New Jersey courts CISO attributes stronger pandemic cybersecurity to staff

Legal system, due process and courtroom documents and evidence concept with closeup on a judge gavel or mallet leaning against law books in a dark black background

Though the coronavirus pandemic is still forcing nearly everyone to work from home instead of a central office, Sajed Naseem, the chief information security officer for the New Jersey court system, said Thursday that quarantine’s actually enabled him to speak with his people more frequently, which has had the pleasant benefit of improving the state judiciary’s cybersecurity.

Naseem oversaw a transition of 95% of state court employees to remote environments within weeks of the coronavirus’ arrival in New Jersey, securing devices and network connections to be used judges, attorneys, jurors and others involved in court services. The process — including setting up his own team to work outside of the office — involved more than 50,000 devices to “conduct justice remotely,” Naseem said Thursday during CyberTalks.

But some the adaptations have actually increased the courts’ efficiency, he said. Meetings that previously would have required everybody to move around the office are now handled in minutes or turned into emails, and instead of once-a-week check-ins with some members of his team, he’s able to talk to everybody within 15 minutes over remote conferencing.

“It has allowed that communication and daily interaction to occur. In some ways, it’s made the interaction a lot more continuous throughout the week,” Naseem said.

Naseem, speaking with StateScoop Associate Publisher Jake Williams, said the move to remote conferencing has also spurred an interest in cybersecurity even among non-IT staff, wary of the “Zoom-bombing” incidents that have sometimes disrupted public meetings around the country.

For government employees, he said, just being “aware” of cybersecurity without having the tools to report or investigate phishing emails, for example, is no longer acceptable.

“The moment we went remote,” Naseem said, “there were people who otherwise I had never spoken to in the court system reaching out to say ‘what do I need to do about my cybersecurity?’”

Holding court hearings remotely, Naseem said, presents its own unique legal challenges that other branches of government don’t face. Parties often need to coordinate which conferencing software to use, he said, while inappropriate background images or distractions in the background could disrupt normal court proceedings.

Naseem said the court system formed several committees to explore options prior to going remote, but noted that cybersecurity measures taken by people who form the judiciary — not simply antivirus or phishing detection technology working by itself — are the reason that the state has been able to proceed through this year.

“All the large-scale cyberattacks in the past years … required the human factor,” he said. “Use your infrastructure to improve a lack of training or understanding from people.”