sunday morning within an hour of the first signs of the attack, which was characterized by a sudden and significant spike in network traffic. The team worked with secondary and tertiary carriers to mitigate the impact to Web users.
|
|
|
Although network traffic to and from the site was temporarily affected, at no point were any services at risk or any data compromised. Individual department websites remained available if accessed directly. Full site availability was restored by 4:40 p.m. that same day.
The state is proud of the collaboration involved in resolving the incident. The eHawaii.gov team and state Security Operations Center (SOC) are analyzing data to identify opportunities to improve future response. For more information about the SOC, refer to the Jan. 7 issue of this newsletter.
|
|
‘The SURF Report’
In March, the State of Hawaii announced a move to a more results-driven strategy for its Enterprise Resource Planning (ERP) initiative, also known as the Statewide Unified Resource Framework – or SURF. Instead of proceeding toward a single, all-in-one ERP system, the state will be modernizing and improving individual ERP functional areas (such as human resources, payroll, time and attendance, finance, grants, acquisition, and budget) through more targeted projects with immediate goals.
This approach builds on progress thus far and allows the state to achieve benefits in the short term while staying within budget. The intent is to integrate sub-components as they are established.
|
|
Visit the SURF website for frequently asked questions (FAQs) and updates.
Over the last three years, significant investments in enterprise-enabling infrastructure have put the State of Hawaii in a greatly improved position to move forward. The next step is for the SURF Executive Steering Committee, led by state Comptroller Douglas Murdock, to determine which priority projects will be undertaken using available ERP funding and leveraging this new infrastructure, such as the Hawaii Government Private Cloud, and interim system upgrades already in progress. The steering committee has committed to identifying priority projects in the coming months.
|
|
Security a Benefit to State’s Office 365 Users
Hawaii state departments migrating to the Microsoft Office 365 environment will receive up-to-date antivirus protection and enhanced security, in addition to seeing substantial cost reductions for desktop operating systems, software and desktop tools.
The Office 365 environment addresses key trends affecting security, including but not limited to targeted attacks, identity-centric management, cloud computing, and regulatory/compliance issues.
|
|
For example, Office 365 has built-in security, customer controls, and independent verification and compliance. In a denial-of-service (DoS) attack scenario, Microsoft Exchange Online baselines normal traffic and usage, and has the ability to recognize DoS-like traffic patterns. Automatic traffic shaping kicks in when spikes exceed normal.
In addition, Office 365 provides data protection enroute to and from the Microsoft cloud. This involves Rights Management System (RMS) encryption at rest or in motion, as outlined in the below illustration.
|
|
As mentioned in a previous issue of howz.IT, email protection options have been expanded for state users of Office 365 to offer “Do Not Forward” and “Encrypt Only” options for sending email to other state Office 365/Exchange users:
- In Outlook, create a new email message, go to Options, then drop down the Permission list
- In the Outlook Web App, click on the ellipsis (…) above the message, then click on “Set permissions >”
- Note: To encrypt messages to state users NOT on Office 365/Exchange, simply include *secure* in the subject line of the message.
For more tips, visit the Office 365 SharePoint site created just for state Office 365 users.
|
|
UH News
$4.6 Million Grant Supports Education Network Connections in Pacific
The National Science Foundation has awarded the University of Hawaii a five-year, $4.6 million grant to support the international research and education network connections in the Pacific.
The grant will support the U.S. costs associated with two 40Gbps (gigabits per second) links from Australia and New Zealand to the United States via Hawaii. These links are provisioned over submarine fiber optic capacity provided by the Southern Cross Cable Network to Australia’s Academic and Research Network (AARNet) through a unique partnership established over a decade ago. As part of the five-year project, these links will be upgraded to 100Gbps each in 2016.
“UH has a long and rich history as a leader in academic networking and internet development in the region. The first international internet connection to Australia was implemented over 25 years ago as a partnership between AARNet and UH, and we remain uniquely positioned to lead this effort as the premier research institution in the Pacific.”
– David Lassner, UH President
Read the full story here.
|
|
State Inbox
News Exclusively for State IT Personnel
Windows 2003 Nears ‘End of Life’
IT personnel are reminded that on July 14, 2015, Windows Server 2003 will reach “End of Life” (EOL) status, joining Windows Server 2000, Windows XP, and Windows Small Business Server 2003 in the category of operating systems no longer supported by Microsoft.
As a result, no further security updates for Windows Server 2003 will be available from the company, and unsupported Internet-facing Windows Server 2003 servers may become prime targets for malicious online activity, particularly if new vulnerabilities are found. Therefore, please be advised that Windows Server 2003 will no longer be a state-approved operating system for Web-facing networks.
To verify and address departments’ needs and potential exposure, the Security Operations Center (SOC) team will be working with individual departments operating Windows Server 2003 as identified by the ongoing U.S. Department of Homeland Security vulnerability scans. Of highest priority are publicly accessible servers and business-critical servers.
|
|
|
Forward to a Friend or Colleague
Published by the State of Hawaii Office of the CIO, howz.IT is the newsletter of Hawaii's technology transformation. Forward this issue to a friend or colleague so they can subscribe and receive updates. Subscribe here.
|
|
|
|
|
|
|
