PROVIDENCE — Government watchdogs say it is “shortsighted” for Governor Gina M. Raimondo’s administration to eliminate the state’s first cabinet-level cybersecurity officer position at a time when cyberattacks are on the rise and the 2020 presidential election is on the horizon.
In April 2017, the administration trumpeted the hiring of Mike Steinmetz as the state’s first cybersecurity officer and its homeland security adviser, saying that “in the ever-changing technology ecosystem, it is imperative that Rhode Island stay up to speed.”
But the administration slashed his $184,446 salary from the budget and at the end of June Steinmetz left to join a Providence venture capital firm. Administration officials said Steinmetz had recently completed a “Rhode Island State Cybersecurity Strategy” and that other parts of state government would now handle cybersecurity and homeland security duties.
John M. Marion, executive director of Common Cause Rhode Island, said the move runs counter to efforts by other states to bolster election cybersecurity. With the 2020 election approaching, the state’s Board of Elections lacks in-house cybersecurity expertise, he said.
“It’s not a time to be letting down your defenses,” Marion said. “It is said cybersecurity is a journey, not a destination. It’s shortsighted to eliminate an important position while on the cusp of an election. No less than our democracy is at stake.”
Watchdog RI founder Ken Block, a software company owner who has run for governor as a Republican and a member of the Moderate Party, called the decision to eliminate the cybersecurity position “classic Rhode Island shortsightedness.”
He said Rhode Island has had a poor track record with recent technology projects, including the state public benefits computer system known as UHIP (United Health Infrastructure Project). He pointed to the rising number of ransomware attacks against cities such as Atlanta, Baltimore and, as noted in Sunday’s New York Times, Lake City, Fla.
“The complete nightmare scenario is happening in governments as we speak,” Block said. “This is not something you can paper your way out of. You have to invest. You need the right people doing the right assessments. You need to implement changes, and those implementations can be expensive and extremely technical.”
Raimondo’s press secretary, Josh Block, said he did not know of any plans to replace Steinmetz. He said Steinmetz was “primarily tasked with” developing the state’s cybersecurity strategy, which was released last month. He said cybersecurity “absolutely” remains a priority for the administration “and we have a dedicated team of people working to improve the state’s cybersecurity efforts.”
Rhode Island National Guard Adjutant General Christopher P. Callahan will assume homeland security responsibilities with a focus on cybersecurity, while Bijay Kumar, the state’s chief information officer/chief digital officer, will continue to work on cybersecurity, along with the information technology division, administration officials said.
“Collectively, the Department of Administration has been working with the State Police, the National Guard and the Emergency Management Agency on a lot of these goals and recommendations, and that work is going to continue,” said Brenna McCabe, director of public affairs for the state’s Department of Administration.
In a June 7 letter to cabinet members, Director of Administration Michael DiBiase wished Steinmetz luck in his new role as director and general partner of College Hill Ventures in Providence.
DiBiase said Steinmetz “led statewide efforts to craft a cyber incident response plan with our agency partners, improved cybersecurity monitoring processes, and partnered closely with the Secretary of State’s Office in leading a multi-agency group to enhance protection of the State’s election systems.”
Steinmetz produced the state’s 36-page cybersecurity strategy document, DiBiase noted, saying the state’s information technology division “will continue to improve the cybersecurity of our state’s enterprise systems to ensure resiliency and protection of our data and assets.”