Strengthening Cybersecurity Requires a Multilayered Approach

panel presents on cybersecurity at the MACo conferenceThe MACo Tech Expo kicked off the annual summer conference on Wednesday and included a discussion with an expert panel about how counties can better protect against ever-increasing cybersecurity threats.

Senator Katie Fry-Hester moderated the well-attended session that featured speakers that touched on four different aspects of enhancing cybersecurity.

Pete Hammes, Managing Principal for Professional Security Services at Verizon focused on network segmentation. He encouraged counties to look at how they can improve both security and performance, while better controlling access to sensitive or private information within the network, through better segmentation. Pete also encouraged counties to review the annual Data Breach Investigations Report that Verizon releases each year that provides key insights on cyberthreats across its wide network of services and customers.

Conference attendees were encouraged not to forget supply chain security when assessing their vulnerability by Attila Security CEO Gregg Smith. Gregg cited several examples of large organizations who suffered serious data breaches due to infiltration through a small supplier and provided actionable recommendations on how to improve the assessment of the companies that have access to county networks. Gregg also reminded counties that the Cybersecurity Association of Maryland has a Cyber Swat Team that is available to assist counties free of charge in the event of a major security breach.

Steve Wilson, the Chief Technology Officer for Howard County Fire and Rescue Services offered a direct county perspective on cybersecurity issues. He acknowledged that the most difficult part of the network to secure is the people using it. Steve noted that increased security requires increased support as more users need education and training or help when they get shut out of a system. Steve encouraged county leaders to invest human IT professionals in a way that is commensurate with hardware and software investments.

Finally, Andrew Weidenhamer, National Security Testing Leader at RSM US shared with the audience key takeaways from the recent Black Hat Def Con conference and focused on how the advancement of artificial intelligence and machine learning are allowing more effective social engineering attacks. Scammers are now using powerful AI technology to mine information from a user’s public profiles, applying linguistics analytics, and then applying the results to the Big 5 personality trait framework in order to create highly individualized and effective phishing and other cyber attacks. He recommended counties continue to evolve their employee training to be able to protect against such sophisticated personal attacks.

An extended conversation took place during the Q&A about the shortage of cybersecurity professionals necessary to meet demand and the need for increased cyber education opportunities. The shortage of IT professionals is especially pronounced in local government, where salaries often do not compete with those in the private sector. Senator Fry-Hester shared that she would be introducing legislation in the coming year to provide loan repayment options for students who work in government service for a period after graduation, in hopes of addressing the IT workforce shortage.