Over the past number of weeks, Sajed Naseem, CISO for the New Jersey Courts has been on a mission to ensure that justice could be preserved in this new remote working world. He has been an instrumental piece of the institution’s transition to remote court proceedings across 750 locations and more than 50,000 devices.
I sat down with Sajed to talk about this important mission, as well as the unique challenges posed by moving court proceedings online at scale for the first time. We also spoke about how his role has evolved during this time, and how he expects this crisis to change the CISO role going forward:
How do you think the role of a CISO has evolved as a direct result of this crisis?
While a lot of my job is as a chief information security officer, I view this as directly connected to helping justice get done. Technology was an enabler for that before, but it is truer than ever now that a significant portion of hearings are happening online. As this evolves, I take it upon myself now to ensure that everyone knows how to use this technology effectively, including our attorneys and bar associations so that clients can continue getting strong representation during this time.
So much of our lives now revolve around technology, from our homes to our offices. CISO’s need to work directly with leadership on how cybersecurity is linked directly to the company’s survival. In our case using cybersecurity to provide better security, privacy which is tied to social justice and the job of the NJ Courts. Security leaders need to start seeing themselves in a way directly tied to the company’s present and future.
As we have seen with recent breaches, Equifax, Marriott and others that the human component, cybersecurity readiness and performance, is directly linked to overall cybersecurity. Much greater measure focus needs to be on cybersecurity readiness and performance and how it links to the overall cybersecurity “technical infrastructure.”
What about your team? How has your team had to evolve to adapt to this new landscape?
We are now more integrated across the full organization than ever before. It’s our job to make sure that, even though people may be using technology instead of showing up in person, that they can still get justice and we can eliminate any disparities in the same way we would in a physical court. For instance, if someone is called into a hearing but may not have a newer computer at home, will that quality affect their court case? In addition to that, is the environment they are sitting in conducive for a hearing or does it give them sufficient privacy to be able to do what they are supposed to do in a remote hearing. We are looking at all these issues closely and addressing them to ensure justice can be carried out fairly, even in this new remote world.
What was the biggest challenge you faced in getting the entire court system transitioned to remote?
In just a matter of months, we’ve done from being a court system where clients, attorneys, judges, and juries come in physically to ensure justice. Now, nearly all of that is happening online. As soon as the pandemic hit us, we needed to first ensure that justice could still be transacted remotely. Then, we had to ensure that we could secure that environment, knowing full well that justice can’t be served if it is not secure.
In executing that, the biggest challenge we faced is making sure that our most important assets – our people – understand that the protocols, the governance, and the things we put in place in the physical world continue to be followed in the virtual world. To do that, we need to be able to communicate about our network security and infrastructure and how that is the same, but without being able to go into the data center or having the same privileges that we had before. We’ve had to utilize cloud platforms, ones we were testing out before this crisis started but we are now diving in headfirst with.
One challenge that is unique to courts systems more broadly is how much it can vary from local area to local area or depending on the level of government. I had someone reach out the other weekend from a municipal court, which often deals with smaller ordinances like an issue with a neighbor or someone who can’t pay their taxes, to ask advice on security. Their challenges are likely different than a national court, which may be catering to different people in different states with different level of technology access. Each of these areas also will have a different level of funding from their local or state government. I’ve been working on security guides to help some of these smaller courts open up to help people in their areas, but it is certainly a challenge.
Many companies are talking about keeping some of the aspects of remote work post-pandemic. Do you think courts will stay remote?
I think there will a lot of remote work that carries over past this crisis. While it ultimately comes down to a county-by-county decision on social distancing standards, I think that many courts will continue to operate remotely at least to some extent to ensure everyone can stay healthy and safety. That means the steps we are taking now to ensure these proceedings are secure will be important for a while to come.
How do you anticipate your security strategy changing long-term as a result of this crisis?
One of the major things we have done is we had purchased a network access control system, which was to be key to our security network posture infrastructure. We had already been working on that, but we ramped it up more quickly as we moved to a more virtual workforce. Our landscape was suddenly different and we had to make policies that go directly into compliance in those select strategic areas. We are continuously upgrading those and looking for ways to do mitigation, while at the same time allowing people to continue to connect remotely.
We have gotten deeper in our focus on cybersecurity readiness and performance, information governance and how it ties in with our network access control system and we expect the measurable human variable to incorporated into our technical infrastructure to thwart cyberattacks. If you can’t see it, measure it, you can’t fix it.
To learn more, check out this webinar with Sajed Naseem, where he shares more details about what the state of New Jersey did to ensure justice could continue safely and securely during the COVID-19 pandemic crisis.