During their opening remarks, acting state Chief Information Security Officer Vitaliy Panych and Jonathan Nunez, commander of the California Cybersecurity Integration Center, discussed the best strategies for entities to ensure their environments are as secure as possible. In his keynote address, Kelly Bissell, global security lead at Accenture Security offered a vision of how governments’ interaction levels with private sector may change with an evolving focus on authentication. Among the takeaways:
• Really know your terrain, Nunez advised virtual attendees at the fourth annual event, adding: “Maintaining visibility and awareness of your IT environment is critical. Knowing what to defend is really half the battle.”
• Do the basics well, he said, and maintain good IT hygiene by putting in place standards and best practices. “Over 95 percent of cyberattacks leverage poor network or system hygiene,” Nunez said.
• Know your adversary, the commander said. That means consulting one’s community and investing in threat intelligence — because understanding the threat is critical to mounting a successful defense.
• Be proactive and don’t wait until you’re in a bad position to act. Do compromise assessments regularly and “contextualize business-to-IT for a most holistic approach to cyber defense.” The onus is on us to create a safer Internet, Nunez said — and working together improves the outcomes and makes the journey faster.
• The state is “bolstering innovation with privacy and security baked in,” Panych said, as officials adapt to an ever-shifting security battle with adversaries who continually evolve their tactics — resulting in a new threat landscape: “And we’re playing in a brand new threat landscape.” State entities such as agencies and departments, he said, release new applications or business processes “on a cadence of almost about a week.”
• Departments and agencies are not, however, “operating in the fog of war,” he said, but are instead “constantly increasing innovation in our defensive tactics,” getting smarter on governance and using defensive tactics; and in wielding information sharing, intelligence and communication.
• Panych thanked the public, private and education sectors for joining the state in the “industry of cybersecurity,” noting that another name for it might be “the industry of operating in a controlled chaos.” He called education “something that we must invest in and invest in ourselves,” and the key to containing and mitigating security threats.
• Discussing identity and access management, Bissell said the future of identity is likely one’s mobile device — the central connection point for access. Acknowledging that governments currently do identity proofing, the global security lead said he thinks that process — already populated with forms of smartphone-based identification — will become increasingly electronic. And as our personal and work lives converge, a process accelerated by the COVID-19 pandemic, Bissell said he sees banks and utilities taking more active roles alongside government as proofing agents.
