IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

How Organizations Can Build More Resilient Cybersecurity Frameworks

During the recent Southern Florida Digital Government Summit, local government and industry experts discussed some of the latest trends in cybersecurity and how local government organizations can cultivate strong and resilient cyber frameworks.

Businessman working on a futuristic tablet that says, "Cyber resilience" on it with symbols of locks and different graphs.
Last week, during the Southern Florida Digital Government Summit*, officials from government, academia and industry discussed how organizations can build more resilient cybersecurity frameworks.

Panel moderator Hansa Bernal, senior national conference director for Government Technology, led the discussion among Miami-Dade County’s Chief Information Security Officer Lars Schmekel; Florida International University Assistant Professor Donavon Johnson; and HP Federal Chief Technology Officer Tommy Gardner.

Below are a few key takeaways from the panelists:

Secure critical infrastructure as much as possible. “We have a significant amount of critical infrastructure out there, and more and more, we have seen directed attacks,” Schmekel said. “We’ve seen them attempt to take out water treatment plants; we saw the result of the attack on the gas pipeline. Elections are also considered a critical infrastructure sector, and as we get closer to elections, we will be heightening our capabilities, response, and monitoring of the sector.”

Regarding the latter, Schmekel emphasized the importance of receiving credible threat intelligence from federal and local government partners.

“Through [ the Cybersecurity and Infrastructure Security Agency] and MI-SAC, the Multi-State Information Sharing and Analysis Center, as well as through our own managed security operations services that we take advantage of, they’ll tell us of chatter they’re picking up, and then we’ll direct our attention to those types of events on our systems,” Schmekel said. “Keep in mind that many of these systems are or should be isolated. ”

“It’s a good idea to audit your systems,” Schmekel added, to ensure everything works properly and is secure.

Upskill your workforce. “Public organizations, in terms of risk and workforce development, should focus on upskilling as their main state of ensuring cybersecurity resilience,” Johnson said. “We can invest a lot in technology, which is important — don’t get me wrong, it’s important — we need new technology. We need relevant technology, but we also need the right people sitting behind those technologies and in front of that technology. The individuals who work for us are our major or most important firewall. If public organizations can do nothing else, upskill and reskill.”

If upskilling is already underway, Johnson also recommends investing in technology to protect critical information and building partnerships with the private sector.

“I find it too common that public organizations are sometimes siloed,” Johnson said. "They don’t work with each other, and interoperability becomes an issue because, ‘I can’t transfer something to you safely because we’re on two different kinds of systems, and so the alternative exposes us.’"

He emphasized the importance of forming partnerships between government entities, private entities, non-governmental organizations, and educational institutions as a potential solution.

Will AI impact humans' role in cybersecurity? Countering Johnson’s point of upskilling, Gardner argued that focusing on the human aspect of cybersecurity was correct two years ago. Now, however, he explained AI has changed the human role in cybersecurity.

For example, “AI has taken the human out of the loop in operations, and the human has to be there in writing the algorithms and the code, and that is a major shift,” Gardner said. “We had 80 billion attempts to download ransomware at HP last year, and zero were successful.” The reason for this, Gardner explained, is due to software HP purchased from the University of Cambridge that acts as a micro-virtualization by isolating applications from the hardware they run on to create a more secure environment.

“It’s a technology that allows 1,000 machines to come up anytime somebody clicks a link, and it can be a Word document, it can be a photo, it can be a spreadsheet or a web page, and so the malware can’t get through 1,000 virtual machines, each designed to do one task,” Gardner said. “And that’s just one example.”

*The Southern Florida Digital Government Summit is presented by Government TechnologyIndustry Insider — Florida’s sister publication.
Katya Diaz is an Orlando-based e.Republic staff writer. She has a bachelor’s degree in journalism and a master’s degree in global strategic communications from Florida International University.