Firewalls, antivirus not enough, says leading county CISO

Maricopa County, Arizona, CISO Michael Echols says that increasingly sophisticated threats require equally sophisticated defenses.

County government officials are coming to the same conclusion their federal, state and local counterparts have reached: Traditional cybersecurity practices aren’t cutting it anymore.

Firewalls, intrusion preventions systems and antivirus software are quickly becoming relics as the proliferation of advanced malware has accelerated in past years, argued Michael Echols, chief information security officer of Maricopa County, Arizona, the nation’s fourth largest county.

To stay on top of the game, Echols said, government needs to adopt a more proactive approach.

“It’s really important to understand the characteristics and effectiveness of the security measures that you have in place,” he said in an article for the National Association of Counties. “We have a multi-tiered approach and implement the best identification technologies available, but we also supplement this with a predefined mitigation strategy so that we know exactly how to handle anything that requires immediate attention.”


Government databases, which contain financial, medical, criminal and personal identification information, represent a high value target for hackers. Without state of the art protection methods, this data is put at risk.

That risk came into the spotlight in the wake of several high-profile national breaches, notably the recent OPM hack that may have compromised up to 18 million government personnel files. Citizens, according to Echols, deserve accurate information about the threats and peace of mind that their information is secure.

Read: “What states can learn from the OPM Breach

“We put a lot of energy into educating the community; the challenges we face are the same ones they are going to be facing at home,” he said. “We feel a responsibility to share the best practices that will help our citizens to be safe online. We try to present a realistic view of the threats, as well showing what steps can be taken to minimize the dangers.”

Maricopa County recently mandated a new set of initiatives to ameliorate security systems that are becoming obsolete. Among these is the employment of network security company FireEye to provide real-time asset monitoring.


For Echols, preparation is paramount.

“It’s really a numbers game: I’ve got to be right every time but the attacker only has to be right just once,” he said. “We have implemented the very best defenses but are equally well-prepared for the remote possibility of a breach.”

See the full story at NACo County News.

Latest Podcasts