Wisconsin records three-year low in cybersecurity incidents

IT staffers in the state credit a multiyear effort for helping Wisconsin shore up its networks.

MADISON, Wis. — Wisconsin IT staffers recorded a three-year low in cybersecurity incidents on state networks in 2015 following a multiyear effort to shore up the state’s security, according to Bill Nash, director of the Bureau of Security Services in the state’s Division of Enterprise Technology.

In a presentation here at the National Association of State Technology Directors’ Midwestern Region seminar Wednesday, Nash revealed that the state had to respond to just 260 security incidents last year, compared to the 1,292 attacks on networks that required attention in 2013.

“That’s not saying that the bad guys are getting less skilled or active in trying to hack us, that’s the opposite of true,” Nash said. “But because we’ve been more aware of the issues and what to do about them, we’ve been able to add some things that have really helped us over the last three years.”

Indeed, Nash noted that, in March 2016 alone, would-be attackers tried to send roughly 150 million malicious emails to state employees. Those made up 96 percent of all emails sent to employees in March.


“That floors me,” Nash said.

Similarly, on one day in March, Nash’s team reported detecting roughly 45,000 instances of people scanning the state’s networks for vulnerabilities, “checking to see if anything was unlocked.”

[Read more: How Wisconsin’s CIO handles data, security, workforce]

Yet he credits the work the state has done since he arrived in 2013 with helping to keep Wisconsin’s networks secure in the face of those varied threats.

Nash believes the state’s work to develop a “roadmap” for revamping its cybersecurity strategy in mid-2013 was the crucial first step for the state. By “stealing from lots of sources” like the National Institute for Standards and Technology’s critical security controls, Nash said Wisconsin was able to identify dozens of projects to work on to make the state safer.


But Nash said his team tried to focus on establishing a “security awareness culture” across the state as well to get workers thinking about cyberthreats.

“It was about building a culture so that people don’t just think ‘Oh, I won a trip’ when they see a phishing email,” Nash said.

Nash believes the state has made huge strides in that area, largely because of their frequent training sessions on the issue. He noted that the state started offering SANS Institute security training in 2013, and got roughly half of all state employees to participate. By 2014, he said that number was closer to 99 percent of all workers.

“Now we’re looking for bigger, better training system so we can beef this up,” Nash said.

But Nash also wanted to put a focus on helping IT workers at the local level get more sophisticated in dealing with the threats, and get them talking with state government to help Wisconsin have a more robust cybersecurity response plan.


Accordingly, last March, the state successfully applied for federal grants to pull together “state, local and tribal teams,” pairing localities with the state for training exercises.

“We’re getting the skills into those local governments when they typically don’t have the money for this,” Nash said. “It’s also building relationships, educating them about things they might not have been worried about before, but need to be.”

Nash noted that this work has also helped the state to draw up a “cyber disruption response plan,” providing guidance for the various public and private entities in the state if hackers should succeed in attacking any of Wisconsin’s pieces of critical infrastructure, like electrical grids or water treatment facilities. While Nash is pleased with how the state’s beefed up its security efforts in response to ordinary threats over the last few years, he’s also hoping to keep an eye on the types of attacks that could represent the next generation of cyberthreats.

“We’re telling the emergency management folks, ‘You’re used to fires, floods, etc. and have developed plans for that, we’re trying to plan for the cyber component of it,’” Nash said.

Contact the reporter at, and follow him on Twitter @AlexKomaSNG.

Latest Podcasts