Interview: Washington State CIO Bill Kehoe on infrastructure, cybersecurity, and more.

Washington State Chief Information Officer William “Bill” Kehoe. (Washington State Photo)

When William “Bill” Kehoe began his current job as Washington state’s chief information officer last August, he entered a gig with a plate of problems, from cybersecurity issues to data gaps. broadband equity.

The Gonzaga University graduate recently sat down (virtually) with GeekWire Editor-in-Chief Mike Lewis to talk about his priorities for 2022. Kehoe has years of experience running technology departments at information in state and local government, including as CIO in Los Angeles and as chief information officer for King County. department manager in Seattle.

This interview has been edited for length and clarity.

GW: The infrastructure bill, according to Senator Patty Murray’s office, will net Washington State a minimum of $100 million, likely much more. One of the things it would fund is improving broadband access. I would like to know your opinion on broadband access in Washington State.

Kehoe: Before coming to Washington State, I led a digital equity and strategic planning exercise in LA County. So I have some experience in terms of what is needed to really help with the digital divide situation.

There are three pillars of the digital divide, or digital equity, that I think are really important. Broadband is one — and that’s Internet access. This includes the last mile. The solutions for this may vary from community to community, depending on the needs.

Next, the need for devices. If a household does not have broadband access, they may not have devices. If they have devices, they may not understand how to use those devices. This is where digital literacy and the availability of programs in the community also help.

I think for broadband, our Department of Commerce will partner with us and other state agencies in terms of needs and I think they have projects underway. Next, we will also look at this kind of broader digital equity element. But in terms of other uses of the (infrastructure) money, I know we’re looking at potentially having help around cybersecurity and our needs there.

GW: That brings me to my next question regarding cybersecurity. Much has been written about Washington and what happened with job security. What do you think is wrong with Washington State and cybersecurity? And secondly, how do we solve it?

Kehoe: I think we’re seeing that across the country, in many ways, the sophistication of fraud and attacks is increasing, phishing emails are getting more and more sophisticated and harder to detect.

One of the main issues we’re trying to address is that traditionally in the states, each agency has its own IT store and does its own security checks, putting [common] tools in place. Some agencies were doing it very well, others didn’t have the staff, the funding or the maturity to really handle the sophistication of cyberattacks.

What we’re doing about that is we’ve started a pretty aggressive corporate security program here in the state and we’re putting in services – endpoint security – and other tools and controls .

We’re really trying to turn things around and have a corporate security program in place and also be more proactive in terms of detection, increasing our monitoring and remediation. I think we are starting to lay a good foundation. There’s a lot more work we’re going to have to do.

The Washington State Legislature at Olympia. (Photo Flickr/MathTeacherGuy)

GW: When your security officer looked at this particular data breach, what was that actual analysis? Was there something fundamentally wrong with the state? Or was it just one of those unexpected super-sophisticated attacks that was really hard to prevent in any way?

Kehoe: Again, I don’t have the specific details on this. But I can tell you what I heard and the investigations I made. This was done quickly trying to figure out the problem with our security office and the agency working together. But with any breach like this, or any incident, you need to make sure you understand the problem as well.

There is an analysis that needs to be done. But from all the information I gathered, people were really focused on this full time. We worked as a community to investigate the issue, put additional controls in place, and still do, right? I think they did a good job of really focusing on that and making sure they understood the issue. The system owners implemented the controls as quickly as possible to avoid any further incidents.

GW: From an IT security perspective, is it something the state outsources or is it something the state does in-house or is it a mix of the two?

Kehoe: Tools come from private industry and security organizations. We have a mix of outside organizations that help us with surveillance and detection. We also have staff within our cybersecurity office who also work with these external vendors. So we have both. But in terms of platforms and tools, these are things that we get by contract and by subscription from outside organizations, from security organizations. So it’s more of a hybrid-type environment.

GW: According to the governor — and according to you — what is your job as chief information officer? What should you know about all of this?

Kehoe: I need to lead the agencies around this movement towards enterprise services, and make sure that these services are working well, that they have a high degree of excellence and quality and that we are moving towards this security posture proactive that I was talking about. It’s a big responsibility. The governor made [me] very aware during my onboarding process, that security is a high expectation. the [state] the security officer reports to me. We are working with all agencies to evolve to these services and this corporate security program.

GW: Does it surprise you that the job security hack happened in a state that has a lot of tech talent? There have been criticisms in the tech community that Washington State, despite having huge amounts of talent, is not doing tech very well. How would you answer that?

“There is a tremendous opportunity for us to change that culture and move to a more innovative mindset.”

Kehoe: I think we have talent. Much attention has been paid to existing legacy systems and their maintenance. One of my initiatives here is to really create a more innovative culture in Washington State where we can approach projects in a more agile way and we have funding mechanisms in place to deliver high impact projects but in the short term. We have a tremendous opportunity to change that culture and adopt a more innovative mindset, so that we can move faster on some of these projects. But it’s a culture change. And I’ve heard and seen amazing things happening during COVID that happened very quickly in terms of getting apps up and running.

GW: Give me an example of this. What did you see that particularly impressed you?

Kehoe: I have seen information disseminated to the public regarding COVID [such as] hospital beds available. Also contact tracing type information, where the outbreaks were and where we had hotspots. All the really important information, plus where [residents] could get tested. And then information about vaccines. It was all really important. And it happened very quickly here.

And then with regard to the vaccine, the verification of the vaccine which was done quite quickly. Our health agencies have worked with the private sector to make this happen. We used common open source code from California that Oregon also used. It’s going to give us the confidence to look and see how we can apply this in other areas.

GW: Still happy to have accepted the position?

Kehoe: Oh, absolutely. It’s my home state, so I’m going back to where I started and applying all the lessons learned from King County and LA County and bringing them back. I really appreciate the people here. I hope we can make a difference and put the state on the right track.

Previous Equinix and Partners Test Sustainable Innovations in Data Centers
Next Business Continuity Products Help Cox Customers Maintain Services Even During Challenging Times | Sponsored: Cox Business