Security Experts:

South Carolina Budget Proposal Seeks More Funds for IT Security

South Carolina Governor Nikki Haley has asked for $6.3 billion dollars in her budget plan that addresses the state’s fiscal calendar for 2013-14, which starts July 1. Of that, $47 million is for IT spending.

While $47 million in IT spending seems like a solid start for the state, Haley’s budget request would see 40% of those funds going to repay the South Carolina Budget and Control Board, who loaned the state $20 million in recovery funds for the massive data breach discovered in October.

South Carolina Map

The loan allowed for $12 million in fees for credit monitoring, $5.6 million for encryption and dual passwords at the SC Dept. of Revenue (where the breach happened), $1.3 million in notification costs, and a $750,000 to Mandiant for a generic breach report and assessment that was released in November. As part of the budget, Haley asked for $3,000,000 in non-recurring funds to be set aside for IT security improvements.

Earlier this month, IT officials within the state’s various agencies rated the overall level of information security as less than adequate. Marcia Adams, executive director of the State Budget and Control Board, said that the state doesn’t really know what they have in place with regards to existing IT security controls and solutions.

Of the budget’s remaining $16 million or so for IT spend, most of it will go towards securing a single vendor to help adopt a statewide plan for security, which would be controlled and managed from a single location. However, the RFP isn’t likely to be written until after the money is approved.

"This year, I am again recommending that SCITS be funded out of available non-recurring revenues, along with several other IT security projects in other agencies. These steps will help to secure our electronic systems and records, but as the initial reports on the data breach show, a serious approach to technology requires that we take an enterprise-wide perspective,” Haley said.

“The inescapable conclusion, as countless good-government advocates and editorial page-writers have observed in the past decade, is that it’s time for a Department of Administration,” she added.

Related: Stolen Login Credentials, Poor Security Practices Led to South Carolina Data Breach

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.