
Pennsylvania Receives National Award for Cybersecurity

HARRISBURG, Pa. – The Center for Digital Government presented the Office of Administration with a Cybersecurity Leadership and Innovation Award for developing a highly successful process to protect web and mobile applications from online attacks.

“As state agencies move towards delivering more information and services online, we must also increase our efforts to protect sensitive information from hackers and other cyber criminals,” said Tony Encinias, Chief Information Officer for the commonwealth. “Securing web and mobile applications is a critical part of our overall cybersecurity program in Pennsylvania.”

The Office of Administration developed the Commonwealth Application Certification and Accreditation (CA)2 process to identify and eliminate potential vulnerabilities from applications before they are deployed.

Pennsylvania was the first state to implement an application certification and accreditation process. Since 2008, it has lead to the identification of vulnerabilities in 80 applications that could have allowed hackers to access sensitive data or infect computers with malicious software. If successfully exploited, these vulnerabilities could have resulted in over $220 million in estimated costs associated with potential breaches.

The (CA)2 process includes risk assessments, source code scans and penetration testing throughout development of the application. The result is that security controls are built into the application from the beginning, rather than attempting to apply them after the fact.

The Cybersecurity Leadership and Innovation Awards program recognizes state and local government, education and healthcare organizations for their efforts to keep confidential data secure despite evolving threats.

The Center for Digital Government is a national research and advisory institute on information technology policies and best practices in state and local government.