There were two major cybersecurity summits in the USA this past week, but only one central message. Whether talking elections and a new DHS risk management center in New York City or discussing cars and trucks and autonomous vehicles in Detroit, cyber-risk management took center stage.
At a Cyber Summit in NYC this past week, the Department of Homeland Security (DHS) announced that they are establishing a new joint center to provide a centralized home for collaborative, sector-specific and cross-sector risk management efforts to better protect critical infrastructure. The fact sheet regarding this new DHS Center can be seen here.
Here is a quick summary of key points regarding the National Risk Management Center, which will create a cross-cutting risk management approach between the private sector and government to improve the defense of our nation’s critical infrastructure.
Here are some of the media top stories from the NYC Summit:
Also on Tuesday, senators Maggie Hassan (D-New Hampshire) and Rob Portman (R-Ohio) announced a bill to that effect. The so-called DHS Cyber Incident Response Teams Act of 2018 seeks to establish permanent “cyber hunt” and “cyber incident response” teams within DHS. These groups would work on cybersecurity defense for federal agencies and private entities and help respond to incidents.
"By encouraging private sector collaboration with the cyber response teams, this bill will help leverage the expertise of both the public and private sectors to help prevent cyberattacks from happening in the first place and mitigate the impacts when they occur," said Hassan in announcing the bill; the House of Representatives already passed its version several months ago.
Speaking to cybersecurity pros attending the DHS Cybersecurity Summit in New York, Nielsen said, “A Category 5 hurricane has been forecast. And now we must prepare."
2nd Billington Global Automotive Cybersecurity Summit in Detroit
Just a few days, later on Friday of this past week, another cybersecurity summit was held in Detroit to discuss our autonomous future and cybersecurity in connected vehicles now. Wardsauto.com reported:
“As General Motors moves toward its vision of zero crashes, zero emissions and zero congestion, GM President Dan Ammann says the automaker and its Cruise self-driving vehicle unit now are investing substantial resources to protect all of the company’s products from hackers.
Moreover, the entire automotive industry has a stake in cybersecurity as it moves toward an age of autonomous vehicles, Ammann says.
‘Autonomous vehicles can provide a major benefit to society,’ he says.
But one incident involving a security breach in an autonomous vehicle could cripple the future development of AVs at every company, Ammann says.
GM’s effort begins with a commitment to hiring more technical talent to address the challenges. In addition, GM engineers every vehicle to protect against cyber threats from the ground up.”
According to Automotive News: "We need robust risk management processes and a cybersecurity culture" that works to identify vulnerabilities and risks, said Heidi King, deputy administrator of NHTSA. "It's about anticipating the unexpected and being ready."
Keynote speeches were given numerous industry leaders and government leaders. Here are four keynotes — from Sec. Michael Chertoff, GM President Dan Ammann, U.S. Sen. Gary Peters from Michigan and NHTSA's Heidi King keynote, Is Cybersecurity Standing in the Way of Public Confidence? — who discuss cybersecurity from a risk management approach.
Former Department of Homeland Security (DHS) Secretary Michael Chertoff
GM President Dan Ammann on Auto Cybersecurity — “Safety and Cybersecurity Are One and the Same”
U.S. Sen. Gary Peters Keynote Congressional View on Automotive Opportunities and Issues Facing Congress
Deputy Administrator Heidi King from the National Highway Traffic Safety Administration (NHTSA) on: "Is Cybersecurity Standing in the Way of Public Confidence?
What Does Management of Risk Look Like in a Cybercontext?
So what exactly is risk management — and how does it work in the context of cyberthreats?
There are a variety of approaches for managing cyber risk. One IBM approach, which is outlined by DefenseSystems.com here, is called PRISM. This stands for "Prioritize, Resource, Implement, Standardize and Monitor."
According to their report, implementing PRISM is a multi-step process:
Other cyber-risk management details were described by many of the sessions at these two cybersummits — but the topic kept surfacing with almost every speaker. I encourage readers to examine the session outcomes and detailed reports. Also, watch these remarks from our nation’s top leaders on YouTube, which provide a good snapshot of where we are on these important cybersecurity issues.
I think several milestones were accomplished this week at these two cybersummit events. A common message at both events: A focus on risk management when measuring cybersecurity protections is vital.
I participated in the 2nd Billington Global Automotive Cybersecurity Summit as a main session panel moderator. Just as in 2016, I felt a sense of urgency regarding cyberchallenges facing our nation and the world in areas ranging from elections, to cars, to every part of critical infrastructure. The supply chain cyberproblems are immense, and it is clear that more needs to be done by both the OEMs and the suppliers.
Another thing is clear, stronger public-private partnerships must be forged to share real-time cyberthreat information and intelligence. The private sector is stepping up in the critical infrastructure areas, and so DHS is creating a new risk management center and action plans.
While progress is clear, there will certainly be security setbacks. Just a few weeks ago, a large data breach exposed trade secrets of carmakers GM, Ford, Tesla and Toyota when a publicly available server at Level One Robotics was accessed by a researcher.
These cybersummits offer a helpful glimpse of where we are as top industries in protecting are most vital national businesses, infrastructures, assets and people in the summer of 2018.
Watch and learn — and get engaged now.