The public sector is getting hit hard with cyber breaches and cyber extortion. There are several school districts, cities, and local governments dealing with attacks as you read this.
Ransomware and crypto-mining are ever-present threats for schools, emergency services, utilities, and any other publicly funded organization.
How do we begin to solve the challenges facing our local critical services, and lower the risk for public organizations?
Cybersecurity Threats Facing the Public Sector
Critical Insight's founder and CISO Mike Hamilton gave the keynote to a group of IT leaders in the public sector. In the 90-minute session, he provided recommendations on weathering the coming storms, including how to find funding sources for local government cybersecurity controls.
This keynote presentation was recorded on April 19, 2019, on the final day at the Association of County and City Information Systems (ACCIS) Spring Conference 2019. This year marks Mike’s 10-year anniversary speaking at ACCIS conferences; he was awarded Member of the Year by ACCIS in 2011.
On Critical Sectors and Bad Outcomes to Avoid:
“You can group all cyber into 3 bad outcomes: Records Disclosure, Theft and Extortion, and Service Disruption.” (8:00)
On Collateral Damage Caused by Nation States:
“The first one was WannaCry. Now we know that it was the country of North Korea.” (20:16)
On the need for Penetration Testing:
“I’ll throw USBs out in your parking lot and wait for someone to jack one in.” (35:56)
On Protective Controls and the need for Human Detection and Analysis:
“99% of what these things tell you is nothing—it’s the 1% that you have to tease out of there.” (38:56)
On How Detection and Response Can Reduce the Impact of a Breach:
“The impact of a compromise on your network could be ‘The helpdesk cleaned up a workstation.’ It can also be, ‘The FBI called, and all of our stuff is out there online for sale.’ And you actually are in a position to choose which one of those you do. I would really focus on that detection and response. ” (40:51)
On Smart City initiatives:
“Be careful. Technology leads policy—a lot.” (47:16)
About the Association of County and City Information Systems (ACCIS)
ACCIS is an organization composed of the IT practitioners, CIOs, and affiliate members of local governments within Washington state, including state agencies, districts, commissions, and ports. The association serves as a communication link between the Information Systems functions of the member agencies, and they represent local government interests to state officials.
ACCIS is also focused on membership awareness of legislation affecting data processing operations and technology, and education for county and city officers on roles and responsibilities of information systems departments. You can learn more about ACCIS here.
