One of the good things about Oregon government is that it can be public about its failings. And we learned this week that the state’s Department of Corrections has problems with cybersecurity.
The corrections department houses sensitive private data about inmates. Although it is not mentioned as explicitly in the new Secretary of State audit, presumably it keeps information about its own employees, too.
Many of the details of what is wrong with cybersecurity at the department were not made public. Don’t want to tell hackers where the problems are. But apparently the department doesn’t have a comprehensive inventory of its technology assets. You can’t really plan a cybersecurity defense if you don’t know what you have. And it made it more difficult for auditors to be able to determine what the department was doing right and what it was not.
Nonetheless the department did agree to all the recommendations of auditors and pledges to work to correct them.
We’re pretty sure many businesses would have problems if auditors from the Secretary of State’s Office were to show up and look for cyber weaknesses. But that shouldn’t diminish the concern of problems at the corrections department.
