As state government leaders left Shreveport, Louisiana, this week to return home, there was a sense of how far the nation has come regarding cybersecurity — tempered by a recognition of how much more needs to be done.
The National Governors Association Center for Best Practices held their third National Summit on State Cybersecurity from May 14-15, 2019 at the Shreveport Convention Center.
The unique event convened state homeland security advisors, chief information officers, chief information security officers, governors’ policy advisers, National Guard leaders, and others from 50 states and territories to explore cybersecurity challenges and promising practices. Over the course of two days, participants engaged in a series of interactive sessions and breakouts to discuss countering the newest threats, disruption response planning, workforce development, and much more.
Coverage of the event was widespread. Here are a few of the headline stories that came out of the event (with embedded videos from the summit):
This radio interview after the event highlights many of the regional cybersecurity topics being addressed at the national summit.
Cyber Summit Agenda Items
So what topics were on the agenda? Here’s a sampling from Day 1:
On Day 2, here were some of the highlights:
The sessions were packed with best practices, case studies, opportunities for improving cybersecurity in different areas and much more.
You can visit this NGA resource center for best practices in state cybersecurity to learn more details. There are numerous guides, case studies, sample memos and more in areas such as governance, response planning, critical infrastructure, cybersecurity controls, cybercrime and other topics.
In a related topic, this article from Government Technology magazine also offers details on how Arkansas is taking aggressive measures to shore up cybersecurity.
My Favorite Sessions
I was involved in the summit as a moderator for the breakout session on coordinated vulnerability disclosure programs. For those who want to learn more on that topic, see this blog.
My two favorite sessions at the 2019 National Cyber Summit on State Cyber Security were the interview with Dan Geer and the presentation by Chris Krebs.
Here are a few of my highlights from the Dan Geer interview (some words may be slightly paraphrased).
While this session is from another event in 2018, this interview provides a good sense of the dialog that occurred with Dan Geer.
The keynote session with Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency in the U.S. Department of Homeland Security, was also fascinating.
He described the actions of Russia in 2016 as game-changers in the history of cybersecurity, because the hacking was not just for data, but was an attempt to undermine democracy. He described excellent progress on election cybersecurity, with more actions coming soon.
Krebs stated that serious threats were not just from nation-states. Ransomware and a host of other cyber trends were top priorities. He reiterated many of the same themes that he presented at the RSA Conference 2019 in San Francisco. You can see that RSA presentation below to get a sense of his style and content.
Hats off for Jeff McLeod, the director of NGA’s Homeland Security and Public Safety Division, and also Maggie Brunner, program director for the Homeland Security and Public Safety Division for the NGA Center for Best Practices, who organized and ran this event. Extremely well done!
Also, the National Governors Association (NGA) Resource Center for State Cybersecurity is co-chaired by Arkansas Gov. Asa Hutchinson and Louisiana Gov. John Bel Edwards, and both leaders (and their teams) really strengthened and supported the event in numerous ways.
I found the networking and level of discussions to be outstanding, with experts and cyber leaders from numerous state governments involved in some way. Involvement from academia, police, technology, homeland security and many other areas of local, state and federal government was unique. The priority focus on how cybersecurity impacts election security, workforce development, economic development and other areas of public-private interaction was outstanding, in my opinion.
In short, our challenges are great in cybersecurity, but the opportunities are also numerous in every area of life.