For Immediate Release
September 9, 2021
Contact: Kevin Lampe
Dowell Pledges Robust Cybersecurity Program for Secretary of State’s Office to Prepare for Post-COVID Services
Alderman Pat Dowell, candidate for Illinois Secretary of State is pledging to secure and improve the office’s cybersecurity efforts to prevent breaches to the integrity of the data security of the people and businesses of Illinois. Cybersecurity is even more important given the increasing reliance on technology in a post-COVID world.
Dowell’s plan for significant updates and enhancements to the Secretary of State’s website and online presence will make it not only accessible and efficient but also robust, nimble and secure.
Dowell said, “The Illinois Secretary of State website is ready for its next version. With the COVID-19 pandemic, we have seen a rise in remote features for SoS services and determined it would be beneficial to retain remote services as well as increase functionality of the website. But that has to start with significantly increasing cybersecurity for the office.”
Illinois prides itself on being a leader and a progressive state on many issues, including technology. Currently, Secretary of State Jesse White sits on the Cybersecurity committee of the National Association of Secretaries of State (NASS) and Alderman Dowell will continue to put Illinois at the forefront of the cybersecurity issues nationally.
Executive order 2016-01 created the Department of Innovation and Technology in order to move Illinois ahead on digitization and other metrics of technological advancement. We can build on that work by enhancing technological implementation in state offices. Illinoisans deserve the best, and the people would benefit from increased access.
Dowell will make certain that voters are able to register more easily, and business creation will become more accessible and efficient with effective technology implementation and increased cybersecurity.
The security of these systems would be at the forefront of this program. Today, Dowell is proposing a robust cybersecurity program:
Simple safeguards such as two-factor authentication (logins must be confirmed by a second method such as phone or email separate from the website being used) are a practical first step to implement. SoS website users could require 2-factor authentication to make changes online. Simple procedures, such as address changes, parking sticker renewal etc. may only require an automated telephone call for authentication.
More robust changes such as business license submission, business financial information changes, etc. might require a phone call from a SoS representative to confirm in order to reduce fraud. Business identity theft is a potentially major issue, but additional measures will be taken to reduce risks.
There is also secure log-in via mobile applications. Mobile applications can create a walled in service, and two-factor authentication can be built into these applications. However, this would require smartphones which every Illinoisan may not have access to. It would also require a private developer. This could be used as a supplement to web services to increase functionality and convenience.
Ensuring that the SoS website, cyberdrive domain and affiliated subdomains include the most modern cybersecurity software is a top priority. Dowell also supports increasing support staff to maintain and improve these websites in ways that will protect this information.
Remote notary services should be implemented and integrated with the website. Remote notarization can expedite services and can be extremely secure as all interactions via online video meetings can be recorded, along with digital information from users (IP addresses) in order to fight fraud.
Early implementation may have to start with limited services, such as ID and plate renewal. New licenses or certain business registration forms may need to be done in person until the SoS office is confident the website is prepared to handle additional features. The website staff will use in-house testing of any changes to web portals before a live release. Back-up information should be stored offline by secure means, and all development changes will be properly documented to allow for effective troubleshooting should problems arise with the domains.
Administrative access to these networks will be limited to special computers held in a SoS office. These computers are designed to be used with the most modern cybersecurity protocols to reduce the surface area in which hackers can attack these systems.
Unused or underused user accounts will be monitored, and users will be asked periodically to confirm their account information and update password and/or security information. Dormant user accounts are a large cause of website break-ins and should be monitored to prevent such events.
The SoS office will work closely with the Illinois Department of Innovation and Technology and state law enforcement to protect the public from cybercrimes, and to prosecute violators to the fullest extent of the law. This may require a cybersecurity division of the SoS police service, as these domains could be considered an extension of the Capitol, which is currently protected by the SoS.
Cybercrime costs the world trillions of dollars annually and can have severe impact on its victims not only financially, but also emotionally. Additional policing or security could have an excellent return on investment.