Friday, August 7, 2020

Racial Equity and Animal Advocacy?

During a recent All Hands virtual meeting there was a call to action to look at 21-Day Racial Equity Habit Building Challenge ©. I started to pursue this challenge by reading Peggy McIntosh’s White Privilege: Unpacking the Invisible Knapsack.

In the article, McIntosh lists 25 extraordinarily common things that identify the way white privilege operates in her life. It's often easy to identify when a person is the victim of racism. It is harder to recognize when your normal experience is a product of privilege. Privilege is not experienced consciously; racism is. I want you to read the article for yourself so I will only choose one of the 25 items she listed:

 

“I can go shopping alone most of the time, pretty well assured

that I will not be followed or harassed.” 

 

Although I may have recognized this as an issue for people of color, I absolutely didn’t think of how when I walk into a store the advantage of my racial identity doesn’t make me suspect. It has never been in question. It was the way the world saw me. I had no context of what any other experience was like, even though I knew it existed. 

McIntosh’s list was created in 1989 - more than 30 years ago - yet remarkably more than half of the 25 statements on the list provoked some new understanding on the ease of which I walk through the world. The article encourages readers to make their own list, so I started to think of aspects of my life experience and see what a list in the world around me would look like. It did not take long to find glaring examples.


Outside of my work at the state, I work with non-profits on animal welfare for homeless pets, and this challenge quickly revealed aspects of my life affected by racial equity. Once a week I attend an early morning call with animal welfare nonprofits from across the country. Although it is mostly animal-centric, the group leaders brought forth the conversation of how racism and diversity are handled in the animal sheltering world. And it came with a stark recognition. 


Animal sheltering and welfare is populated by people with infinite compassion for homeless pets. But I completely missed there was a lack of compassion and inclusion not afforded to a large part of the human population by this same seemingly compassionate group of people. Namely, animal welfare in the homeless pet industry is predominantly white. And not just from the staff and volunteers, but from the adoption and fosters we depend on to help us save the lives of homeless pets. Not for the disinterest from people of color, but from the standing homogeneity and current power structure that marginalizes people even in this kind hearted environment.


For instance, Pets for Life data states 3% of pet owners in underserved areas studied acquired a pet from a shelter/rescue. Nationwide, it is 30%. The perception of many in the field is that it is the people, not the system, that causes the low adoption rate. But we have learned that is not true through data and studies. The shelter community doesn't serve these areas populated predominantly by people of color. The discounting of this community not only is a disservice to the pets (the core mission), but it also represents the racism in the homeless pet community. The shelter industry does not equally engage people of color to help save lives.


In conversations with many people during and after that meeting, I realized the industry is rife with a passive, unrecognized racism. Not only are there few people of color as leaders, but there is a systemic issue that prevents people of color fostering or adopting pets. My list started with a simple corollary to the shopping item on McIntosh’s list:


“I can adopt or foster a homeless pet, pretty well assured

that I will not be rejected for the color of my skin.”


I could also say the same for volunteering in a shelter. My race allows me privilege in working in the world of animal advocacy.


Creating our own list exposes the way we pay attention to what is going on around us and the intersectionality of different power structures. In this case, I discovered the way the animal rights movement and racial equity movement intersect. It exposes everyday activities that I take part in have racist overtones, previously invisible to me, and most of my associates engaging in otherwise compassionate, charitable work.



 

I have continued to pursue the 21-Day Challenge, reading most of the material, watching videos, and listening to podcasts. I intend to continue increasing my list. It helps make the invisible visible. It’s not enough to understand where someone’s position puts them at a disadvantage. It is just as important, maybe more so, to recognize how your identity may put you at an advantage you never noticed.

This will be a difficult and uncomfortable place to go.  I encourage you to put yourself in this uncomfortable position. That’s why it is called a challenge. I highly recommend you push yourself to schedule time to take and pursue the 21-Day Racial Equity Habit Building Challenge.


Today's blog comes from Davyd Smith, OIT's IT Director supporting DNR & DOLA


Friday, July 31, 2020

I was approved for a $100K HELOC loan using the Colorado Digital ID™



Are you using your Colorado Digital ID™ for purchases and services requiring identification within our state? It’s a convenient, legal form of identification that’s with you all the time on your smartphone! As the myColorado project manager, I might be a little biased, but when I’m out and about, I take every opportunity possible to see which Colorado businesses are accepting the Digital ID. Below are just a few examples I discovered! 


Colorado Digital ID Use Case


Simple


My husband and I were sitting on the patio of a German restaurant here in beautiful Colorado enjoying a couple of pilsners when we heard a small commotion across from us. The server was asking a young man to provide his ID to serve him alcohol. He was seated at the table with what appeared to be his older brother and their parents, and they were telling the server that he was over 21 years old. After several minutes of back and forth, the frustrated young man stood up, grabbed his phone, and stomped off to his car in search of his wallet and physical driver license. I wanted to sprint over and let him know all about the Colorado Digital ID that’s stored in the myColorado™ mobile app Wallet. It’s simple to set up and use, and it’s an official form of identification backed by Executive Order B 2019 013, signed by Governor Polis on October 30, 2019.


Convenient


I had an experience similar to my friend at the German restaurant - I had left my wallet at home, but the Digital ID came to my rescue. Our washing machine had given up after 15 years and the dryer was holding on by a thread. My husband and I headed to a major hardware store in the area in search of replacements. After we chose what we wanted, the store clerk offered us a 12-month interest-free option for current customers. My husband had never set up an account with them, so they had to use my profile to take advantage of the offer. Often, I don’t bring my wallet when shopping with my husband, and this was the case on that day. Therefore, I showed my Digital ID to help the store clerk find my account and he didn’t flinch! The clerk diligently verified the information on my Digital ID with his computer records and within minutes I was approved to purchase a brand new washer and dryer. 

Secure


Next, loaded with confidence, I decided to put a bank to the test. My husband and I had applied for a $100,000 home equity line of credit, or HELOC. When the time came to close on the loan, we were directed to a conference room at the bank to sign documents and present our IDs. While this time I had my physical ID tucked away in my purse, I was not going to pull it out unless absolutely necessary. (Note: The Executive Order states that merchants may accept the Digital ID, but are not required to at this time.) The bank official asked us for our IDs to take a photocopy of them. I showed my Colorado Digital ID on my iPhone. A bit puzzled, the banker called a notary public into the conference room to validate our identity and proceed with loan execution. I realized that by presenting a Digital ID, no hard copies of my physical ID would be taken. Therefore, this was a more secure process to protect my identity since a hard copy of my physical ID would not end up in a folder in the bank's files.

Reliable


A digital form of identity is here to stay, grow, and evolve. In the last couple of years, I have noticed that friends and family members are increasingly leaving their wallets behind and carrying only their smartphones since many financial transactions can be conducted digitally without a physical debit or credit card. The same goes for providing proof of age, address, and identity here in Colorado! When ordering a drink at a local bar or restaurant, making big purchases, or applying for a loan, you can rely on the Digital ID.


Download myColorado and set up your Colorado Digital ID today! For more information, visit myColorado.state.co.us.

_____________________________________________________________________________

How to set up your Colorado Digital ID:


  • Download the myColorado app on your smartphone from the Apple App or Google Play store
  • Scan the PDF 417 barcode of the back of your physical driver license or state ID card
  • Create an account and get authenticated to access your Digital ID
  • Start showing your Digital ID as proof of identity, age, and residency within Colorado

Note: Because the Digital ID is new and is not accepted everywhere yet, be sure to carry your physical driver license or state ID card wherever you go.

Today’s blog comes from Olga Klinger, Project Manager with OIT’s Customer Office.



Friday, July 24, 2020

The Great Toilet Paper Cyber Hack of 2020: Part 2 - Lessons Learned



Stop! Before proceeding, check out Part 1 of the Great Toilet Paper Cyber Hack of 2020 - posted on July 10, 2020.


Lessons Learned


When I reached out to Hal several weeks later to ask all the questions that kept nagging me about this activity, I learned that Hal had taken several actions to ensure this would never happen again. Hal and I agreed that we should share those as lessons learned.

1) Shop From Known Merchants

As mentioned in Part 1, it’s always best to be suspicious of unsolicited advertisements on social media sites, in emails, and anyplace encountered. No doubt, many of these sites are legitimate with legitimate products to sell; however, as Hal experienced, many of these are created for malicious purposes. Some of these purposes might include:
  • obtaining your credit card, your password, or other personal information;
  • enticing you to donate to a fake charitable cause;
  • or to download malware onto your system.

In Hal’s case, he got a double dose - the site he accessed sold him a fraudulent product and downloaded malware onto his system.

Another point - pay attention to where the items are coming from and where the business is located. Unless you specifically desire a foreign-made product, it’s probably safer to buy from U.S. suppliers.

2) Use Two-Factor Authentication

Use two-factor authentication on all accounts where it is offered, such as social media, bank, shopping, and - most importantly - email accounts. This will help prevent access to your accounts should your credentials be stolen. Additionally, never reuse your passwords across multiple accounts. If the account credentials for one site are obtained, you don’t want them to be used to compromise other accounts.

3) Don’t Store Account Credentials in Your Browser

This one is challenging, I know, but refrain from allowing your browser to store your account credentials. It may seem a convenience but as Hal experienced, if an attacker gains access to your computer, it’s relatively easy to extract and decrypt those credentials out of your browser. Even a rookie can do it! Use a password manager to safeguard your passwords, and ensure you authenticate to that tool using two-factor authentication.

4) Lock Your Computer

Additionally, Hal mentioned that he now locks his computer when he isn’t using it, and for good measure, he never leaves his browser windows open and logged in to his accounts.

5) Backup Your Files

Reloading his computer didn’t concern Hal at all because he had a regular backup schedule and was confident he wouldn't lose any important pictures, documents, or other data. I know many people who back up their data to a cloud service, and many others who use a USB-connected drive. Either of these will work as long as you appropriately safeguard access to your backups. This means two-factor authenticated access to your cloud provider, or ensuring that you disconnect the USB drive and store it somewhere safe. Do not keep it connected to your computer or in your laptop bag once you are done with the backup!


A Happy Ending


Hal assured me that his reloaded computer is working better than ever and that he’s confident this will not happen to him again. Additionally, his cabinets are now stocked full of Charmin Ultra Soft Mega rolls - the authentic product! He committed to never allow his supply get low enough during a global crisis to be tempted to order from any previously unheard of Chinese site! Oh, and subsequently, we learned that Charmin makes their product right here in the U.S.A., so there is no need to send away to China to get this essential product!

Today's blog comes from State of Colorado Chief Information Security Officer Debbi Blyth.

Friday, July 10, 2020

The Great Toilet Paper Cyber Hack of 2020: Part 1

A friend of mine told me this story about how his computer was hacked in his search for toilet paper. This occurred in late March 2020 - when toilet paper was non-existent in stores across the nation. My friend “Hal” (not his real name) told me that he found some Charmin Ultra Soft toilet paper available for purchase online. He did some price comparison and found it to be a fair price - not gouging and not cheap, but reasonably priced. There was nothing unusual to indicate that it might not be authentic, so he ordered it. He was expecting a package of 60 Mega rolls, which should last a while.

Within a day his credit card company informed him that he had attempted to make a purchase from a company in China - it was the toilet paper purchase! Hal authorized it, figuring that is probably where Charmin is made or that it might simply be the only company or warehouse where Charmin was still in existence. And realizing at that point, that the Charmin was coming from China, Hal prepared to wait for his toilet paper. Note: Being the good friend that I was, at this point, I brought him a package of toilet paper!

A couple of weeks later, Hal was out shopping - probably for toilet paper - and kept receiving unrequested second-factor access codes from his bank and retirement account providers. That was a clear tip-off that someone was attempting to access those accounts. He came home to discover some very unusual activity had occurred on his computer while he was out. He noticed that several browser sessions were open using a browser that he didn’t typically use, and that these browser windows were logged into a few of his accounts! He immediately took the computer to his local computer center to have it reloaded; they confirmed that malware was present on the system.

Over the next several weeks, Hal worked with his credit card company, Amazon, and PayPal to have fraudulent charges reversed, and with his bank and retirement account providers to change account information and reset credentials. Additionally, he changed all the passwords saved in his browser and implemented two-factor authentication on all of his accounts. The total charges to be reversed were in excess of $1,000 and this consumed almost two full weeks of Hal’s time! Fortunately, the world had recently gone into quarantine-lockdown, so Hal didn’t have a lot of other things to do.

Adding to the time, delay, and frustration was the fact that most merchant and bank employees had become remote and were not immediately reachable by phone. Almost all of these inquiries and transactions had to be done by email, with return calls by phone, adding hours and days of delay.

Sometime during account cleanup, the long-awaited toilet paper arrived! It came in a box about the size of a shoebox. 60 Mega rolls of toilet paper fit in a box the size of a shoebox!!! So much for lasting a while! So Hal taped the package back together and sent it back to whence it came!

Hal realized that his computer hack and the fraudulent “Charmin” toilet paper from China were related, and he’s confident that when he visited the site to order the toilet paper - or when he returned to check the status of his order - he also received malware. What is interesting is that a few weeks had elapsed from when Hal ordered the toilet paper and when the attacker became noticeably active on Hal’s computer.



Digging A Bit Deeper


When I asked Hal how he came upon this site from which he ordered the toilet paper he said that he saw an advertisement on social media. Ah-ha! One lesson learned: never click on advertisements you see on social media sites. Always shop from known and reputable sources. A typical indicator of fraud is that the item is priced significantly lower than its alternatives. In other words, if the price seems too good to be true, be wary. In this case, 
that particular warning flag was not present.

But this issue nagged at me for several weeks as I thought about how the attacker used a completely separate browser on Hal’s computer, a browser that Hal does not use, to access Hal’s accounts. So I reached back out to Hal and asked a few more questions…

Of course, all my questions would have been easily answered if we could have obtained a forensic examination of Hal’s computer. But Hal had already dropped it off at the computer center and his computer had been reloaded before he told me about the issue.

I determined two potential scenarios in which access to Hal’s accounts may have occurred... 


Scenario #1: Keylogger


The attacker may have installed keylogger software on Hal’s computer and simply captured passwords when he logged in to his accounts. This could certainly explain why there were a few weeks of dormancy before the attacker became active - he had to wait for Hal to log in to collect account credentials.

But Hal told me that he typically saves his password in his browser, and uses those saved credentials when accessing his accounts so he doesn’t have to remember the password. So while a keylogger may have been installed, it wasn’t likely the source of the password collection.


Scenario #2: Browser Password Extraction


A scenario started to form in my mind that somehow Hal’s passwords were extracted from the browser he typically uses. I could see this in a physical scenario in which I might be logged in to my computer with my preferred browser open, and then walk away without locking my computer. Someone (officemate or housemate) could potentially get on my machine, navigate to Amazon, and log in as me since the credentials would be automatically populated by my browser (assuming I had them saved). However, they would have to use the browser that I typically use. This scenario would not work if they attempted to access Amazon using a completely different browser. Was the attacker just showing off?

Another thought. If my officemate or housemate wanted to know what my Amazon account password was, they could access the security setting on my browser and “see” my password! But as I chatted with Hal about this, he reminded me that the attacker would have to know my master password in order to see the passwords saved for each account.

All of the components of the scenario I described above are related to a person attempting to access the computer physically, in person. Similarly, in the virtual world, the attacker would have to remotely access the system, pose as Hal, and either use the currently running browser or launch a new instance of Hal’s favorite browser. This would have likely worked with the remote access the attacker had, but Hal saw no evidence of the attacker having used the browser he left open. And if the attacker did take over the running browser, why would he go to the trouble of using a completely separate browser to log in to Hal’s accounts? It would be a silly and unnecessary step!

It occurred to me that this attacker was a one-trick pony. He had a tool that he liked to use to extract the passwords out of the most common types of browsers, including the one that Hal typically uses. And like Hal, this attacker had a preferred browser too, and it was a browser that Hal doesn’t use. In fact, that browser application didn’t even exist on Hal’s computer before the attack, so the attacker actually installed it!

When Hal visited the toilet paper advertising site, unbeknownst to him, he downloaded malware, which was executed using Hal’s privileges. This malware was likely a remote access program, and since it was running with Hal’s permissions, it looked to the system as if it was Hal. This attacker then loaded his own toolkit onto Hal’s computer. The toolkit consisted of a piece of software designed to retrieve and decrypt passwords from specific types of browsers, and it also included the browser application that the attacker likes to use.

The attacker’s software allowed him to issue a command, posing as Hal, to run a process extracting all the valuable information out of Hal’s browser, including his browsing history, bookmarks, and web browsing cookies. Most damaging, this software also retrieved all of the encrypted account data out of the browser, and decrypted it into a plaintext file. This file, now accessible to the attacker, contained a list of all of the sites (URLs) for which Hal had stored access credentials in his browser, including his username and password for each!


A Rookie!


I’m convinced that this attacker was a rookie, not a professional hacker. Here are a couple of reasons why...


Obvious Actions


The attacker used the browser he loaded on Hal’s system to attempt to get into Hal’s accounts. This activity could have been observed at any time, by Hal! A professional hacker would have retrieved the file containing the decrypted account credentials and moved it to another system. Professional hackers often automate many of these actions so they can retrieve as many account credentials from as many people as possible, in the shortest time duration. And whether or not they use the data themselves, it often ends up for sale on illegal sites. 


Didn’t Hide His Tracks


Most likely Hal caught the attack in action, which is why he saw the browser, and why the malware was observed by the computer center. A professional attacker typically erases all tracks of his existence to lessen the risk of detection and give him more time to make money or purchases using the stolen data.


Daytime Activity


Had the attacker waited until typical North American “sleeping” hours, Hal might not have caught the activity for a while and the attacker would have had more time to access more accounts. 


Triggering Fraud Detection Systems


The attacker kept attempting to get into Hal’s bank and retirement accounts, even though the authentication process kept prompting for the two-factor authentication code. This alerted the account providers that the accounts were being attacked, and they took immediate action to safeguard the account. This also tipped off Hal that someone was attempting to access his accounts.

Stay tuned for "Lessons Learned" in Part 2, coming next week.....

Today's blog comes from State of Colorado Chief Information Security Officer Debbi Blyth.

Thursday, July 2, 2020

Have a happy & responsible 4th of July!

The beginning of the state’s new fiscal year also coincides with the 4th of July holiday. With the COVID-19 pandemic still upon us, the State of Colorado wants you to have a fun but responsible holiday weekend. Whether you are enjoying Colorado’s great, vast outdoors or celebrating with a classic cookout, the state has provided some additional steps to keep one another and our communities safe. 
  • Make it safer - if you choose to participate in in-person activities, keep it small, keep your distance from others, wash your hands frequently, and wear a mask. Don’t be afraid to change your plans if you feel uncomfortable about the risk.
  • Know before you go - check fire bans and local COVID-19-related rules at your destination. If you plan to play in the great outdoors be prepared with appropriate supplies.
  • Prevent fires - It’s fire season, and this year we need to be even more careful due to added threats due to COVID-19. We want to prevent situations where people have to evacuate their homes, firefighters have to deploy to camps, and smoke worsens summer air quality (and the impacts on people already at risk for breathing difficulty). This year, skip the fireworks and campfires.
Together we can slow the spread of the virus and help preserve the vast, great, outdoors where we all love to play.

How to spend the holiday weekend responsibly outdoors -

  • Remember to play it safe and be respectful outside. While using this opportunity to spend time outdoors, please do so safely and responsibly. Our first responders and search and rescue teams are all facing these challenges along with us. Please avoid high-risk or remote activities, as accidents stemming from these types of activities may require extensive resources. Colorado Search and Rescue teams are prepared and ready to respond but could become overloaded if the number of calls increases and the number of available responders decreases.
  • Visit the Care for Colorado website where you will find a fun, one-minute animated video called Steps to Care for Coloradans and the Are you Colo-Ready? Responsible Travel Edition brochure designed especially for those using Colorado's trails.
How to reduce your risk this holiday -
  • The safest thing, for everyone, is to minimize your exposure to others. Activities like camping with people from your household using your equipment are lower risk than activities that involve more interpersonal interaction.
  • We do know there are risks associated with travel. Think through your travel plans. Make sure your plans are comfortable for you and your family. We want people to make summer plans in the great outdoors.
  • If you do travel, make sure that you understand and follow the rules at your destination.
  • Your mask is your passport to the Colorado you love. Make sure that you take it with you and wear it. Follow social distancing guidelines and wash your hands frequently.
  • Those looking to explore the outdoors should check out COTREX to see what trails, trailheads and activities are permissible on state and federal public lands, and what isn’t crowded.
How families can safely have holiday cookouts and gatherings -
  • Summer gatherings this holiday should look different compared to a typical summer. It’s important to keep your distance and keep gatherings small. We’re asking you to continue to have less interactions with less people and do so in a safe way by wearing a face covering, remaining 6ft away from others, and washing your hands frequently. Additionally, being in an outdoor environment is ideal - we have the benefit of climate and sunshine to modify/decrease transmission.
Please be sure to spread the word to your coworkers, friends, and family.


Today's blog comes from OIT Chief Information Officer and Executive Director, Dr. Theresa M. Szczurek

Friday, June 26, 2020

MyBizColorado: A lesson in collaboration

One of the things I love about working at the Governor’s Office of Information Technology is the opportunity to see how innovative and creative our state can be. There are multiple ways this happens everyday in Colorado government, but this one caught my attention. Let me share with you a little bit about MyBiz Colorado...


MyBizColorado is the award-winning system envisioned to achieve the goal of offering the best possible service to the business community. 


Spearheaded by the Governor’s Office and the Secretary of State, this project was implemented in collaboration with the Governor’s Office of Information Technology (OIT), the Statewide Internet Portal Authority (Colorado SIPA), the Lieutenant Governor’s Office, and Colorado Interactive. In addition to the project sponsors and team, participating agencies included the Colorado Department of Labor and Employment, Colorado Department of Revenue, Department of Regulatory Agencies, Governor’s Office of Economic Development & International Trade. This commitment gives Colorado its well-deserved “business-friendly” reputation that encourages so many new businesses to form here. In the first few months alone, thousands of business registrations and licenses were issued to users of the MyBizColorado system.

MyBizColorado offers new businesses a website built with state of the art technology, a user-focused design, and streamlined procedures to help new companies get up and running successfully. What can you do by visiting MyBiz.Colorado.gov? You get a single system to interact with multiple state agencies responsible for new business creation, including the Secretary of State’s Office, Department of Revenue, Department of Labor and Employment, and Office of Economic Development & International Trade.

MyBizColorado is accessible, intuitive, and efficiently helps businesses register with state agencies and obtain the necessary licenses and permits to begin operations. Users will find a resource library and tutorials to help plan and develop new businesses, and numerous prompts along the way that provide assistance or point you to a contact person who can answer questions. With MyBizColorado, users find everything they need in one place – instead of having to go to individual websites for the Department of Labor and Employment, Department of Revenue, and others.

MyBizColorado, which is available in English and Spanish, is especially helpful for small businesses that do not have the resources or staff of big corporations but are vitally important to Colorado’s economy. In fact, small businesses in Colorado employ one million people, nearly half the state’s workforce.

Clearly, Colorado welcomes new business and we’re all willing to lend a hand. We are proud that state agencies collectively built an exceptional tool and resource to support Colorado businesses and help our economy thrive. Click here to watch a short MyBizColorado video featuring Colorado Governor Jared Polis and Secretary of State Jena Griswold. 

Today's blog comes from OIT External Relations Manager Jonita LeRoy, with contributions from OIT, SIPA, and MyBizColorado team members.

Wednesday, June 17, 2020

An Introduction to PEAK: Coloradans’ Connection to Essential Benefits

Colorado PEAK
When Coloradans explore important benefit programs for which they might be eligible—whether it’s food, cash, medical, child care, or other assistance—they can either head to their local county office or use the Colorado PEAK® (Program Eligibility & Application Kit) online self-service portal.

Launched in 2011, PEAK has grown from an alternative application method to an ever-expanding ecosystem of resources that help deliver a better customer experience and bring cost savings to the state through new efficiencies and emerging technologies such as Chatbots.

PEAK—offered in English and Spanish—helps Coloradans discover a variety of benefit programs for which they might qualify through the Am I Eligible screening tool. If residents wish to jump right into the application, PEAK will guide them through the process, and in certain cases, provide immediate confirmation on whether they qualify for certain assistance.


Why it’s critical we get it right

The state currently serves more than 1.3 million Coloradans who receive food, cash, medical, and child care assistance. Approximately 192,000 of those customers access their PEAK account within a given month to apply for new benefits, update their information, make payments, and more. Maintaining a system that adapts to their needs, is available 24/7, and provides extensive customer service ensures that thousands of our fellow neighbors continue to receive the support they need.

Here’s a snapshot of some of the assistance programs for which Coloradans can apply through PEAK:

  • Low Income Energy Assistance Program (LEAP)
  • Colorado Child Care Assistance Program (CCCAP)
  • Supplemental Nutrition Assistance Program (SNAP)
  • Health First Colorado (Colorado Medicaid)
  • RTD LiVE



How it comes together

We’re never working on an island at OIT. Every project, service, application, and enhancement is borne from collaboration. For PEAK, decisions work their way through a robust team that includes the Department of Health Care Policy & Financing (HCPF), Department of Human Services (CDHS), Connect for Health Colorado, Deloitte, community partners, county leaders, and nonprofits.

PEAK in a technical sense

The PEAK application moved onto the Salesforce platform in 2019, but that’s only the tip of the iceberg. PEAK is able to provide Coloradans with critical assistance thanks to the Colorado Benefits Management System (CBMS), the statewide database system through which eligibility is determined for medical, food, and cash assistance programs. Each month, CBMS helps provide Coloradans with more than $60 million monthly in benefits and allows approximately 4,800 end users from the CDHS, HCPF, county departments of human services, Connect for Health Colorado, medical assistance sites, and presumptive eligibility sites to enter or view data.

As you can imagine, every change to this system requires extensive exploration, discussion, vetting, and testing so that Coloradans’ security and privacy are maintained.

Fun fact: CBMS was moved from state data centers to Amazon Web Services (AWS) in 2018, becoming the first integrated eligibility and enrollment system in the nation to do so.


Building for the customer

Since its launch in 2011, PEAK continues to evolve to meet customer needs and the team behind it is always searching for the next evolution. In 2014, the PEAKHealth® app launched to offer a simple way to manage medical assistance benefits, and in 2018, the MyCOBenefits app launched to help Coloradans securely manage food and cash assistance benefits.

One of the most exciting developments in PEAK’s brief history, PEAK Chatbot, was introduced last year. Instead of waiting for a call center agent or needing to find time during normal business hours, when most are working, the Chatbot allows customers to get the answers they need, when they need them. Compared with the previous year’s average, Chatbot helped serve 335 percent more customers. And just as exciting, the Chatbot continues to learn and improve through each conversation.

The work to deliver benefits to Coloradans is never complete, and we’ll follow along with some of PEAK’s exciting developments through this blog.


Today's blog comes from OIT's Health IT Communications Manager, Fred Bauters

Wednesday, June 3, 2020

CIO Theresa Talks: Overcoming Social Injustice

This is an incredibly difficult and dark moment for our community—and for our state and for our country. Unfortunately the racial inequities and violence are not new. The tragic death of George Floyd and so many other people of color throughout our country’s history show how deep the challenges run. My heart is hurting alongside so many others who are feeling the pain of the needless death of another black person in America. But the reality is that this is much larger than the need to hold one officer or a few officers accountable. It’s about a pattern of injustice and unfair treatment that Black Americans and communities of color have endured, not only in our criminal justice system, but in every area of American society.

In the State of Colorado and at the Governor’s Office of Information Technology (OIT), we stand with, support, and value the black community. We are angry, sad, afraid, frustrated. We grieve for the loss of life. We want people to make their voices heard peacefully, not through violence. We strive to turn our emotions into advocacy and positive action. We want to work together to overcome systematic racism and social injustice.


I echo the words of Governor Polis, “As state employees, it’s our duty to not only deliver the best services we can to the people of Colorado, but it’s also our responsibility to help create a Colorado for All, where everyone has the opportunity to succeed, and everyone is treated with dignity and equality... The responsibility belongs to everyone—white, black, brown, local, state and national leaders, our law enforcement community—everyone to ensure a more equitable society, and make good on our national promise of liberty and justice for all... Now more than ever we need to lift each other up and do right by each other.

Customers, vendors, employees, and Coloradans who we ultimately serve, let’s listen to each others’ experiences and share our own. We invite conversation and safe spaces where it’s okay to talk about things like racial injustice and the biases that exist in our society. With this listening and space at OIT, together we seek to create a plan and take action to move our organization to a place with more equity, diversity, safety, opportunity, and inclusion. We can use this dark moment to be beacons of hope and create a more positive future for all. Know that I am ready to do my part.


Martin Luther King, Jr. said, “Darkness cannot drive out darkness; only light can do that. Hate cannot drive out hate; only love can do that.” As you reflect on recent events, please also remember to take time to care for yourself and others. Know you are not alone. Stay safe. Take time off to heal and rejuvenate. Check in on those you care about. Do a random act of kindness, as it is contagious. Show love. Be the light… as a means to drive out darkness. In the words of Elizabeth George, “stars shine brightest in the darkest night.”

Black Lives Matter in Colorado.

Today's blog comes from OIT Chief Information Officer and Executive Director, Dr. Theresa M. Szczurek

Friday, May 29, 2020

myColorado Connects Residents with COVID-19 Resources and State Services from Home

As Coloradans continue staying safer at home, myColoradoTM has proven to be a valuable tool. In fact, more than 51,000 residents have downloaded the State of Colorado’s official mobile appTM to use their Colorado Digital IDTM, receive COVID-19 updates, and access to state services such as driver license renewal and medical, food, cash, and early childhood assistance.

Here are some other things you can do with myColorado:

  • Store vehicle registrations in the Wallet
  • Access 17 DMV Services
  • Search for online state services in one place
  • Receive important state news
  • Search State of Colorado job listings
New features are continually being added to myColorado to provide additional value for Coloradans. For example, a menu of COVID-19 state and national resources can be accessed on the home screen without logging in or creating an account. Resources include access to the School Free Lunch Sites Map, United Way 2-1-1, Do You Have Symptoms?, Colorado Mask Project, Help Colorado Now, and more.

Showing my Colorado Digital ID to merchants has been a great contactless alternative to providing my physical driver license for requesting products and services that require official identification. I also use the app to stay informed about COVID-19 and get up-to-date guidance from the state.

Have you tried myColorado yet? You can download the app from the Apple App Store or Google Play and explore the state’s many online services from the comfort of your home. That’s what I call #DoingMyPartCO. To learn more, visit myColorado.state.co.us.


Today's blog comes from myColorado Communications Manager, Judy Wolff

Friday, May 22, 2020

CIO Theresa Talks: Go With the FLOW to Use the Polarity Strategy

Polarities are part of everything in life, including ourselves. During life, there can be tensions between work and family, controlling and allowing, expanding and contracting state revenues, and more. Instead of seeing a polarity as a problem to solve, honor opposites in life and encourage dynamic movement between interdependent poles. When two or more poles are working together in harmony, the result is more energy, stability, and flow.

EXAMPLE. Take expansive and contractive breathing cycles, explained by Barry Johnson in his seminal work Polarity Management. What's better -- breathing in or breathing out? Neither is better. Both are needed to exist. Exhalation and inhalation are not static, but part of "...an ongoing flow of shifting emphasis from one to the other and back again. Managing polarities requires choosing BOTH (emphasis added) inhaling AND (emphasis added) exhaling."

During these challenging times we may need to “go with the flow” more often. So, how do you go with the flow?” Just like a pendulum moves between two poles with great energy, and without hindrance, use the FLOW technique to manage polarities into an integrated whole.

F - Find your polarity. What polarity in your life needs attention?

L - Learn. What are the two poles? Are you experiencing the downside of an overemphasis on one pole to the neglect of the other pole? Are you stuck so that you are not naturally flowing between poles?

O - Oscillate. Become aware of what actions would allow a dynamic movement between your poles.

W - Watch it work. As you observe the polarity at work (or not at work), take the necessary actions so that there is a healthy rhythm and flow between poles.

The Polarity Strategy is one of six strategies that will help you successfully pursue a passionate purpose. Given the current pandemic situation, getting through this together requires us to dig in and actively manage polarities. Perhaps this is best said as, ROW with the FLOW.


Today's blog comes from OIT Chief Information Officer and Executive Director, Dr. Theresa M. Szczurek

Tuesday, May 12, 2020

CIO Theresa Talks: IT in the Time of COVID-19

Information technology (IT) has never been more important. Consider how IT is helping us all function in this challenging time of COVID-19. The Governor's Office of Information Technology (OIT) is not only helping state agencies and employees stay connected and use technology effectively, we are also teaming up with our agency partners to help YOU — Colorado’s residents and businesses. Below are some examples of how technology is helping us get through these trying times together.

FOR OUR RESIDENTS
Assistance. Major IT applications are in great demand. Examples are Unemployment Insurance (UI) and the Colorado Benefits Management System (the system that powers Colorado PEAK), which provides food, cash, and medical assistance to those in need. Residents who have lost their job are applying for benefits at an all-time record rate. IT systems like these are seeing 10x the maximum load they were designed to support. Now with the new Pandemic Unemployment Emergency Assistance program and the CARES Act, the systems were quickly upgraded and millions of dollars worth of claims were processed in less than a week since go-live.


myColorado. The myColoradoTM mobile app provides residents with secure and convenient access to state services anytime, anywhere. The app's Colorado Digital IDTM enables you to create a secure electronic version of your Colorado driver license or state identification (ID) card on your smartphone for proof of identification, age, and address within Colorado. The app also allows all Coloradans to view COVID-19 information in one place. Residents who are facing hardship can use the app to access benefits on Colorado PEAK. Coloradans can also sign up to receive helpful COVID-19 text and email alerts within the myColorado app. Download myColorado from the Apple App Store or Google Play today!


Do You Have Symptoms? Coloradans can help slow the spread of COVID-19 by reporting their symptoms. The Colorado Community COVID Symptom Tracker collects data so that COVID-19 can be tracked among people who may not be able to or need to get tested for the virus. It helps public health experts and policymakers to map and identify potential hotspots not captured by testing. And by filling out the symptom tracker, the system can connect you with resources that can help with any physical or behavioral health symptoms you may experience during this time.

Hotlines. The state's objective is to route all COVID-19 public health questions through one trusted channel, and then connect callers to the appropriate experts for help. To quickly build up this capability, OIT has utilized Virtual Call Centers and Virtual Automated Agents. We're also providing the technology to allow remote call center workers to receive office calls on their personal phones. The impact has been so great that the concept has spread quickly — first to specialized OIT service desks such as myColorado and next to many other departments.


Other Resources. Stay informed at covid.colorado.gov which provides access to other important information and services including how you can join others in #DoingMyPartCO.

Stay Secure. Be vigilant and watch out for the many COVID-19 scammers who are phishing to steal your personal information or trick you. Be suspicious of unsolicited emails, phone calls, texts, or visits. Check out these tips that we have made available on our Cybersecurity Help webpage.

FOR COLORADO BUSINESSES
Help. Get the latest in COVID-19 economic recovery resources at choosecolorado.com. Resources are available to support small businesses, nonprofits, freelancers, and independent contractors.

Safer at the Office. Offices can begin opening with restrictions beginning May 4. Find recommendations for protecting your staff and customers at Safer at Home: Office-Based Business. Note: Local governments may have established other dates.

FOR OUR STATE EMPLOYEES
Telecommuting Is In. More than 80% of Colorado's 33,000 state employees are working remotely (and many other Coloradans are telecommuting as well). IT is allowing them to do so. It requires the right equipment (a computer, internet access, and a phone), sufficient data and voice capacity, secure access, help through self-service and remote technical support, online training, and a "tech kit" offering written instructions.
Virtual Connections. Using audio, web, and video conferencing, we're staying connected virtually. Other means are internal organizational chats, texts, emails, and plain old phone calls. And to have fun with it, we have theme days where we wear hats, cool sunglasses, or school colors.


SUMMARY
Recall Viktor Frankl's quote from Man's Search for Meaning, "Everything can be taken from a man but one thing: the last of the human freedoms — to choose one's attitude in any given set of circumstances, to choose one's own way.”

Have hope. You are not alone. Help is here for individuals, businesses, and telecommuters. Even as we move into the Safer at Home phase, stay at home as much as possible. Always wear a cloth facial covering when leaving home. Remember, you are resilient. You are strong. This too shall pass, and we will get through it together. Let's be grateful for all we have and let's stay connected. Choose to be optimistic.


Today's blog comes from OIT Chief Information Officer and Executive Director, Dr. Theresa M. Szczurek

Tuesday, May 5, 2020

COVID-19 and Cyber Threats

Everyday I receive threat intelligence from multiple sources warning of ongoing COVID-19 related threats. These bad actors are sending emails, placing phone calls, or even creating fake websites claiming to represent legitimate organizations, all designed to get your personal information. With fear and uncertainty, it can be all too easy to fall victim to these scams. In fact, in the last week I've spoken to two different people who have fallen victim to a COVID-19 related scam.

At the Governor’s Office of Information Technology, we continue to remind people to maintain a healthy sense of skepticism and to be on the lookout for these threats. We've created two new resources to help keep you one step ahead of the bad actors - feel free to share them as desired!

COVID-19: Staying Safe Online.
This document, which is accessible from our Cybersecurity Help webpage, contains a great collection of cyber tips, valuable for detecting COVID-19 threats, scams, and hoaxes. It also includes basic tips for staying safe when online.

COVID-19 Scam Video.
This short, educational video is another tool to learn how to spot current COVID-19 related cyber threats that attempt to get your information or infect your computer. Take a look to learn more.


Today's blog comes from State of Colorado Chief Information Security Officer Debbi Blyth.

Thursday, April 16, 2020

CIO Theresa Talks: Staying Positive During a Pandemic




Matt and Amy of NASCIO, the National Association of State CIOs, talk with Colorado CIO Dr. Theresa Szczurek about her role in the COVID-19 response in her state, how to pursue your passionate purpose, finding success, women in technology, and her overall work in Colorado state government. 

Click here for podcast with Dr. Theresa Szczurek

Wednesday, April 1, 2020

Insights from Julia Richman - OIT's New Chief Strategy Officer


We’re living in some unusual times. Anyone who watched The Walking Dead went through a period of wondering what it would be like to survive isolated on one’s own. While I never did anything about my own ponderings at the time, my husband and I recently went through some planning to think through what we might need at home in the case of social distancing. I’m now left wondering what we’re going to do with all the Eggos and ramen packs he bought once we’re able to commune together again. Especially since the grocery stores have remained open! There are parts of this present crisis that bring me back to past work in emergency planning and response. While very painful at the time, it is instructive to me now.

Shovel Ready. After the market crashed in 2008 and the fed signaled a stimulus package was on its way, I worked with the Commonwealth of Massachusetts helping the state prepare for the receipt of those federal dollars. The state had stood up about a dozen task forces with more than 100 people from different levels of government to think through its emergency response. Anyone working in government during that time may remember how “shovel ready projects” were the name of the game. What we learned was, not much was shovel ready for any department, in any state. Then most of the funding ended up following standard federal funding channels instead of going to discrete projects. We had built a model for preparedness for something that didn’t come to pass.


Emergency Preparedness. I finished that project and began working to help create the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness, which was a new agency coming into existence in response to hurricanes Katrina and Rita. I worked in a shopping mall that had been destroyed by the hurricanes. It had visible water damage up to eye level. It looked like the old Cinderella City mall had married a tsunami. My team of developers worked from indoor aluminum picnic tables for months. 

Resilience. I joined the City of Boulder in 2017, three years after the catastrophic flooding occurred from what amounted to the average annual amount of rain falling in the course of five days. As a result of the lessons learned during this event, we undertook both emergency preparedness activities at the city and, as CIO, I also pushed a lot of initiatives that would enable a resilient, redundant, and mobile workforce, recognizing that disruption is likely the new normal. During my time, we piloted remote city council meetings, moved away from a license based VPN approach to a different set of tools that enabled everyone in the city to securely connect from anywhere, we embarked on DR in the cloud, got off of on premise individual file servers, and were in the process of migrating shared file storage to the cloud when I left. We invested in collaboration software to allow for teaming, anywhere, any time. 

Now that we’re working through many of these challenges in the state, I’m proud to think of how resilient those efforts have made those organizations and how we can do the same for the state. I keep thinking about the lessons I can take from those experiences into this current emergency; other than confidence in knowing that it will eventually end. Here’s what I’ve got to offer:
  1. Never waste a crisis—Change can actually be easier in times of disruption. Use this time to push more heavily on existing critical investments in cloud, collaboration, and redundancy tools.
  2. Teamwork is everything—Did you know you’re more likely to survive a disaster if you know your neighbor? I like to think that anyone can be our neighbor and that even in social distancing, staying connected to one another will help us work through any obstacle. 
  3. Work can get done under any conditions—You may feel scattered working from home at the kitchen table for days on end, but you may also be surprised at how productive you can actually be taking more small breaks for things like sick kids or making lunches, rather than staring endlessly at your computer screen. 
  4. Learn from everything—Even as emails and deadlines are flying, the pressure cooker we’re in right now can be really informative as to future shocks and stresses on our systems, tools, and teams. Take some time to jot down your observations, opportunities for improvement, and new ideas that come from these challenges. You might not be able to take action yet, but eventually you will! 
I’m so proud to be part of OIT and while my time has started off with government imposed social distancing, I already feel close to my OIT colleagues.

Today's blog comes from OIT Chief Strategy Officer Julia Richman

Friday, March 20, 2020

CIO Theresa Talks: You Can Overcome Fear

“...the only thing we have to fear is fear itself,”
said Franklin D. Roosevelt in his 1933 inaugural address. 

These are challenging times in Colorado and around the world with the onset of COVID-19. The degree of uncertainty that exists can understandably breed anxiety, and messages that intend to inform and help can make people more afraid. However, w
e can and will get through this together! 

In my research study about factors that help and hurt in successfully pursuing a passionate purpose, I asked people what holds them back and what encourages them in their pursuit. One of the biggest hindrances is FEAR. Fear causes self-doubt, anxiety, and anger; fear is a heavy burden. What would your life be like right now if you could cast out that fear?

Sometimes fear can help you to take action and avoid danger. For example during the COVID-19 pandemic that means enacting social distancing, practicing self-isolation, and thoroughly washing your hands. It can stop you from crossing a dangerous road or from getting hurt. However, so often fear is NOT rational. It can turn into obsessiveness - thinking about something over and over until you are immobilized and cannot take needed action. Fear can block effective movement.

Once you are aware of the potential negative impacts of fear, the next step is to take appropriate action. Use the “Pack Strategy” to unpack hindrances and pack energizers for your journey.

Here are some practical pointers:
  1. Lead. Take positive action, be calm, and be strong. Often this means focusing less on yourself and more on helping others. Work on being fearless.
  2. Select. Get in touch with what triggers you and be selective in what and who you listen, watch, surf, invest time in, and talk with.
  3. Use good judgment. Determine whether your fear is rational or irrational. If irrational, force yourself to quiet your mind and focus on positive aspects of life. When there is real danger, your body reflexively mobilizes to avoid it, minimize it, or fight through it.
  4. Be optimistic. Carry a hopeful, upbeat disposition and believe that good prevails. Repeat positive affirmations. Think of the good work being done by so many government employees, medical personnel, public health workers, non-profits, and businesses to proactively address the current challenges and ensure your safety.
  5. Surround. Circle yourself with less fearful people. Surround yourself with people who are not afraid. A recent research study showed that happiness is contagious. If you are around happy people, you will be more happy. If you are around fearful people, you will be more fearful. So find happy, kind, unafraid people with whom to associate.
Summary.
We human beings are strong and resilient, perhaps stronger than we even know. Unpack fear itself from your life. Strive to appropriate action, be aware of fear triggers, use good judgment, stay positive, and surround yourself with unafraid people.

Today's blog comes from OIT Chief Information Officer and Executive Director, Dr. Theresa M. Szczurek