Here are a few of the key takeaways from the event:
COMMUNICATION AND COLLABORATION
The calls from the highest echelons of state government down to the operational cybersecurity experts had a unified message — rather, a plea — to streamline how the state, local government and industry communicate around active threats. By their own admission, cyber leaders are looking for industry’s help, whether that be through traditional procurements or ad hoc conversations about how to do things better.
State CISO Vitaliy Panych wants the private sector to weigh in on the next iterations of the Cal-Secure road map. That document serves as a foundational strategy across state government. Cal-Secure 2.0 is currently in the works, and now is the time to provide input, officials told attendees.
Experts from the FBI, the Governor’s Office of Emergency Services and the California Highway Patrol talked at length about the need for proactive involvement in not only securing systems through penetration testing and system evaluations, but also emergency preparations and post-incident communications. All of these organizations have a broad pool of resources and services for other agencies and the private sector to draw from.
MANAGING THIRD-PARTY RISK
One prominent discussion, which Industry Insider will cover in more detail next week, centered on managing the risks created when the public and private sectors partner up. The state is very cognizant of the risks in this area, carefully weighing the risk-to-benefit ratio of partnering with vendors.
Experts from both the public and private sectors urged vendors to evaluate their systems and data exposure before asking the state to grant access to systems. Vendors should also be prepared to prove they have the right access management processes in place to take immediate action when staffing changes or a contractor moves off a project.
FEDERAL LEGISLATION
One of the concerns leveled at the conference was the September expiration of the federal Cybersecurity Information Sharing Act of 2015, which protected individuals sharing cyber threat indicators with authorities from liability. Experts and speakers at the event said the law’s expiration could have a chilling effect on threat sharing unless it’s renewed by Congress in short order.
*The California Cybersecurity Education Summit is hosted by Government Technology, Industry Insider — California's sister publication.
