October was cybersecurity awareness month, with the subject making an appearance at the Department of Technology’s Vendors Forum, on Twitter and even as the star of its own Education Summit. Events such as the Assembly Panel on the Equifax breach echoed the importance of improving cybersecurity practices.
Techwire covered the topic with recommendations from the public and private sectors. Here are the takeaways from the month.
Collaboration across agencies is an important step towards a cohesive and complete cybersecurity landscape, according to Amy Tong, California's CIO; Marybel Batjer, secretary of Government Operations; Mark Ghilarducci, director of the Governor's Office of Emergency Services; and Christine Miller, CIO of California State University, Sacramento, who all spoke at the opening event of the Cybersecurity Awareness Education Summit on Oct. 10.
GovOps and Cal-CSIC are key in leading this effort, through job reclassification, job training, and keeping an eye on federal and local current events.
Cal-CSIC, which was created by executive order in 2015 by Gov. Jerry Brown, was not codified as a state statute under AB 1306 by a veto from the same governor. Brown felt the bill would limit, instead of secure, the center’s ability to pursue and protect against cyberattacks. The bill’s author, Assemblyman Jay P. Obernolte, R-Big Bear Lake, believed the bill would have strengthened the center through federal homeland security grant fund use.
While many cybersecurity issues stem from computer-related risks, other forms of information transmission are an issue as well. Several private-sector companies told Techwire their concerns about protecting hard copy data. Automating data collection was one solution discussed. Even so, encryption may not protect all an entity’s information, especially if a hacker has internal knowledge of that institution. Another non-tech concern was the loss of technology, such as leaving a laptop or mobile device behind somewhere.
Encryption and multi-factor authentication (MFA) to protect such devices were hot topics throughout the month as well. Building MFA into NIST and FedRAMP standards could help create more secure apps for the public and private sectors. Along with encryption, enhancing visibility would improve awareness of a risk, reducing the chance of a zero day attack.
Assemblymember Blanca Rubio, D-San Gabriel Valley, believes education is a key component in heightening security, but she does not shy away from new legislation to facilitate private- and public-sector cooperation.
Education and regulation are not enough though.
“Compliance,” Bob Smock, a private-sector vice president of consulting, security and risk management said at the Cybersecurity Awareness Summit, “does not equal security.”
