But the current vulnerabilities have also created opportunities to share information and train people to fill an estimated 600,000 future cybersecurity jobs across the country, state experts said Monday during a forum at the University of Connecticut School of Business.
"If I was a bad actor, I would think I'd go after the low-hanging fruit" presented by smaller towns in the state, said Gov. Ned Lamont. "I would assume that they would be a little less sophisticated when it comes to cyber protections. I would worry that that's a back door into the Department of Revenue Services or your financial entity, or your utility. I assume this is a really good way to check on those doors that are left ajar and to make sure they're locked. That makes an awful lot of sense to me. Get on-board with these skills. You're going to have to learn these skills. It's an incredibly important skill set to have. There's a guaranteed job."
Lamont said state officials deal with such Internet-based attacks every day. "We have pretty good visibility across state government. We didn't have that before and we've moved more and more of our information up to the cloud, so we have a higher level of sophistication. Being able to play defense is just incredibly important to the ongoing operation of our companies."
Various state entities have been targeted by computer criminals, from hospitals to $6 million recently stolen from the New Haven school district. "I'm terrified," Lamont said. "We're constantly under attack. I see Eversource. I see what a hack there could mean to the state, short-term and long-term."
Michelle Gilman, commissioner of the state Department of Administrative Services, which heads the state's IT services, stressed that for starters, residents, government and industry should use tougher passwords and to change them on a regular basis. "It's really to protect us and to protect our information, our security, and any data behind the scenes that we're utilizing," Gilman said. She also warned that so-called phishing schemes, in which innocent looking emails can lead to hacking into people's lives, bank accounts and credit cards, are on the rise.
"Emails that look official oftentimes are not and we need to very sensitive to those emails that look suspicious," Gilman said. "Take a pause before clicking on that link. Phishing is probably one of the highest-level priorities that we deal with at DAS and throughout state agencies." Security upgrades and updates are very important to join, Gilman said.
The growing use of Artificial Intelligence in cyber crimes, means it will also become a major tool in repelling cyber attacks. "It's basically a fight between bad players who use AI, and we have to ultimately use AI in our defenses," said Kazem Kazerounian, dean of the UConn School of Engineering, during the hour-long panel discussion.
He noted that there are 15 courses in cybersecurity at UConn, with there plans for offering majors in it. For about 10 years, UConn's Center for Voting Technology Research has helped the Office of the Secretary of the State to stay up to date on security of databases and has assisted in policy making. The center developed software that double checks polling place scanners. "Our center has become a national leader in the science of what they call risk-limiting audits," he said.
"You know when you look at cybersecurity, we value it and measure it by two metrics: one is the value of the target and the second one is the size of the surface attack," Kazerounian said. "When you look at election systems, they are both extremely large. What makes it even worse is that an attack can succeed by simply creating a perception of success."
"It's an incredibly complex business," said Mark Raymond, the state's chief information officer who led the panel of eight people in a second-floor meeting room in downtown Hartford. He noted that nationwide, October is being called Cybersecurity Awareness Month. "The concept of cybersecurity is a rapidly changing field," he said. "The demands that we see on a day-to-day basis, the risks that come our way, the amount of technology change and the amount of cybersecurity risk that all comes together, really makes for a dynamic and changing environment."
Brenda Bergeron, deputy commissioner of the state Department of Emergency Services and Public Protection, said a multi-year, multi-million-dollar federal grant has allowed teams of personnel from the Connecticut National Guard to review the cyber defenses of 159 of the state's 169 towns and cities. Initially, the goal is to get local governments to meet a minimal level of security against possible computer crimes.
"Some towns just don't have the staff," Bergeron said after the forum. "It's an effort from the federal level, but we're building on it to help the smaller towns get up to that minimum standard." The state is developing a list of standards for municipal government. Other forum participants included Chris Lee, chief information security officer for Eversource.
Sabrina Tucker-Barrett, president and CEO of the Hartford-based Girls for Technology, said women from under-resourced communities between the ages of 18 and 29 participate in 10-week training sessions that include sections on cybersecurity, "and we're able to pipeline them in to our corporate partners."
On Friday, there will be a day-long event at Central Connecticut State University called Cyber Nutmeg, during which local government officials, school superintendents, IT and cybersecurity profssionals will participate in a variety of activities including an exercise in detection and discovery.
Co-sponsored by the Connecticut Education Network, the event will include a briefing from the FBI, Homeland Security, and CT Counter Terrorism and Intelligence (CTIC), as well as training workshops.
©2023 the Connecticut Post, Distributed by Tribune Content Agency, LLC.
