DETROIT — Citizens don't care if cyberattacks are becoming more frequent and more sophisticated — they want their data safe and services kept operational. On Oct. 26, a crowd of about 800 gathered at the 2015 North American International Cyber Summit (NAICS) to listen to security experts, watch live exercises and compare notes on how to subdue one of government's most cumbersome beasts.
The event was hosted by Michigan Gov. Rick Snyder, who warned that today's world is rife with cyberthreats that range from every room of the home to the most secure government facilities.
"Isn’t it wonderful what is going on with IT in our lives? We should be embracing it! We need to be equally responsible with respect to cybersecurity," Snyder said. "[There are] 2.5 million cyberattacks on the state [of Michigan] every day."
Maj. Gen. Reynold Hoover, director of intelligence for the chief of the National Guard Bureau, pointed out that millions of daily cyberattacks add up to 179 million blocked Web attacks annually.
Since the NAICS was founded four years ago, both the state of Michigan and the nation at large have matured in their understanding of the growing cyberthreat landscape and in their ability to handle those threats, but there's still a lot of work left to do, said Michigan CIO David Behen.
"I would recommend that organizations, public, private, everything, really focus on that detection and response," Behen said, referring to the four-part model of protection, detection, response and remediation. The infrastructure needs to be ready, he said, but the executive support and partners are critical for that, too.
Michigan can thank much of its own progress to agency partnerships and executive support from both the governor and the Legislature, Behen said.
"I think that's really critical, because they're really driving us to do more," he said. "And then also I have to mention that Gov. Snyder is really a true leader in this, so the executive sponsorship we have under Gov. Snyder has really helped."
Despite the progress, educating people on how cyberthreats work remains one of the most difficult challenges, Behen said.
"There's approximately 48,000 employees at the state of Michigan, almost 10 million citizens," he said. "How do we educate them? How do we make them aware so that things like malware and the phishing emails, how can they detect that and make sure they don't click on that email? I think that is still the most important piece."
Behen's concern about how malware enters the system was well-founded.
"Ninety-six percent of breaches involve the endpoint," said Ben Cotton, CEO of CyTech Services. "Ninety-two percent of breaches are perpetuated by outsiders, ... and 97 percent of companies are already breached, the majority from special purpose malware."
Organizations need to stay vigilant, Cotton said, because though most believe they can detect attacks, the numbers show they can't.
"More than 93 percent of breaches are detected by people or organizations external to the attacked organization," Cotton said, adding that organizations need to watch their end points and cyberdata as often as possible.
Michigan isn't the only government being attacked millions of times. "There is nothing that occupies my attention more than cybersecurity," said Detroit CIO Beth Niblock.
Across the event's speakers, presentations and live exercises — like one international demonstration involving Latvia, Estonia, California, Texas and Michigan — there was a call for continued growth. To sustain defense against mounting threats, the nation needs to train its students from an early age to prepare for careers in cybersecurity, the governor said.
And at Davison Elementary-Middle School in Hamtramck, Mich., students are getting that start by doing first-level tech support and tech maintenance for the school as part of a program called the Techno Dragons.
"This is how we should be engaging our students,” Snyder said.