I just came back from the Michigan Cyber Summit that was hosted by Governor Rick Snyder and Michigan CIO David Behen. This event was the launch site for the National Cyber Security Awareness Month with presentations from Congressmen Mike Rogers, John Dingell, and Hansen Clarke as well as Janet Naploitano, and White House Cybersecurity coordinator Howard Schmidt.
The themes for the day were best summed up by Congressman Rogers who stated that there were three types of companies and organizations: Those who have been hacked, those who don’t know they’ve been hacked, and those that will be hacked. I was quite impressed with Congressman Rogers’ and Governor Snyder’s comments around the cyber threats we face today. Both were obviously well informed on the issues, and it certainly made me feel a bit more comfortable knowing that our government leadership understands the importance of today’s cyber threats.
Several hundred government and business leaders attended the event, and throughout the day, we discussed the threats that we are facing from
Increased vulnerabilities that state and local government and small and medium business are facing.
This is due in large part to the fact that these organizations have typically not prioritized security issues because they did not see themselves as targets. With today’s advanced cyber threats, we are noticing that the state and local organizations are increasingly being targeted, because they are considered a soft target due to a lack of some of the more sophisticated cyber defenses that large corporations and the Federal government can afford to implement.
During the event, I had the opportunity to present on the impacts of cyber security threats to our nation’s critical infrastructure. I spoke about the unique threats that our critical infrastructure has to defend against and such as a coordinated attack on both physical and digital infrastructures. Just as the Stuxnet virus leveraged a cyber attack to damage physical assets, we are seeing an increase in cyber attacks to attack physical access control systems, video surveillance systems, and SCADA-based industrial control systems. SCADA systems are at a high risk for a cyber compromise, because they were not made to be on a typical corporate network and as such, were not designed to protect against cyber security attacks. Just think how a simple denial of service attack on a SCADA device that regulates the flow of electricity from a remote facility to a central power plant can impact and damage significant components at the power plant by causing the device to not respond or to send inaccurate data back to the command and control system.
The presentation focused on connecting the dots and making systems work smarter together. I recently wrote an article for GSN Magazine on big data analytics and connecting the dots. Big data analytics is the only way that we can connect the dots of literally billions of pieces of data and identify the top five to ten threats that we need to focus on right now. These sophisticated analytics allow us to become more proactive in our security defenses as opposed to the reactive posture that I see in many organizations today. By analyzing the data and connecting the dots, we can provide visibility to the real threats an organization faces 24 hours a day.