Hero
Header and Body
Tune in May 7 at 2 PM ET
Encrypted messaging platforms have become indispensable tools for communication across state and local government agencies. While these tools enhance privacy and security, they also introduce new challenges for compliance, records retention, and risk management. With evolving regulatory requirements and heightened public expectations around transparency, agencies must find ways to manage encrypted communications without compromising security or violating public records laws.
This discussion will explore how state and local government organizations are approaching the complexities of encrypted messaging compliance. Panelists will share best practices for capturing, archiving, and supervising encrypted conversations across multiple channels. The conversation will also examine strategies for balancing data privacy with regulatory obligations and mitigating risk in an environment where digital communications—and the regulations surrounding them—are constantly evolving.
Speakers
Mike Watson
CISO
VITA
Mike Watson’s 12 years as Virginia’s CISO have seen him through several CIOs, COVID-19 and the Colonial Pipeline ransomware incident. He’s overseen state defenses as hackers became increasingly sophisticated, resourceful and impactful, and as the spread of connected devices increased the attack surface.
Virginia went from thinking it could detect and block every attempted compromise to realizing the threat was too big and that it must be ready to respond and rebound. Watson helped evolve the state’s defense and resiliency approach, including adopting sophisticated, machine learning-powered suspicious activity analysis tools; automated response systems; updated training; and other new strategies.
When Watson kicked off his career, Virginia was focusing heavily on the confidentiality piece of the fundamental cybersecurity triad of confidentiality, integrity and availability. The state strengthened its approach to protecting sensitive data and responding appropriately should any be exposed. Then ransomware’s rise prompted increased efforts around availability. That included looking at how to maintain operations during system disruption and recover after such an attack.
Now the advent of AI-powered phishing and deepfakes is putting new focus on integrity. Generative AI’s emergence turned the state’s employee phishing detection training outdated “in minutes,” and Virginia is now looking to develop new training. Keeping everyone informed as threats rapidly evolve can be one of the most challenging, but impactful, parts of the job.
Being a CISO is also about relationships and understanding others’ needs. Cybersecurity must avoid being seen as an obstacle to other agencies, which, in their frustration, might seek workarounds to security restrictions, Watson said. As such, when the cyber team deems a proposal to be too risky, it aims to be ready to suggest alternative approaches.
Watson is also deputy CIO and spent a period as acting CIO. That’s given him insight into the budget constraints CIOs face and helped him understand how to position cybersecurity needs within the context of the bigger IT picture.
Promo Image
