PIERRE, S.D. — The scandal unfolding in Iowa, where software allowed some results to be rigged in multi-state lotto drawings, has added to concerns among South Dakota Lottery officials, spurring them to proceed Thursday in requesting proposals for a security review of South Dakota Lottery facilities.
The review also would cover the statewide video-lottery system and the statewide lotto jackpot system.
Each separately connects with hundreds of private businesses.
The scratch-ticket system also would be analyzed.
State government gets more than $100 million annually from them.
The commission received a presentation on cyber security Thursday from Jim Edman, a top official in the state Bureau of Information and Telecommunications.
"This is a worldwide issue. We are not immune from it in South Dakota," Edman said.
Commission member Roger Novotny, of Fort Pierre, said BIT has done well staying ahead of hackers. He said the soft spot might be third-party vendors.
Novotny said he's confident that major vendors to the South Dakota Lottery have high-level security in place but, he asked, are there security checks?
"I think that's our greatest risk," Novotny said. "I don't view them as risks necessarily, but I don't know."
Edman said BIT deals with third-party vendors "all the time" and finds a range of attention paid by them to cyber-security.
The challenge is getting the vendors to understand "we are on the same team here" and BIT isn't interested in their proprietary business knowledge, Edman said.
The greatest frustration comes with vendors who don't understand that philosophy, he said. He called it "critical" to have outside experts play the role of hacking to test systems, policies and people.
Novotny wondered whether there should be some sort of regular report and whether third-party contracts should specifically cover the security issue. He suggested hiring an outside tester.
Novotny mentioned the Iowa lottery scam. "It was bigger than earlier anticipated and it was broader," Novotny said.
He doesn't want a broad-scale attack originating from South Dakota. "It would be a multi-million dollar disaster, not just for us but for other states," Novotny said.
Edman replied that BIT "would certainly participate" with the lottery staff on tightening contracts and conducting third-party risk assessments.
Norm Lingle, the lottery's director, told Novotny his points were well-taken. Lingle said BIT is "looped in" when the lottery works with vendors.
Edman said, "You need to lay the expectations on this particular topic; cyber-security is very important."
Commission member Jim Putnam, of Armour, said the threat of cyber crime is "frustrating" to anyone with an electronic device.
"In days gone by, we knew who the Dalton Gang was, and when they came to town, they went to the bank," Putnam said.
Putnam said there is tremendous pressure to conduct business electronically and it relies on trust. Putnam said the Iowa case is providing information.
Edman replied that the skilled cyber criminals seldom leave a trail.
"Finding the bad guy is more difficult than finding a needle in a haystack. It would be finding a needle in South Dakota," Edman said.
Timeline of the biggest crime in US lottery history
The following is a compilation of Lottery Post news coverage chronicling the Hot Lotto mystery and subsequently discovered crime.
We start the timeline with a news story indicating that only 3 months remained for the $16 million Hot Lotto jackpot to be claimed.