2022 State Cyber Summit Recaps from Kansas and Michigan

I was in Wichita, Kan., this past week as an invited keynote speaker at their Inaugural Kansas Cyber Summit 2022, which was a packed event that reached capacity for the venue. This Government Cyber Summit was organized by the Kansas Information Security Office and brought together stakeholders from across Kansas: K-12 schools, universities, and state and local governments.

The agenda included an amazing opening keynote by Chief Information Technology Officer (CITO) DeAngela Burns-Wallace. I say "amazing" because she is a fabulous speaker who is motivating and very knowledgeable about the importance of cybersecurity and its many potential business impacts to government and society at large. I can say without hesitation that Burns-Wallace has a better understanding of cybersecurity than most public- and private-sector CIOs, CTOs or other cabinet-level executives around the world.

The title of the presentation from Dr. Burns-Wallace, who also serves as the Kansas secretary of administration, was “Cyber Threats to the State and the Opportunities We Have.” Using an abundance of data, she outlined the surge of cyber attacks against governments, new cyber threats we are facing at all levels of government and education, workforce development challenges in attracting and retaining talent in Kansas, and most of all, the imperative to get solutions right for the medium to long term.

Dr. Burns-Wallace described what is at stake and what remains to be done as Kansas moves forward, referencing the Kansas Executive Branch 3-Year IT Plan that was released on Oct. 1, 2022.

The events of the day were led by Jeff Maxon, who is the Kansas CISO and one of the top government CISOs in the country. You can learn more about him in this blog interview. Jeff did an outstanding job of including all sectors in the audience and engaging frequent discussions on a wide range of topics and audience questions.

In addition to the audience interactions during my own keynote covering true ransomware stories from around the world taken from my book Cyber Mayday and the Day After, I thoroughly enjoyed sessions on:

• Cyber Recruitment and Workforce Development
• 184th Wing Cyber Capabilities
• Cyber Resources Available to Public-Sector Panel Discussion

The workforce development topic was unique in that it highlighted the outstanding work being led by Sharmelle Winsett at KC Scholars. There are many programs in Missouri and Kansas that will help grow the cybersecurity workforce in various ways.

According to their website, KC Scholars:

• Awarded more than 3,000 traditional scholarships for 11th graders, enabling students to earn their college education with little to no debt.
• Provided nearly 1,000 adult learner scholarships for high school graduates to go back to college and finish their degree.
• Given more than 1,000 high school students a KC Scholars’ College Savings Match award helping them actively save for their college futures while learning financial literacy.

One cyber resources discussion highlight was led by Karen Sorady, who is the VP of MS-ISAC member engagement and former New York state CISO. Karen did a great job of walking through all of the free resources offered by the Multistate Information Sharing and Analysis Center (MS-ISAC), some of which I have articulated in previous blogs, such as the mentoring program and the networking opportunities for state and local governments.

You can learn more about the Kansas Cyber Summit, see pictures from the event and interact with attendees at this LinkedIn post from the Kansas Office of Information Technology Services.

ANOTHER GREAT MICHIGAN CYBER SUMMIT FOR 2022

The Michigan Cyber Summit has been a top annual cybersecurity event for more than a decade, and this year’s did not disappoint. The first Michigan Cyber Summit in 2011 featured speakers like former Gov. Rick Snyder; U.S. Department of Homeland Security Secretary Janet Napolitano; Howard Schmidt, White House cybersecurity coordinator and special assistant to the president; and U.S. Reps. John Dingell, Mike Rogers and Hansen Clarke.

As Michigan CSO at the time, I wrote about being "backstage" at that event in October 2011, and you can read about that here.

This year’s Michigan Cyber Summit was sold out again, and the event had an amazing line-up of speakers from across the country on a wide range of topics. The program lays out the details on these keynotes. Here's just a small sample of sessions:

Fireside chat - Join our experts for a fireside chat to touch on the hottest topics in the cybersecurity ecosystem. The discussion will include the latest issues, threats and innovations in cybersecurity protection. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency; Laura Clark, chief information Officer, Michigan Department of Technology, Management and Budget. (Note: U.S. Sen. Gary Peters (D-MI) also joined this session as a special guest.

• Panel discussion: Automotive IoT – A conversation on connectivity and the cybersecurity ecosystem in Michigan. Not since the days of Henry Ford has the automotive industry experienced such vast and dynamic change. The evolution of connected and automated cars, intelligent infrastructure and the advancement of artificial intelligence and machine learning has placed cybersecurity in the heart of the future mobility movement. This panel of cyber mobility professionals are pioneering a new digital era and tackling tough topics including automotive cybersecurity, smart cyber policymaking, automotive cyber crime, and preparing the next generation of cyber workforce while recognizing the value of hackers.

Moderator: Jennifer Tisdale, CEO, GRIMM

• Panelists: Kelly Bartlett, connected and automated vehicle specialist, Michigan Department of Transportation; Kristie Pfosi, executive director of product cybersecurity, Aptiv; Ronald Kraus, cyber specialist, Michigan State Police; Samir Tout, Ph.D., Professor, Information Security and Applied Computing, Eastern Michigan University/GameAbove College of Engineering and Technology

• Featured speaker - Chris DeRusha, federal chief information security officer, Office of Management and Budget and deputy national cyber director for federal cybersecurity, Office of the National Cyber Director

• Panel discussion: Working together to transform cybersecurity A discussion with state and local chief information officers on the hottest topics on the forefront of cybersecurity. Topics will include the cybersecurity workforce and how to obtain, train and retain talent. The importance of working together across the state and region to define best practices and provide opportunities to partner for funding. Insight into how CIOs are managing and balancing the ever evolving risk as well as responding to threat activity and cyber disruption will also be discussed.
  Moderator: Doug Robinson, executive director, National Association of State Chief Information Officers
  Panelists: Tracy Barnes, chief information officer, state of Indiana; Laura Clark, chief information officer, Michigan Department of Technology, Management and Budget; Katrina Flory, state chief information officer/assistant director, state of Ohio; Hector Roman, chief information officer, Wayne County; Joshua Spence, chief information officer, West Virginia Office of Technology; Art Thompson, chief information officer, city of Detroit

There were many highlights from the cyber summit sessions throughout the day, but here are a few of my top notes:

• Election security remains a top priority, and states and CISA are working harder than ever to protect your vote, deal with insider threats and address the misinformation surrounding elections. This rumor and reality website can help from CISA. Also, see CISA’s Shields Up website on cyber threats.   
• Cybersecurity is mainly a people issue, with many individual aspects that must be addressed. Everyone needs to get involved for Cybersecurity Awareness Month and year-round. We need a “Neighborhood Watch” for cyber.
• Cyber tools and capabilities are rapidly evolving, threats growing globally, including nation-state threats from Russia and China.     
• We all need to give CISA, NIST and DHS feedback.

From State and Local CIOs:

• Top priority is workforce development in cyber.
• The government team in Ohio is hiring laid-off staff from other tech companies in Ohio.
• Many states are removing degree requirements for good cyber jobs.
• There is not a high level of confidence in the overall level of cyber defenses at state or local level.
• “Cyber is not a problem to be solved, but a risk to be managed,” said Josh Spence, CIO of West Virginia.
• Legacy technology replacement challenges remain huge.
• ID management is a big deal.
• From Tracy Barnes, CIO of Indiana: “Process improvements help with cyber tools and turnover by ensuring continuity during uncertain times.”
• New large-scale attacks and cyber incidents need to be tackled with statewide cyber tabletop exercises, said Laura Clark, CIO and CISO of Michigan.
• Art Thompson, CIO for Detroit is very happy with cross-government coordination and partnerships in Michigan.  

FINAL THOUGHTS

It was a whirlwind week for me, but so great to make new friends in Kansas and reconnect with longtime friends in Michigan from across industry verticals.

I think Kansas is well on the way to creating many new successes that cross agency and government silos, and it will be amazing to see where they are in a decade.

And across all states, the upcoming elections will have major impacts on technology and security programs, with people continuing to offer the greatest opportunity for successes and failures.