Phyllis Schneck, deputy under secretary for cybersecurity and communications within the U.S. Department of Homeland Security, at NASCIO Annual meeting in Nashville, TN. photo credit: Dan Lohrmann
Another Cyber Security Awareness Month launched this week in new and exciting ways. The 2014 kick-off event in Nashville, Tenn., included a large audience full of state government chief information officers (CIOs) and chief information security officers (CISOs) from across the nation. The National Association of State CIOs (NASCIO) and Multi-State Information Sharing & Analysis Center (MS-ISAC) joined forces with federal agencies, private-sector companies and the National Cyber Security Alliance in an unprecedented joint meeting to highlight the importance of actions to protect data in cyberspace.
The theme this year is: Our Shared Responsibility. Presidential Proclamations, nationwide events, newsletters, public service announcements and more have begun in earnest at businesses and government offices all across the nation.
Here’s one public service announcement that was just released:
The keynote speeches, predictions and warnings given on the last day of the NASCIO Annual Conference were eye-catching. Here are some quotes that were highlighted by one local newspaper:
"We've become entrenched in an ever-escalating battle to secure our systems from a determined and increasingly capable enemy," Mark Bengel, state chief information officer, told hundreds of experts gathered in Nashville….
"We will get attacked," said Phyllis Schneck, deputy under secretary for cybersecurity and communications within the U.S. Department of Homeland Security. "You will turn on the news every morning and see probably another big name (company) assessing a data breach. It will happen, like having a rainy day."
You can watch Phyllis Schneck's speech, along with the other opening speeches from technology and political leaders in the following video. (Note that a public service announcement runs first.)
Later in the morning, a panel discussed the recently released results of the 2014 Deloitte-NASCIO Cybersecurity Study, which surveyed state CISOs. This is the third such report, with previous versions in 2010 and 2012.
The highlights of the study included:
The panel discussion on the new Deloitte-NASCIO Study can be seen here:
The morning concluded with a speech by Michael Daniel, special assistant to the president and cyber security coordinator. He highlighted how the work that we need to be doing is getting harder in numerous ways – from the Internet of Things to teaching cyber etiquette to everyone in society. He also described the need to review network defenses using a risk management framework, just as other business risks are assessed.
Mr. Daniel concluded by explaining the Council of Governors Joint Action Plan for State-Federal Unity of Effort on Cybersecurity. This plan refines authorities, roles and responsibilities for state and federal entities, along with identifying capabilities available in identifying, responding to, recovering from and mitigating the effects of cyberattacks.
Finally, Mr. Daniel described the National Initiative on Cyber Education (NICE) to train and attract the right talent to work on cyber projects in the public and private sectors. You can see his entire speech here:
JP Morgan Chase Steals The Attention
But just as Cyber Security Awareness Month was getting started, the announcement came out on Thursday that more than 80 million records at JP Morgan Chase were accessed illegally. While it appears that no credit card data was stolen (for now), the scary story underlined the stakes in this cyber battle.
On Friday, it became clear that the hackers cracked ten financial firms in the major assault. Here’s an excerpt from NYTimes.com:
Questions over who the hackers are and the approach of their attack concern government and industry officials. Also troubling is that about nine other financial institutions — a number that has not been previously reported — were also infiltrated by the same group of overseas hackers, according to people briefed on the matter. The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government, the people briefed on the matter said.
It is unclear whether the other intrusions, at banks and brokerage firms, were as deep as the one that JPMorgan disclosed on Thursday. The identities of the other institutions could not be immediately learned.
Indeed, a deeper look at the surge in major security breaches involving tens of millions of customers from Target to Home Depot to our most well-funded banks can lead to sense of panic by consumers regarding digital safety. Thankfully, there has not been a major pull-back of Internet banking or online shopping – yet.
The scale of scope of these breaches are unprecedented in 2014, and they lead many cyber experts in non-banking industries to wonder whether the hackers can indeed be stopped at all within organizations that spend even less than banks on cybersecurity.
Michael Daniel, Special Assistant to the President and Cyber Security Coordinator - credit: Dan Lohrmann
As we head into 2014 midterm elections, technology and security leaders are doing more to protect data than ever before, but sleeping less. The cyberattacks seem to be relentless. Insider threats are also growing.
And yet, like most cyber leaders who gave speeches this week, I remain an optimist regarding cybersecurity. The attention and support given to cyberdefense efforts continues to grow, and that is a good thing.
There are many cyber summits all across America this month, like the Wisconsin Cyber Security Summit that I will be speaking at this week along with leaders from all over the world.
I urge readers to take personal action right now. This U.S. Department of Homeland Security (DHS) cybersecurity awareness website offers some good suggestions: http://www.dhs.gov/national-cyber-security-awareness-month-2014.
In conclusion, as I take a step back and examine our overall situation regarding cybersecurity in October 2014, my thoughts go to the famous words written by Charles Dickens at the beginning of A Tale of Two Cities:
“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of light, it was the season of darkness, it was the spring of hope, it was the winter of despair….”
And, it was the autumn of awareness.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.