Updates from the Resource Center for State Cybersecurity team, October 31, 2022
Save the Date! Webinar: Zero Trust in Practice
Thursday, December 1, 2022 | 3:00 – 4:00 P.M. EST
Many cybersecurity professionals consider the Zero Trust framework the gold standard for implementing a strong information security practice. One of the reasons Zero Trust is held in such high regard is its multi-faceted approach that combines metrics from devices, networks, data, applications, and user identities to dictate access to business resources. Although Identity is one of the five pillars in NIST and CISA’s foundation for Zero Trust, Identity is the cornerstone that determines the success of any Zero Trust implementation. Please join the National Governors Association as we host Shane Dwyer, CISO for the State of Iowa; Adam Ford, CISO for the State of Illinois; and Mitch Spaulding, Senior Solutions Engineer at Okta, to discuss the importance of Identity in the Zero Trust model, the successes that the States of Iowa and Illinois have seen after solving for the Identity pillar of Zero Trust, and future use cases for Identity in their states.
Speakers:
- Shane Dwyer, State Chief Information Security Officer, Iowa
- Adam Ford, State Chief Information Security Officer, Illinois
- Mitch Spaulding, Senior Solutions Engineer, Okta
For more information please contact Casey Dolen, Senior Cybersecurity Policy Analyst, at cdolen@nga.org.
Cybersecurity Resources
- Cross-Sector Cybersecurity Performance Goals | CISA October 27, 2022
- Banned in D.C.: Examining Government Approaches to Foreign Technology Threats| Center for Security and Emerging Technology October 26, 2022
- Tactics of Disinformation | CISA October 18, 2022
- The Biden-Harris Administration’s National Security Strategy | The White House October 12, 2022
- 2022 Deloitte-NASCIO Cybersecurity Study |October 8, 2022
- Time Guidance for Network Operators, Chief Information Officers, and Chief Information Security Officers | CISA October 4, 2022
State Cyber Watch
How Volunteers Can Support Government Cybersecurity| Route Fifty October 19, 2022
A growing number of states are establishing networks of volunteers to assist local government agencies, schools, small businesses, and nonprofits with cybersecurity incident response. Michigan, Wisconsin, and Ohio have some of the most robust volunteer groups and have seen benefits in terms of cybersecurity information sharing and upskilling.
Only 1 in 4 Election Websites Uses the .gov Domain. That’s a Problem – and an Opportunity| Center for Democracy & Technology October 19, 2022
Local election officials are in a strong position to debunk and respond to threats of misinformation ahead of the midterm elections (and beyond), but their ability to do so depends on the maintenance of a trusted web presence. One indicator of trustworthiness is whether an election website uses the .gov top-level domain, however, only 25% currently use them.
Governor Carney Announces DE’s Participation in CyberStart American and Cyber FastTrack | Delaware Department of Technology and Information October 12, 2022
Governor John Carney announced this month that high school and college students in Delaware can register for CyberStart American and Cyber FastTrack, which offer free, fun games aimed at improving cybersecurity skills. Students who perform well in the program can earn access to scholarships and advanced training.
Georgia Tech to investigate cutting-edge cyber security software and testing to foil enemy computer hackers| Military Aerospace Electronics October 12, 2022
Georgia Tech University was recently awarded a $22.7 million contract by the U.S. Defense Advanced Research Projects Agency to launch the Signature Management Using Operational Knowledge and Environments (SMOKE) project. SMOKE will measure real-time cyber threats and boost red team abilities. Georgia Tech will help the military incorporate cybersecurity as part of the computer design process and defeat hackers.
How One State is Trying to Prevent a Cybersecurity Workforce Shortage | Route Fifty October 11, 2022
North Dakota is preparing for a surge of retirement in the coming years and is turning its focus to early-career professionals. The state’s chief information security officer has led efforts to develop strategic partnerships with colleges and universities and offer apprentice and internship opportunities. His team has also moved to work fully remote and has removed degree requirements to help attract more job applicants.
Cyberattack takes down Colorado.gov homepage | Colorado Public Radio October 5, 2022
Colorado’s statewide website was taken offline earlier this month due to a cyberattack. While the outage was addressed, a temporary Colorado.gov webpage was created to ensure residents could still access critical government services. The cyberattack was thought to be carried out by Russian hacking group Killnet.
CommonSpirit US nonprofit health system discloses security incident | BleepingComputer October 5, 2022
CommonSpirit Health, one of the largest nonprofit health systems in the U.S., was impacted by an IT security incident – thought to be ransomware – that affected facilities across multiple states. The breach led to delayed surgeries, hold-ups in patient care, and caused patients to have to reschedule doctor appointments.
Governor Hogan Announces New State And Local Directors Of Cybersecurity | The BayNet October 4, 2022
As part of a cybersecurity legislative package passed earlier this year, Governor Larry Hogan announced two new positions: the Director of State Cybersecurity and Director of Local Cybersecurity. The Director of State Cybersecurity will work directly with executive branch agencies to help solidify and secure their IT systems and data and assist in developing standardized IT security policy and guidance. The Director of Local Cybersecurity will work in coordination with the Maryland Department of Emergency Management to provide improve cybersecurity preparedness across the state and will help administer State and Local Cyber Grant Program funding to local communities.
