Cyber threats on rise for state government, Texas Senate panel told: The terms vary — phishing, hacktivism and whaling are just a few — but they all represent serious cybersecurity threats increasingly menacing state governments throughout the U.S., some Texas state senators were told during a hearing last week.
“Unfortunately, the bad guys are getting very, very innovative in their approaches” to stealing data or disrupting an organization’s functions, said Doug Robinson, executive director of the National Association of State Chief Information Officers.
Robinson made his comments at the state Capitol during the inaugural meeting of the Senate Select Committee on Cybersecurity, a newly created panel studying the cybersecurity risks and vulnerabilities facing Texas state agencies. Along with a similar House committee, the panel is charged with reporting its findings and recommendations for improvement to the full Legislature by Jan. 13, 2019.
State Sen. Jane Nelson, the chairwoman of the Senate committee, noted at the start of the event that state government collects “mountains” of sensitive information and must ensure its safety.
“Cybersecurity will be one of the greatest challenges of our time, because data is becoming the new oil in terms of its value,” said Nelson, R-Flower Mound. “Our personal data is at risk like never before.”
Nancy Rainosek, chief information security officer at the Texas Department of Information Resources, said the state already blocks “billions of malicious attacks coming in each month” — an assertion that took some committee members aback and prompted them to ask her if she had misspoken.
Rainosek said “phishing” has been among the most serious threats faced by the state. Phishing is a scam in which a culprit attempts to obtain sensitive information — such as passwords or user names — by pretending to be trustworthy.
“Whaling” is similar, except the culprit masquerades as a high-ranking official.
However, Robinson said that hackers and other cyber criminals are constantly innovating and changing tactics. So it’s critical for state governments throughout the U.S. and other stewards of sensitive information to do so as well to stay ahead of them, he said.
“This (threat) is going to be with us, and we are going to have to pay more and more attention to it” nationwide, he said. Assessing and curbing cybersecurity threats “is not a project that is going to end.”
He also told the panel that most state governments aren’t spending enough on cybersecurity, although he didn’t comment on Texas’ spending specifically.
“We believe the funding (for cybersecurity) is inadequate and not commensurate with the risk” in most states, Robinson said in a brief interview outside the meeting room. But he said it might be possible for some states to address the issue by redirecting money currently being spent on information technology to cybersecurity.
15-year prison sentence handed down in Austin securities fraud case: James Elton Warr, who operated an Austin investment company, WAS sentenced to 15 years in prison after he was convicted of bilking his clients out of more than $1 million from 2010 to 2011.
A Travis County jury found Warr, 69, guilty of first-degree felony charges of theft, securities fraud, money laundering and misapplication of fiduciary property. He could have been sentenced to as much as 99 years behind bars.
Assets held by Warr’s company — Warr Investment Group LLC — previously were seized and placed into receivership. About 44 percent, or $515,000, of the money that investors lost to Warr was recovered and returned, which is considered a relatively high amount in a case of securities fraud.
Warr, who had a jovial, grandfatherly demeanor and once promoted himself as “like having an uncle in the finance business,” came to the attention of the Texas State Securities Board more than seven years ago, when he hawked a guaranteed 8 percent return for investors.
His company billed his “high yield, low risk” investment plan as “designed to help you take the guesswork out of retirement planning by paying you a guaranteed 8 percent interest rate.”
After Warr and his company continued operations despite a cease and desist order in 2010, securities regulators raided his Research Boulevard offices in January 2011, seized its assets and placed them into receivership. At the time, the securities board accused Warr of raising about $1.1 million from investors between April 2010 and January 2011 by selling unlicensed securities and engaging in fraud.
He subsequently was arrested in June 2015 and indicted in July 2015 on the charges stemming from his activities in 2010 and 2011.