State CIO hunts for Wi-Fi security violators

Find opportunities — and win them.

Delaware's CIO is showing state agencies that he intends to speak softly but carry a big stick: The new Delaware Department of Technology and Information has employed sniffer software to see whether agencies have deployed Wi-Fi networks that meet state standards for such networks.

Taking a page from the book of President Teddy Roosevelt, Delaware Chief Information Officer Tom Jarrett is showing state agencies that he intends to speak softly but carry a big stick.The new Delaware Department of Technology and Information has employed sniffer software to see whether agencies have deployed wireless fidelity, or Wi-Fi, networks that meet state standards for such networks. Each month the department checks a different location for non-standard, or "illegal," use of a Wi-Fi local area network. During the course of one such check, the department discovered a serious violation, Jarrett said. "I told the agency to cease and desist or in two days I would take them off the network," Jarrett said. Because the agency was "running wide open" with Wi-Fi, they were putting the entire network community at risk from hacker and virus attacks, he said.Monitoring of non-standard Wi-Fi networks is just one way that Jarrett has tried to improve network security since he began serving in September 2001 as state CIO and director of the Department of Technology and Information Services. On the eve of his appointment, the Delaware legislature created a department on par with other cabinet-level departments and agencies to oversee the state's technology investment. For the past two years, Jarrett has overseen the transition from the Office of Information Systems to the Department of Technology and Information.The new department serves as the sole authority responsible for setting standards for IT deployment. Agencies are required to screen their IT projects with the department before they get funding approval."I wouldn't have taken this job if it was the original organization," Jarrett said. "If you are coming in from the private sector with no public sector experience, you want to come in and affect real change."The legislation has enabled the state to build a new technology department "completely outside of the normal constraints that a department or agency normally is saddled with," Jarrett said. The new department was set up outside of the state's merit employment system and its managers were given the power to pay employees market rates.Before taking the CIO position, Jarrett was director of government, education and philanthropy affairs for Verizon Delaware Inc. The position, which involved close work with state lawmakers, allowed him to forge relationships that have helped his current job. Jarrett, who also is an active member of the Lexington, Ky.-based National Association of State CIOs, was elected vice president of the association in April.The two-year transition from the Office of Information Services to the Department of Technology and Information will be completed in June. When he took over the Office of Information Services, it had 209 employees, including full-time employees and contractors, Jarrett said. The new department, which does not employ contractors, lost a few dozen people during the transition process, he said. The new department has an annual budget of about $40 million and has 148 employees, Jarrett said. When the transition is completed next month, it will be close to its original staff size, he said.When he came on board, the state was paying "an exorbitant amount" of money to contractors, many of whom has been working for the state anywhere from five to eight years, he said.That length of service is "a full-time employee where I come from," he said. The new salary system has allowed the department to offer former contractor employees a competitive salary, he said. Jarrett's short-term goals are to improve network security, undertake server consolidation and complete the conversion of personnel from the Office of Information Services to the Department of Technology and Information. Beyond that, he hopes to review and revise the state's strategic technology plan and establish technology standards for state agencies. The standards will address such matters as Web publishing, servers and network security, he said.The Department of Technology and Information is planning to release a request for proposals for professional services later this year, Jarrett said. The contract, which is expected to be worth several million dollars, will provide IT services for state agencies. In addition, the department will issue an RFP next year for statewide long distance service. Through the contract, the state is seeking toll-free service, directory assistance and other services. This project also is worth several million dollars.While the state has a projected budget shortfall of $300 million for fiscal 2003-2004, state budget problems to date have had little impact on the department, Jarrett said. The department goes to great lengths to explain the importance of key IT and telecommunications projects to the governor and legislature, he said. The department explains the cost, rational and risk associated with not undertaking the initiative, he said. Among these imperative initiatives are IT security and disaster recovery, a statewide upgrade to Windows 2000 and an upgrade of the state's telecommunications backbone, he said."A lot of stuff we're doing right now you just can't take the risk on," he said. "It's not that if you aren't going to give me the money you're hurting me, you're going to hurt every customer that I am charged to serve."

Monitoring of non-standard Wi-Fi networks is just one way that Tom Jarrett has tried to improve network security since he began serving in September 2001 as state CIO and director of the Department of Technology and Information Services.

Henrik De Gyor